Technical Information
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2 -w 1000
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\1.tmp.bat" > NUL
- chrome.exe
- firefox.exe
- %WINDIR%\Installer\{A50532F7-1D36-4875-A2C3-C0795B82749B}\{DC38BFC9-3749-4E8E-86EB-E1D9DC80718D}.xpi
- <SYSTEM32>\GroupPolicy\Machine\Registry.pol
- %TEMP%\1.tmp.bat
- %ALLUSERSPROFILE%\ntuser.pol
- <SYSTEM32>\GroupPolicy\gpt.ini
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\CREDHIST
- %WINDIR%\Installer\{ECB347B1-0973-4F37-BAFF-4A2F29E67360}\xhapbebaafipaebaaaaaaaaaaacaaaaiaml
- %WINDIR%\Installer\{ECB347B1-0973-4F37-BAFF-4A2F29E67360}\chapbebaafipaebaaaaaaaaaaacaaaaiarx
- 'www.ns##ock.net':443
- DNS ASK www.ns##ock.net