Technical Information
- %WINDIR%\syswow64\wbem\2304\svchost.exe
- %WINDIR%\syswow64\7e23c6efb0.dll
- %WINDIR%\syswow64\wbem\pxxygivnb.dll
- <Current directory>\$$306609.bat
- DNS ASK ud#.#job123.com
- 'ud#.#job123.com':31890
- ClassName: 'MS_WINHELP' WindowName: ''
- '%WINDIR%\syswow64\cacls.exe' "<SYSTEM32>\wbem\2304" /t /e /g everyone:f' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe' /e,<SYSTEM32>\wbem\2304\' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\$$306609.bat' (with hidden window)
- '%WINDIR%\syswow64\cacls.exe' "<SYSTEM32>\wbem\2304" /t /e /g everyone:f
- '%WINDIR%\syswow64\regsvr32.exe' /s <SYSTEM32>\wbem\pxxygivnb.dll
- '%WINDIR%\syswow64\explorer.exe' /e,<SYSTEM32>\wbem\2304\
- '%WINDIR%\syswow64\cmd.exe' /c <Current directory>\$$306609.bat