Technical Information
- %WINDIR%\explorer.exe
- %TEMP%\f964df49.exe
- <SYSTEM32>\usosvcxexz.dll
- %TEMP%\6bea8ab2-1881-4525-8026-62bccdfc33ae.bat
- %TEMP%\f964df49.exe
- http://yo#####engine.stnts.com/v1/plug/up?pl#############################################################################################################################
- http://ec##.#orkday360.cn/dock-admin/api/queryGameHelperConfigWeek?ci############################################################################################################################...
- http://ds##.#oolsabc.cn/?op###############
- DNS ASK ds##.#oolsabc.cn
- DNS ASK yo#####engine.stnts.com
- DNS ASK ec##.#orkday360.cn
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'MSTaskSwWClass' WindowName: ''
- ClassName: 'MSTaskListWClass' WindowName: ''
- '%TEMP%\f964df49.exe'
- '%WINDIR%\syswow64\svchost.exe' ' (with hidden window)
- '%TEMP%\f964df49.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /q "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\6BEA8AB2-1881-4525-8026-62BCCDFC33AE.bat" "' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del /q "<Full path to file>"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\6BEA8AB2-1881-4525-8026-62BCCDFC33AE.bat" "