Technical Information
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' http://www.fo##ar.com/test.php
- %HOMEPATH%\shellcodefile.txt
- http://www.fo##ar.com/test.php
- DNS ASK fo##ar.com
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' http://www.fo##ar.com/test.php' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C C: && cd "%LOCALAPPDATA%" && dir . /s /b | find "test" > "%HOMEPATH%\shellcodefile.txt"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C C: && cd "%LOCALAPPDATA%" && dir . /s /b | find "test" > "%HOMEPATH%\shellcodefile.txt"
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" dir . /s /b "
- '%WINDIR%\syswow64\find.exe' "test"