Technical Information
- '<SYSTEM32>\certutil.exe' -decode C:\Users\Public\259.txt C:\Users\Public\259a.txt
- '<SYSTEM32>\certutil.exe' -decodehex C:\Users\Public\259a.txt C:\Users\Public\259.dll
- '<SYSTEM32>\rundll32.exe' C:\Users\Public\259.dll,D
- %TEMP%\2b16.tmp
- C:\users\public\259.txt
- C:\users\public\259.xls
- C:\users\public\259a.txt
- '<SYSTEM32>\certutil.exe' -decode C:\Users\Public\259.txt C:\Users\Public\259a.txt' (with hidden window)
- '<SYSTEM32>\certutil.exe' -decodehex C:\Users\Public\259a.txt C:\Users\Public\259.dll' (with hidden window)
- '<SYSTEM32>\rundll32.exe' C:\Users\Public\259.dll,D' (with hidden window)