Technical Information
- 6d37702a.exe
- %TEMP%\6d37702a.exe
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\user.json
- %TEMP%\user.json
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ip.##eip.org
- DNS ASK b-##s.se
- '%TEMP%\6d37702a.exe'
- '%TEMP%\6d37702a.exe' /scomma %TEMP%\sample.txt
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Copy-Item -Path '<Full path to file>' -Destination '%TEMP%\6D37702A.exe';Start-Sleep -s 10;Start-Process '%TEMP%\6D37702A.exe'' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Copy-Item -Path '<Full path to file>' -Destination '%TEMP%\6D37702A.exe';Start-Sleep -s 10;Start-Process '%TEMP%\6D37702A.exe'