Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- %LOCALAPPDATA%\microsoft\clr_v4.0_32\usagelogs\<File name>.exe.log
- 'fi###ransfer.io':443
- '84.##.130.205':58146
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB039D4329A5E8.crt?a2##############
- 'fi###ransfer.io':443
- DNS ASK fi###ransfer.io
- DNS ASK s2#.##letransfer.io
- '%WINDIR%\syswow64\cmd.exe' /c Copy "<Full path to file>" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\<File name>.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c Copy "<Full path to file>" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\<File name>.exe"
- '<SYSTEM32>\svchost.exe' -k wsappx -p