Technical Information
- [\Registry\User\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Explorer' = '%WINDIR%\SysWow64\explorer.exe'
- [\Registry\User\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Explorer' = '%WINDIR%\SysWow64\explorer.exe'
- [\Registry\User\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Explorer' = '%WINDIR%\SysWow64\explorer.exe'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Explorer' = '%WINDIR%\SysWow64\explorer.exe'
- '%TEMP%\projectsagsfumlcf.exe'
- %TEMP%\projectsagsfumlcf.exe
- %TEMP%\sdb2499.tmp
- %TEMP%\sdb2498.tmp
- %TEMP%\sdb26ae.tmp
- %TEMP%\sdb26ad.tmp
- %TEMP%\sdb2910.tmp
- %TEMP%\sdb290f.tmp
- %TEMP%\sdb2ad7.tmp
- %TEMP%\sdb2ad6.tmp
- %TEMP%\sdb2d0a.tmp
- %TEMP%\sdb2fbb.tmp
- %TEMP%\sdb3b1a.tmp
- %TEMP%\sdb2fba.tmp
- %TEMP%\sdb324c.tmp
- %TEMP%\sdb324b.tmp
- %TEMP%\sdb348f.tmp
- %TEMP%\sdb348e.tmp
- %TEMP%\sdb3701.tmp
- %TEMP%\sdb3700.tmp
- %TEMP%\sdb39a2.tmp
- %TEMP%\sdb3991.tmp
- %TEMP%\sdb2226.tmp
- %TEMP%\sdb2d09.tmp
- %TEMP%\sdb2237.tmp
- %TEMP%\sdb129e.tmp
- %TEMP%\sdbfeaa.tmp
- %TEMP%\sdbfea9.tmp
- %TEMP%\sdbcbf.tmp
- %TEMP%\sdbcaf.tmp
- %TEMP%\sdbe86.tmp
- %TEMP%\sdbe85.tmp
- %TEMP%\sdb10b9.tmp
- %TEMP%\sdb10b8.tmp
- %TEMP%\sdb129f.tmp
- %TEMP%\sdb14c3.tmp
- %TEMP%\sdb2003.tmp
- %TEMP%\sdb14c2.tmp
- %TEMP%\sdb1716.tmp
- %TEMP%\sdb1715.tmp
- %TEMP%\sdb1a43.tmp
- %TEMP%\sdb1a42.tmp
- %TEMP%\sdb1c48.tmp
- %TEMP%\sdb1c47.tmp
- %TEMP%\sdb1e0e.tmp
- %TEMP%\sdb1e0d.tmp
- %TEMP%\sdb2002.tmp
- %TEMP%\sdb3b19.tmp
- %TEMP%\sdbfeaa.tmp
- %TEMP%\sdb2498.tmp
- %TEMP%\sdb26ae.tmp
- %TEMP%\sdb26ad.tmp
- %TEMP%\sdb2910.tmp
- %TEMP%\sdb290f.tmp
- %TEMP%\sdb2ad7.tmp
- %TEMP%\sdb2ad6.tmp
- %TEMP%\sdb2d0a.tmp
- %TEMP%\sdb2d09.tmp
- %TEMP%\sdb2fba.tmp
- %TEMP%\sdb3b19.tmp
- %TEMP%\sdb324c.tmp
- %TEMP%\sdb324b.tmp
- %TEMP%\sdb348f.tmp
- %TEMP%\sdb348e.tmp
- %TEMP%\sdb3701.tmp
- %TEMP%\sdb3700.tmp
- %TEMP%\sdb39a2.tmp
- %TEMP%\sdb3991.tmp
- %TEMP%\sdb3b1a.tmp
- %TEMP%\sdb2499.tmp
- %TEMP%\sdb2fbb.tmp
- %TEMP%\sdb2226.tmp
- %TEMP%\sdb14c3.tmp
- %TEMP%\sdbfea9.tmp
- %TEMP%\sdbcbf.tmp
- %TEMP%\sdbcaf.tmp
- %TEMP%\sdbe86.tmp
- %TEMP%\sdbe85.tmp
- %TEMP%\sdb10b9.tmp
- %TEMP%\sdb10b8.tmp
- %TEMP%\sdb129f.tmp
- %TEMP%\sdb129e.tmp
- %TEMP%\sdb14c2.tmp
- %TEMP%\sdb2002.tmp
- %TEMP%\sdb1716.tmp
- %TEMP%\sdb1715.tmp
- %TEMP%\sdb1a43.tmp
- %TEMP%\sdb1a42.tmp
- %TEMP%\sdb1c48.tmp
- %TEMP%\sdb1c47.tmp
- %TEMP%\sdb1e0e.tmp
- %TEMP%\sdb1e0d.tmp
- %TEMP%\sdb2003.tmp
- %TEMP%\sdb2237.tmp
- %TEMP%\projectsagsfumlcf.exe
- 'sa##pic.su':80
- 'sa##pic.su':443
- 'pk#.goog':80
- http://sa##pic.su/5325497.jpg
- http://pk#.goog/gsr1/gsr1.crt
- 'sa##pic.su':443
- DNS ASK sa##pic.su
- DNS ASK pk#.goog
- DNS ASK re###sit.com
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdbFEA9.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb3991.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb3700.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb348E.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb324B.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2FBA.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2D09.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2AD6.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb290F.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb26AD.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2498.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2226.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2002.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb1E0D.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb1C47.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb1A42.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb1715.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb14C2.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb129E.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb10B8.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdbE85.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdbCAF.tmp"' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb3B19.tmp"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\PROJEC~1.EXE > nul' (with hidden window)
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdbFEA9.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb3B19.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb3991.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb3700.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb348E.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb324B.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2FBA.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2D09.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2AD6.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb290F.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb26AD.tmp"
- '%WINDIR%\syswow64\explorer.exe'
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2498.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2002.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb1E0D.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb1C47.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb1A42.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb1715.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb14C2.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb129E.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb10B8.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdbE85.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdbCAF.tmp"
- '%WINDIR%\syswow64\sdbinst.exe' -q -p "%TEMP%\sdb2226.tmp"
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\PROJEC~1.EXE > nul