Technical Information
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\fake.bat
- '%TEMP%\1d81b_res.exe'
- %TEMP%\comres.dll
- %TEMP%\comres.dll#
- %TEMP%\fake.bat
- <Current directory>\<File name>
- %TEMP%\1d81b_res.exe
- %TEMP%\nsentprf.dll
- <SYSTEM32>\nsentprf.dll
- %WINDIR%\comres.dll
- <Current directory>\<File name>
- %TEMP%\1d81b_res.exe
- %TEMP%\comres.dll~
- from %TEMP%\nsentprf.dll to <SYSTEM32>\nsentprf.dll
- from %TEMP%\comres.dll to %WINDIR%\comres.dll
- from %TEMP%\comres.dll to %TEMP%\comres.dll~
- from <Full path to file> to <Full path to file>~1