Technical Information
- %TEMP%\is-E82TN.tmp\<File name>.tmp
- %TEMP%\is-2IRQT.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-2IRQT.tmp\_isetup\_shfoldr.dll
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\sjhitgnd_013tj[1].php
- %TEMP%\is-2IRQT.tmp\tj.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI2.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\tongji[1].php
- %TEMP%\is-2IRQT.tmp\RunTongJi.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI2.tmp
- %TEMP%\is-2IRQT.tmp\RunTongJi.tmp
- %TEMP%\is-2IRQT.tmp\tj.tmp
- %TEMP%\is-2IRQT.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-2IRQT.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-E82TN.tmp\<File name>.tmp
- 'localhost':1037
- 'up.##674t.club':80
- 'wp#d':80
- 'rk.##674t.club':80
- http://up.##674t.club/m/sjhitgnd_013tj.php
- http://11#.#11.111.2/wpad.dat via wp#d
- http://up.##674t.club/m/sjhitgnd_013uac.jpg
- http://up.##674t.club/m/sjhitgnd_013up.jpg
- http://rk.##674t.club/tongji.php?ui#####################################
- DNS ASK up.##674t.club
- DNS ASK wp#d
- DNS ASK rk.##674t.club
- '%TEMP%\is-E82TN.tmp\<File name>.tmp' /SL5="$40036,54272,54272,<Full path to file>"
- '<SYSTEM32>\msiexec.exe' /V