Technical Information
- '<SYSTEM32>\wscript.exe' "%TEMP%\thenewinvs.vbs" "%TEMP%\anothenwtshit.bat
- '<SYSTEM32>\tasklist.exe' /nh /fi "imagename eq notepad .exe"
- '<SYSTEM32>\find.exe' /i "notepad .exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\anothenwtshit.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ru3211.bat" "
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\thenxetnestar.bat
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- <SYSTEM32>\cmd.exe
- %TEMP%\ru3211.bat
- %TEMP%\thenxetnestar.bat
- %TEMP%\thenewinvs.vbs
- %TEMP%\anothenwtshit.bat
- %TEMP%\newrunn-.txt