Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /IM explorer.exe -f
- %WINDIR%\temp\cababc2.tmp
- %WINDIR%\temp\tarabd3.tmp
- %WINDIR%\temp\cababc2.tmp
- %WINDIR%\temp\tarabd3.tmp
- http://us###ash.com/ixset.php?ip########
- http://us###ash.com/ixpkey.php
- http://us###ash.com/ixptexts.php
- http://us###ash.com/setad.php
- http://us###ash.com/ixlive.php?ui###
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK ia#.##apdash.com
- DNS ASK us###ash.com
- DNS ASK go#####analytics.com
- DNS ASK oc##.#tartssl.com
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\taskmgr.exe' ' (with hidden window)
- '%WINDIR%\syswow64\taskmgr.exe'
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /IM explorer.exe -f