Technical Information
- <SYSTEM32>\svchost.exe
- iexplore.exe process, crypt32.dll module
- firefox.exe process, crypt32.dll module
- iexplore.exe process, urlmon.dll module
- %ALLUSERSPROFILE%\application data\9329266b.exe
- %HOMEPATH%\ngd3092.tmp.bat
- DNS ASK vk.com
- DNS ASK yandex.ru
- '<SYSTEM32>\svchost.exe' Data\9329266b.exe' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%HOMEPATH%\ngd3092.tmp.bat" "<Full path to file>""' (with hidden window)
- '<SYSTEM32>\svchost.exe' Data\9329266b.exe
- '<SYSTEM32>\cmd.exe' /c ""%HOMEPATH%\ngd3092.tmp.bat" "<Full path to file>""