Technical Information
- %TEMP%\e0dc.tmp
- %TEMP%\e226.tmp
- %TEMP%\e256.tmp
- %TEMP%\e2a5.tmp
- %TEMP%\e7b4.tmp
- %TEMP%\e7e4.tmp
- %TEMP%\e8df.tmp
- %TEMP%\e9ca.tmp
- %TEMP%\ea28.tmp
- %TEMP%\eaa8.tmp
- %TEMP%\eb08.tmp
- %TEMP%\eb38.tmp
- %TEMP%\eb77.tmp
- 'ox###e22.top':80
- http://ox###e22.top/gate.php
- DNS ASK ox###e22.top
- DNS ASK os###e02.top
- '%WINDIR%\syswow64\cmd.exe' /c timeout -t 3 && del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout -t 3 && del "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' -t 3