Technical Information
- %TEMP%\is-gevvh.tmp\<File name>.tmp
- %TEMP%\is-4posn.tmp\_isetup\_setup64.tmp
- %TEMP%\is-4posn.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-4posn.tmp\itdownload.dll
- %TEMP%\is-4posn.tmp\rkverify.exe
- %TEMP%\is-4posn.tmp\rkinstaller.exe
- %TEMP%\is-4posn.tmp\ocsetuphlp.dll
- http://po##.##curestudies.com/packages/VR/PackageV.exe
- http://po##.##curestudies.com/packages/IR/PackageI2.exe
- DNS ASK po##.##curestudies.com
- DNS ASK ap#.##encandy.com
- ClassName: '60D61981A74D4DB1AA4D7CADBCD92CFD' WindowName: ''
- ClassName: '995D92B2-4ED9-43A7-9338-8CC7D1746F96' WindowName: ''
- '%TEMP%\is-gevvh.tmp\<File name>.tmp' /SL5="$13021E,16908509,56832,<Full path to file>"
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\is-4POSN.tmp\OCSetupHlp.dll",_OCPID0905OpenCandy2@16 2532,60D61981A74D4DB1AA4D7CADBCD92CFD,000292DD2ADE45F9BA261BACE4B63B40,1D740136405843089C21310D4BB8761E' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\is-4POSN.tmp\OCSetupHlp.dll",_OCPID0905OpenCandy2@16 2532,60D61981A74D4DB1AA4D7CADBCD92CFD,000292DD2ADE45F9BA261BACE4B63B40,1D740136405843089C21310D4BB8761E