Technical Information
- %TEMP%\is-4gdj5.tmp\<File name>.tmp
- %TEMP%\is-8i0ss.tmp\_isetup\_setup64.tmp
- %TEMP%\is-8i0ss.tmp\itdownload.dll
- %TEMP%\is-8i0ss.tmp\gcountry.dll
- %TEMP%\is-8i0ss.tmp\config.rar
- %TEMP%\is-8i0ss.tmp\unrar.exe
- %TEMP%\is-8i0ss.tmp\393.ini
- %TEMP%\is-8i0ss.tmp\393.txt
- %TEMP%\is-8i0ss.tmp\config.ini
- %TEMP%\is-8i0ss.tmp\8.ini
- %TEMP%\is-8i0ss.tmp\8.rtf
- %TEMP%\is-8i0ss.tmp\stub4_install.exe
- %TEMP%\is-8i0ss.tmp\stub_tmp.rar
- %TEMP%\is-8i0ss.tmp\stub4_install.exe
- %TEMP%\is-8i0ss.tmp\stub_tmp.rar
- %TEMP%\is-8i0ss.tmp\stub4_install.exe
- http://cd#.###ningsunsoft.com/offersCME_2D.rar
- http://ma##dn.ml/stub4_install.rar
- http://vt###smit.com/getip.php
- DNS ASK cd#.###ningsunsoft.com
- DNS ASK ma##dn.ml
- DNS ASK vt###smit.com
- '%TEMP%\is-4gdj5.tmp\<File name>.tmp' /SL5="$D020E,351737,121344,<Full path to file>"
- '%TEMP%\is-8i0ss.tmp\unrar.exe' e -y config.rar
- '%TEMP%\is-8i0ss.tmp\unrar.exe' e -p123456 -y stub_tmp.rar
- '%TEMP%\is-8i0ss.tmp\unrar.exe' e -y config.rar' (with hidden window)
- '%TEMP%\is-8i0ss.tmp\unrar.exe' e -p123456 -y stub_tmp.rar' (with hidden window)