Technical Information
- %TEMP%\a4ec.tmp\pay.bat
- %TEMP%\asoznjjq.0.cs
- %TEMP%\asoznjjq.cmdline
- %TEMP%\asoznjjq.out
- %TEMP%\cscbf3b.tmp
- %TEMP%\resbf6b.tmp
- %TEMP%\asoznjjq.dll
- %TEMP%\resbf6b.tmp
- %TEMP%\cscbf3b.tmp
- %TEMP%\asoznjjq.cmdline
- %TEMP%\asoznjjq.0.cs
- %TEMP%\asoznjjq.pdb
- %TEMP%\asoznjjq.dll
- %TEMP%\asoznjjq.out
- '<LOCALNET>.112.135':443
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\A4EC.tmp\pay.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\asoznjjq.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESBF6B.tmp" "%TEMP%\CSCBF3B.tmp"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\A4EC.tmp\pay.bat" "<Full path to file>""
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\asoznjjq.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESBF6B.tmp" "%TEMP%\CSCBF3B.tmp"