Technical Information
- from <Full path to file> to %TEMP%\network.exe.exe
- 'ge####s.hoptp.org':1040
- DNS ASK ge####s.hoptp.org
- '%WINDIR%\syswow64\cmd.exe' /C type nul > "<Full path to file>:Zone.Identifier"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c, "%TEMP%\network.exe.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C type nul > "%TEMP%\network.exe.exe:Zone.Identifier"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\jpl5yctu.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF82D.tmp" "%TEMP%\vbc90E16677490A4687B3902C971881E9B6.TMP"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C type nul > "<Full path to file>:Zone.Identifier"
- '%WINDIR%\syswow64\cmd.exe' /c, "%TEMP%\network.exe.exe"
- '%WINDIR%\syswow64\cmd.exe' /C type nul > "%TEMP%\network.exe.exe:Zone.Identifier"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\jpl5yctu.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF82D.tmp" "%TEMP%\vbc90E16677490A4687B3902C971881E9B6.TMP"