Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /IM SecureAccessNotification.exe /F
- %TEMP%\nsxfbcc.tmp\nsexec.dll
- %WINDIR%\temp\cab2ae.tmp
- %WINDIR%\temp\tar2af.tmp
- %WINDIR%\temp\7aacf.mst
- %WINDIR%\temp\cab2ae.tmp
- %WINDIR%\temp\tar2af.tmp
- %WINDIR%\temp\7aacf.mst
- 'microsoft.com':80
- DNS ASK microsoft.com
- DNS ASK st####.rapidssl.com
- '%WINDIR%\syswow64\wbem\wmic.exe' product where "Name like '%Microsoft Visual C++%'" get Vendor' (with hidden window)
- '%WINDIR%\syswow64\wbem\wmic.exe' product where "Name like '%Microsoft Visual C++%'" get Vendor