Technical Information
- rundii32.exe
- %TEMP%\ixp000.tmp\rundii32.exe
- %TEMP%\ixp000.tmp\bounceoutinstall.exe
- %TEMP%\php5984.tmp
- %TEMP%\php59d3.tmp
- %TEMP%\php59d4.tmp
- %TEMP%\ixp001.tmp\rundii32.exe
- %TEMP%\ixp001.tmp\bounceoutinstall.exe
- %TEMP%\php6170.tmp
- %TEMP%\php61b0.tmp
- %TEMP%\php61e0.tmp
- %TEMP%\glb62b8.tmp
- %TEMP%\glc6650.tmp
- %TEMP%\glk6671.tmp
- %TEMP%\glg7255.tmp
- %TEMP%\~glh0000.tmp
- %TEMP%\~glh0001.tmp
- from %TEMP%\~glh0000.tmp to %TEMP%\glf7275.tmp
- from %TEMP%\~glh0001.tmp to %TEMP%\glf73fc.tmp
- 'vc##ats.com':80
- http://vc##ats.com/url.php
- DNS ASK vc##ats.com
- '%TEMP%\ixp000.tmp\rundii32.exe'
- '%TEMP%\ixp000.tmp\bounceoutinstall.exe'
- '%TEMP%\ixp001.tmp\rundii32.exe'
- '%TEMP%\ixp001.tmp\bounceoutinstall.exe'
- '%TEMP%\glb62b8.tmp' 4736 %TEMP%\IXP001.TMP\BOUNCE~1.EXE