Technical Information
- <Current directory>\libexdui.dll
- <Current directory>\libexdui.dll
- from <Current directory>\libexdui.dll to %TEMP%\1177058\....\temporaryfile
- 'ti##.soeen.com':80
- http://20##.ip138.com/
- http://www.ba##u.com/
- http://ti##.soeen.com/Soeen/Strawberrynew.asp
- DNS ASK ba##u.com
- DNS ASK 20##.ip138.com
- DNS ASK ti##.soeen.com
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul