Technical Information
- %TEMP%\is-aate4.tmp\<File name>.tmp
- %TEMP%\is-ver3k.tmp\_isetup\_setup64.tmp
- %TEMP%\is-ver3k.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-ver3k.tmp\itdownload.dll
- %TEMP%\is-ver3k.tmp\rkverify.exe
- %TEMP%\is-ver3k.tmp\rkinstaller.exe
- %TEMP%\is-ver3k.tmp\ocsetuphlp.dll
- 'po##.##curestudies.com':80
- http://po##.##curestudies.com/packages/VR/PackageV.exe
- http://po##.##curestudies.com/packages/IR/PackageI2.exe
- DNS ASK po##.##curestudies.com
- DNS ASK ap#.##encandy.com
- ClassName: '2BE818D80A274C2F828CC5BEDFCF0688' WindowName: ''
- ClassName: '995D92B2-4ED9-43A7-9338-8CC7D1746F96' WindowName: ''
- '%TEMP%\is-aate4.tmp\<File name>.tmp' /SL5="$A0214,11326924,56832,<Full path to file>"
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\is-VER3K.tmp\OCSetupHlp.dll",_OCPID905OpenCandy2@16 2344,2BE818D80A274C2F828CC5BEDFCF0688,164D611EF48F422BA8AF31713C955200,A1DC422C4B764D01AEF9D5C614B5CD2E' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%TEMP%\is-VER3K.tmp\OCSetupHlp.dll",_OCPID905OpenCandy2@16 2344,2BE818D80A274C2F828CC5BEDFCF0688,164D611EF48F422BA8AF31713C955200,A1DC422C4B764D01AEF9D5C614B5CD2E