Technical Information
- C:\kms\services.exe
- C:\kms\c5b4cb5e9653cc
- %WINDIR%\schcache\firefox.exe
- %WINDIR%\schcache\0fc223bdacedc3
- C:\kms\firefox.exe
- C:\kms\0fc223bdacedc3
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\dwm.exe
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\6cb0b6c459d5d3
- %ProgramFiles%\windows defender\en-us\audiodg.exe
- %ProgramFiles%\windows defender\en-us\42af1c969fbb7b
- %TEMP%\odsbhmnxmo
- %TEMP%\atulsitydx.bat
- nul
- %TEMP%\odsbhmnxmo
- '89.##5.84.52':80
- http://89.##5.84.52/4Async/windows/PacketVideo_/GeoPollphp/40/ProtecttrackDownloads/Wordpress4Packet/linux7/protect/ApiprotectBaseWp/temporary8asyncAuth/EternalphpPacketGeoUpdateFlowerdownloads...
- 'C:\kms\firefox.exe'
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\atUlsitYDx.bat"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\atUlsitYDx.bat"
- '<SYSTEM32>\chcp.com' 65001
- '<SYSTEM32>\ping.exe' -n 10 localhost