Technical Information
- <SYSTEM32>\tasks\test12 daily trigger
- <SYSTEM32>\tasks\test11 daily trigger
- C:\users\public\罗梦琪.docx
- C:\users\public\system.exe
- C:\users\public\system.vbs
- C:\users\public\system1.vbs
- C:\users\public\1
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- 'C:\users\public\system.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\Users\Public\system1.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\Users\Public\system.vbs"
- 'C:\users\public\system.exe' ' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "C:\Users\Public\system1.vbs"' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "C:\Users\Public\system.vbs"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' url.dll,FileProtocolHandler C:/Users/Public//罗梦琪.docx
- '%WINDIR%\syswow64\rundll32.exe' url.dll,FileProtocolHandler C:/Users/Public//system.exe
- '%WINDIR%\syswow64\rundll32.exe' url.dll,FileProtocolHandler C:/Users/Public//system.vbs
- '%WINDIR%\syswow64\rundll32.exe' url.dll,FileProtocolHandler C:/Users/Public//system1.vbs