Technical Information
- iexplore.exe
- firefox.exe
- C:\users\public\documents\rgnr_5f8d012d.txt
- '<SYSTEM32>\wbem\wmic.exe' shadowcopy delete' (with hidden window)
- '<SYSTEM32>\vssadmin.exe' delete shadows /all /quiet' (with hidden window)
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv