Technical Information
- %TEMP%\injector.exe
- %TEMP%\cebetip.exe
- %TEMP%\1xfvmxbd.0.cs
- %TEMP%\1xfvmxbd.cmdline
- %TEMP%\1xfvmxbd.out
- %TEMP%\cscfe5b.tmp
- %TEMP%\resfe5c.tmp
- %TEMP%\1xfvmxbd.dll
- %TEMP%\resfe5c.tmp
- %TEMP%\cscfe5b.tmp
- %TEMP%\1xfvmxbd.dll
- %TEMP%\1xfvmxbd.0.cs
- %TEMP%\1xfvmxbd.cmdline
- %TEMP%\1xfvmxbd.out
- 'ip##pi.com':80
- http://ip##pi.com/json/?fi##########
- DNS ASK ip##pi.com
- '%TEMP%\injector.exe'
- '%TEMP%\cebetip.exe'
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\1xfvmxbd.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFE5C.tmp" "%TEMP%\CSCFE5B.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\1xfvmxbd.cmdline"
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFE5C.tmp" "%TEMP%\CSCFE5B.tmp"