Technical Information
- firefox.exe
- %ALLUSERSPROFILE%\installed updates.{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}\bhvidpsc.exe
- %ALLUSERSPROFILE%\installed updates.{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}\.honest_decript
- %ALLUSERSPROFILE%\installed updates.{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}\secure.sys
- %ALLUSERSPROFILE%\installed updates.{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}\private.sys
- %ALLUSERSPROFILE%\installed updates.{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}\public.sys
- z:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\desktop.ini
- %TEMP%\prnallrp.sys
- %ALLUSERSPROFILE%\installed updates.{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}\.honest_decript
- 'ip###ger.org':80
- 'ip###ger.org':443
- http://ip###ger.org/1VLDa7.torrent
- 'ip###ger.org':443
- DNS ASK ip###ger.org
- '%ALLUSERSPROFILE%\installed updates.{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}\bhvidpsc.exe'
- '%WINDIR%\syswow64\cscript.exe' //E:JScript "%TEMP%\PRNALLRP.SYS"
- '%WINDIR%\syswow64\cmd.exe' /C CSCRIPT.EXE //E:JScript "%TEMP%\PRNALLRP.SYS"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C CSCRIPT.EXE //E:JScript "%TEMP%\PRNALLRP.SYS"