Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\startUpmanager.vbs
- %TEMP%\Temp.exe
- %TEMP%\is-2TD41.tmp\Temp.tmp
- %TEMP%\txt.txt
- %TEMP%\is-408LJ.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-408LJ.tmp\idp.dll
- %TEMP%\is-408LJ.tmp\innocallback.dll
- %TEMP%\is-408LJ.tmp\ISDone.dll
- 'localhost':1037
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- '%TEMP%\Temp.exe'
- '%TEMP%\is-2TD41.tmp\Temp.tmp' /SL5="$40036,3391460,140800,%TEMP%\Temp.exe"
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Start Menu\Programs\Startup\startUpmanager.vbs"