Technical Information
- %HOMEPATH%\appdata\roaming\windowsoperationsmanager\winopmanager.exe.lnk
- C:\documents
- %TEMP%\svhost.exe
- %HOMEPATH%\appdata\roaming\windowsoperationsmanager\winopmanager.exe.bat
- '92.#3.66.44':8312
- '<SYSTEM32>\cmd.exe' /c copy "c:/wbmdlab/<File name>.exe" "%appdata%\WindowsOperationsManager\winopmanager.exe" /Y' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > %appdata%\WindowsOperationsManager\winopmanager.exe:Zone.Identifier' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ren "%appdata%\WindowsOperationsManager\winopmanager.exe.jpg" winopmanager.exe' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy "c:/wbmdlab/<File name>.exe" "%appdata%\WindowsOperationsManager\winopmanager.exe" /Y
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > %appdata%\WindowsOperationsManager\winopmanager.exe:Zone.Identifier
- '<SYSTEM32>\cmd.exe' /c ren "%appdata%\WindowsOperationsManager\winopmanager.exe.jpg" winopmanager.exe