Technical Information
- <SYSTEM32>\tasks\winsysd32
- %WINDIR%\dlogs\message.log
- <Current directory>\inv.vbs
- %WINDIR%\dgn\esn.vbs
- %WINDIR%\dgn\winsysd32.exe
- %WINDIR%\dgn\tsk.xml
- %HOMEPATH%\documents\message.log
- %WINDIR%\dgn\88.dfile
- %WINDIR%\dgn\88.cfile
- %WINDIR%\dgn\esn.vbs
- %WINDIR%\dgn\tsk.xml
- <Current directory>\inv.vbs
- %WINDIR%\dgn\88.dfile
- %WINDIR%\dgn\esn.vbs
- %WINDIR%\dgn\88.dfile
- 'on####ve.live.com':443
- 'lo###.live.com':443
- DNS ASK on####ve.live.com
- DNS ASK lo###.live.com
- '%WINDIR%\dgn\winsysd32.exe' 6 true
- '%WINDIR%\dgn\winsysd32.exe' 6 true' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /query /tn winsysd32
- '%WINDIR%\syswow64\schtasks.exe' /Create /XML "%WINDIR%\Dgn\tsk.xml" /TN Winsysd32
- '%WINDIR%\syswow64\attrib.exe' +H +S "%WINDIR%\Dgn"
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\Dgn\esn.vbs" "%WINDIR%\Dgn\Winsysd32.exe 6 true"