Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<Full path to file>'
- '%WINDIR%\syswow64\taskkill.exe' /im taskmgr.exe /f
- %WINDIR%\apppatch\system.vbs
- <Full path to file>
- 'drive.google.com':443
- 'drive.google.com':80
- 'do#########ocs.googleusercontent.com':443
- 'oc##.#tartssl.com':80
- 'drive.google.com':443
- 'do#########ocs.googleusercontent.com':443
- DNS ASK drive.google.com
- DNS ASK do#########ocs.googleusercontent.com
- DNS ASK st####.rapidssl.com
- DNS ASK oc##.#tartssl.com
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\AppPatch\system.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im taskmgr.exe /f
- '%WINDIR%\syswow64\cmd.exe' /c attrib +s +h <File name>.exe
- '%WINDIR%\syswow64\attrib.exe' +s +h <File name>.exe
- '%WINDIR%\syswow64\cmd.exe' /c netsh wlan show profiles>ss.txt
- '%WINDIR%\syswow64\netsh.exe' wlan show profiles
- '%WINDIR%\syswow64\cmd.exe' /c del ss.txt
- '%WINDIR%\syswow64\cmd.exe' /c system.vbs