Technical Information
- <Current directory>\9461a68410369b
- %WINDIR%\serviceprofiles\localservice\favorites\system.exe
- %WINDIR%\serviceprofiles\localservice\favorites\27d1bcfc3c54e0
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\lsm.exe
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\101b941d020240
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\lsm.exe
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\101b941d020240
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\firefox.exe
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\0fc223bdacedc3
- C:\kms\spoolsv.exe
- C:\kms\f3b6ecef712a24
- %TEMP%\r1myxygkbd
- %TEMP%\uzddhvm99c.bat
- nul
- %TEMP%\r1myxygkbd
- '18#####m.n9shteam1.top':80
- http://18#####m.n9shteam1.top/vmjavascriptcpuprocessorbigloadServerwindowstestlocaldownloads.php
- DNS ASK 18#####m.n9shteam1.top
- 'C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\lsm.exe'
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\uZddHVm99C.bat"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\uZddHVm99C.bat"
- '<SYSTEM32>\chcp.com' 65001
- '<SYSTEM32>\ping.exe' -n 10 localhost