Technical Information
Modifies file system
Creates the following files
- %TEMP%\is-ptm5s.tmp\<File name>.tmp
- %TEMP%\is-2jc21.tmp\_isetup\_setup64.tmp
- %TEMP%\is-2jc21.tmp\idp.dll
- %TEMP%\is-2jc21.tmp\rk_setup.exe
Network activity
Connects to
- 'dp#.###urestudies.com':80
- 'dp#.###urestudies.com':443
- 'oc##.###tg2.amazontrust.com':80
- 'oc##.####ca1.amazontrust.com':80
- 'cr#.####ca1.amazontrust.com':80
- 'oc##.###04.amazontrust.com':80
TCP
HTTP GET requests
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b0##############
- http://oc##.###tg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
- http://cr#.####ca1.amazontrust.com/rootca1.crl
- http://oc##.###04.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTihuFvpmFDw5hOcIp918Jm5B3CQgQUH1KSYVaCVH%2BBZtgdPQqqMlyH3QgCEASyzqvKZx63Kwg54MDBAZg%3D
- http://dp#.###urestudies.com/packages/ir/rk_setup.exe
Other
- 'dp#.###urestudies.com':443
UDP
- DNS ASK dp#.###urestudies.com
- DNS ASK oc##.###tg2.amazontrust.com
- DNS ASK oc##.####ca1.amazontrust.com
- DNS ASK cr#.####ca1.amazontrust.com
- DNS ASK oc##.###04.amazontrust.com
Miscellaneous
Creates and executes the following
- '%TEMP%\is-ptm5s.tmp\<File name>.tmp' /SL5="$B029A,6952541,845824,<Full path to file>"
