Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im wscript.exe
- %TEMP%\ixp000.tmp\b.tmp
- %TEMP%\ixp000.tmp\xx.js
- %TEMP%\ixp000.tmp\yy.js
- %TEMP%\ixp000.tmp\start.bat
- %TEMP%\ixp000.tmp\start.bat
- %TEMP%\ixp000.tmp\yy.js
- %TEMP%\ixp000.tmp\xx.js
- %TEMP%\ixp000.tmp\b.tmp
- 'sn###ers.org':443
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'sn###ers.org':443
- DNS ASK sn###ers.org
- DNS ASK microsoft.com
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c start.bat' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c start.bat
- '<SYSTEM32>\wscript.exe' xx.js
- '<SYSTEM32>\wscript.exe' yy.js