Technical Information
- '%TEMP%\Hexor-300.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c start %temp%\Hexor-300.exe
- '%TEMP%\Hexor-300.exe'
- '%TEMP%\is-C8EGQ.tmp\Temptelegram.tmp' /SL5="$40036,908489,85504,%HOMEPATH%\Local Settings\Temptelegram.exe"
- '%HOMEPATH%\Local Settings\Temptelegram.exe'
- '%HOMEPATH%\Local Settings\Tempserver.exe'
- %TEMP%\is-C8EGQ.tmp\Temptelegram.tmp
- %HOMEPATH%\Local Settings\Tempserver.exe
- %HOMEPATH%\Local Settings\Temptelegram.exe
- 'ww###.#ippyshare.com':80
- http://ww###.#ippyshare.com/d/1V8pGlGy/636059/Server12.exe
- DNS ASK ww###.#ippyshare.com
- ClassName: 'Shell_TrayWnd' WindowName: ''