Technical Information
- '<SYSTEM32>\certutil.exe' -decode C:\Users\Public\1606.fo C:\Users\Public\1606.fo2
- '<SYSTEM32>\certutil.exe' -decodehex C:\Users\Public\1606.fo2 C:\Users\Public\1606.dll
- '<SYSTEM32>\rundll32.exe' C:\Users\Public\1606.dll,D
- %TEMP%\868e.tmp
- C:\users\public\1606.fo
- C:\users\public\1606.xls
- C:\users\public\1606.fo2
- '<SYSTEM32>\certutil.exe' -decode C:\Users\Public\1606.fo C:\Users\Public\1606.fo2' (with hidden window)
- '<SYSTEM32>\certutil.exe' -decodehex C:\Users\Public\1606.fo2 C:\Users\Public\1606.dll' (with hidden window)
- '<SYSTEM32>\rundll32.exe' C:\Users\Public\1606.dll,D' (with hidden window)