Technical Information
- <SYSTEM32>\tasks\cbbkkrusfizxr
- <SYSTEM32>\tasks\ozieznhqlwkzp
- %APPDATA%\exzodiddqpk.vbs
- %TEMP%\xmtcbqncfba.vbs
- %TEMP%\rpiyexihewqe.vbs
- 'st#####.googleapis.com':443
- 'microsoft.com':80
- 'st#####.googleapis.com':443
- DNS ASK st#####.googleapis.com
- DNS ASK microsoft.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\rpiyexihewqe.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\xmtcbqncfba.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\rpiyexihewqe.vbs"' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {7B1413CC-98DA-46F8-A1B6-377AD32E631B} S-1-5-21-1960123792-2022915161-3775307078-1001:ylikmyjasjv\user:Interactive:[1]