Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SelfRunDemo' = '"C:\Users\Public\Downloads\E2CD9A70230\ApplicSchdpl.exe"'
- %WINDIR%\temp\fwtsqmfile01.sqm
- C:\users\public\downloads\a2a.exe
- C:\users\public\downloads\b3b.tmp
- C:\users\public\downloads\s3s.lnk
- C:\users\public\downloads\e2cd9a70230\applicschdpl.exe
- C:\users\public\downloads\e2cd9a70230\gapi32.dll
- C:\users\public\downloads\e2cd9a70230\template.txt
- DNS ASK dn#.google
- ClassName: 'MS Schedule+ 32 Main' WindowName: ''
- 'C:\users\public\downloads\a2a.exe' -o -d C:\Users\Public\Downloads\E2CD9A70230 C:\Users\Public\Downloads\b3b.tmp
- 'C:\users\public\downloads\e2cd9a70230\applicschdpl.exe'
- 'C:\users\public\downloads\a2a.exe' -o -d C:\Users\Public\Downloads\E2CD9A70230 C:\Users\Public\Downloads\b3b.tmp' (with hidden window)