Technical Information
- [<HKLM>\System\CurrentControlSet\Services\mvpci] 'ImagePath' = '%WINDIR%\temp\mvpci.bin'
- <SYSTEM32>\cmd.exe
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook]
- [<HKCU>\software\rit\the bat!]
- %WINDIR%\temp\mvpci.bin
- %WINDIR%\temp\ip.bat
- %WINDIR%\temp\ip.txt
- %TEMP%\netuse.bat
- %TEMP%\netuse.txt
- %WINDIR%\temp\mvpci.bin
- %WINDIR%\temp\ip.bat
- %WINDIR%\temp\ip.txt
- %TEMP%\netuse.bat
- %TEMP%\netuse.txt
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\temp\ip.bat' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\netUse.bat' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\temp\ip.bat
- '<SYSTEM32>\ipconfig.exe' /all
- '<SYSTEM32>\cmd.exe' /c %TEMP%\netUse.bat
- '<SYSTEM32>\net.exe' use