Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- ctfmon.exe
- %APPDATA%\ctfmon.exe
- %TEMP%\b-2bz-ie.0.cs
- %TEMP%\b-2bz-ie.cmdline
- %TEMP%\b-2bz-ie.out
- %TEMP%\csc667c.tmp
- %TEMP%\res667d.tmp
- %TEMP%\b-2bz-ie.dll
- %TEMP%\res667d.tmp
- %TEMP%\csc667c.tmp
- %TEMP%\b-2bz-ie.cmdline
- %TEMP%\b-2bz-ie.out
- %TEMP%\b-2bz-ie.0.cs
- %TEMP%\b-2bz-ie.dll
- from <Full path to file> to %APPDATA%\<File name>.exe
- 'ro##.no-ip.biz':1605
- DNS ASK ro##.no-ip.biz
- '%APPDATA%\ctfmon.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES667D.tmp" "%TEMP%\CSC667C.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\b-2bz-ie.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\b-2bz-ie.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES667D.tmp" "%TEMP%\CSC667C.tmp"