Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'PCore' = '"<SYSTEM32>\cmd.exe" /c start "" "%WINDIR%\pcore\core.exe" /a'
- C:\1913663422149383867-1251080788.lnk
- %TEMP%\입사지원서-이선아.docx
- %WINDIR%\pcore\core.exe
- C:\-2061079053_2047997380.lnk
- %WINDIR%\pcore\core.kinf
- C:\1913663422149383867-1251080788.lnk
- C:\-2061079053_2047997380.lnk
- 'localhost':135
- DNS ASK ip###.gp-core.com
- DNS ASK ip###.gp-main.com
- '%WINDIR%\pcore\core.exe'
- '%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\입사지원서-이선아.docx"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C "%WINDIR%\pcore\core.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\입사지원서-이선아.docx"
- '%WINDIR%\syswow64\cmd.exe' /C "%WINDIR%\pcore\core.exe"
- '%WINDIR%\syswow64\cmd.exe'
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%TEMP%\입사지원서-이선아.docx"