Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Synchronizer Application' = '%APPDATA%\SynchronizerApplication\LocalDoctor.exe'
- %TEMP%\CSC1.tmp
- %TEMP%\h5d1cwmh.out
- %TEMP%\h5d1cwmh.dll
- %TEMP%\RES2.tmp
- %TEMP%\h5d1cwmh.cmdline
- %APPDATA%\SynchronizerApplication\LocalDoctor 3816.exe
- %APPDATA%\dDg.exe
- %TEMP%\h5d1cwmh.0.cs
- %APPDATA%\SynchronizerApplication\LocalDoctor.exe
- %TEMP%\h5d1cwmh.cmdline
- %TEMP%\h5d1cwmh.0.cs
- %TEMP%\h5d1cwmh.dll
- %TEMP%\h5d1cwmh.out
- <Full path to file>
- %APPDATA%\dDg.exe
- %TEMP%\CSC1.tmp
- %TEMP%\RES2.tmp
- '%APPDATA%\SynchronizerApplication\LocalDoctor 3816.exe' 0
- '%APPDATA%\SynchronizerApplication\LocalDoctor 3816.exe' "%APPDATA%\dDg.exe" "<Full path to file>"
- '%APPDATA%\dDg.exe' "<Full path to file>"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\h5d1cwmh.cmdline"