Technical Information
- '%ALLUSERSPROFILE%\Documents\setup_05.exe' /verysilent
- '%ALLUSERSPROFILE%\Documents\setup_05.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c <Current directory>\$$336699.bat
- <Current directory>\$$336699.bat
- %ALLUSERSPROFILE%\Documents\setup_05.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\setup_05[1].exe
- 'up####.catrootsz.com':80
- 'localhost':1035
- up####.catrootsz.com/setup/setup_05.exe
- DNS ASK up####.catrootsz.com