Technical Information
- %TEMP%\autc9d3.tmp
- %WINDIR%\temp\352547.exe
- C:\documents and settings\all users\temp\1.vbs
- C:\documents and settings\all users\temp\delnt.bat
- %TEMP%\autc9d3.tmp
- %WINDIR%\temp\352547.exe
- C:\documents and settings\all users\temp\1.vbs
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\temp\352547.exe' 程序运行参数
- '%WINDIR%\temp\352547.exe' 程序运行参数' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Documents and Settings\All Users\Temp\Delnt.bat" "' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "C:\Documents and Settings\All Users\Temp\1.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Documents and Settings\All Users\Temp\Delnt.bat" "
- '%WINDIR%\syswow64\attrib.exe' -s -h -r C:\Ntldr