Technical Information
- <Drive name for removable media>:\dwm.vbs
- '<SYSTEM32>\wscript.exe' //B "%TEMP%\dwm.vbs"
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\dwm.vbs"
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\0RQW5TG.jpg
- '<SYSTEM32>\notepad.exe' <SYSTEM32>\Script.txt
- %TEMP%\dwm.vbs
- %TEMP%\0RQW5TG.jpg
- <SYSTEM32>\dwm.vbs
- <SYSTEM32>\Script.txt
- <Drive name for removable media>:\dwm.vbs
- %TEMP%\0RQW5TG.jpg
- 'bl#####tsec.sytes.net':1166
- 'localhost':1037
- DNS ASK bl#####tsec.sytes.net
- ClassName: 'Shell_TrayWnd' WindowName: ''