Technical Information
- %TEMP%\is-11vpr.tmp\<File name>.tmp
- %TEMP%\is-1n921.tmp\qmjjoywug.exe
- %TEMP%\is-1n921.tmp\gfqryytasner.zip
- %TEMP%\is-1n921.tmp\oxgqhbdeabphej.exe
- 'to###kto.com':80
- http://ar####igration.com/v2/events
- DNS ASK ar####igration.com
- DNS ASK to###kto.com
- '%TEMP%\is-11vpr.tmp\<File name>.tmp' /SL5="$90210,5095777,58368,<Full path to file>"
- '%TEMP%\is-1n921.tmp\qmjjoywug.exe' -P lduU "gFqrYytAsNER.zip"
- '%TEMP%\is-1n921.tmp\oxgqhbdeabphej.exe' 46b7689be95ea70a9e3b3008cea1424b
- '%TEMP%\is-1n921.tmp\qmjjoywug.exe' -P lduU "gFqrYytAsNER.zip"' (with hidden window)