Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\7570b03bb29dcaa1a6d8b20367c86b0f.exe
- %HOMEPATH%\Start Menu\Programs\Startup\qoMTblPKZlLkUBsA.url
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to file>' = '<Full path to file>:*:Enabled:<File name>.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<Full path to file>" "<File name>.exe" ENABLE
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %HOMEPATH%\<File name>.exe
- %TEMP%\in40b3hi.dll
- %TEMP%\in40b3hi.cmdline
- %TEMP%\in40b3hi.0.cs
- %TEMP%\in40b3hi.pdb
- %TEMP%\in40b3hi.out
- %TEMP%\in40b3hi.0.cs
- %TEMP%\in40b3hi.out
- %TEMP%\in40b3hi.pdb
- %TEMP%\in40b3hi.dll
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\in40b3hi.cmdline
- '18#.#33.198.65':9999
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\in40b3hi.cmdline"