Technical Information
- %TEMP%\ixp000.tmp\your_exe.exe
- %TEMP%\ixp000.tmp\seepas~1.exe
- %TEMP%\~50ce.tmp
- %TEMP%\_is511d\setup.ini
- %TEMP%\_is511d\_ismsidel.ini
- %TEMP%\_is511d\seepassword.msi
- %TEMP%\~50ce.tmp
- %TEMP%\ixp000.tmp\your_exe.exe
- 'ae####online.com':80
- http://ae####online.com/djmdyf/imhbjepxrz.php?ad########
- http://ae####online.com/djmdyf/kbidlfdytr.php?ad########
- http://ae####online.com/djmdyf/ycweckemxs.php?ad########
- http://ae####online.com/djmdyf/tkfzhs.php?ad########
- http://ae####online.com/djmdyf/sjnvpnidk.php?ad########
- http://ae####online.com/djmdyf/jjelg.php?ad########
- http://ae####online.com/djmdyf/kofmhoahpk.php?ad########
- http://ae####online.com/djmdyf/aaidkfmhfa.php?ad########
- http://ae####online.com/djmdyf/bsvqbwql.php?ad########
- http://ae####online.com/djmdyf/cgxvqksq.php?ad########
- http://ae####online.com/djmdyf/cgaickiqk.php?ad########
- http://ae####online.com/djmdyf/jaucnvc.php?ad########
- http://ae####online.com/djmdyf/mqupaic.php?ad##############################################
- DNS ASK ae####online.com
- '%TEMP%\ixp000.tmp\your_exe.exe'
- '%TEMP%\ixp000.tmp\seepas~1.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\IXP000.TMP\your_exe.exe > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\IXP000.TMP\your_exe.exe > nul
- '%WINDIR%\syswow64\msiexec.exe' /i "%TEMP%\_is511D\SeePassword.msi"