Technical Information
- <SYSTEM32>\conhost.exe
- %TEMP%\evb7d0c.tmp
- %TEMP%\evb7d6b.tmp
- %TEMP%\evb7d8b.tmp
- %TEMP%\evb7e57.tmp
- ClassName: '' WindowName: ''
- '<SYSTEM32>\rundll32.exe' installer.dll,setup' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Remove-Item '<Full path to file>' -Force' (with hidden window)
- '<SYSTEM32>\rundll32.exe' installer.dll,setup
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Remove-Item '<Full path to file>' -Force