Technical Information
Modifies file system:
Creates the following files:
- %TEMP%\is-LC3RL.tmp\<File name>.tmp
- %TEMP%\is-1FO4B.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-1FO4B.tmp\itdownload.dll
- %TEMP%\is-1FO4B.tmp\InvertDll.dll
- %TEMP%\is-1FO4B.tmp\rkverify.exe
- %TEMP%\is-1FO4B.tmp\rkinstaller.exe
Network activity:
Connects to:
- 'so###ion.com':80
TCP:
HTTP GET requests:
- http://www.so###ion.com/step3.exe via so###ion.com
- http://www.so###ion.com/step4.exe via so###ion.com
UDP:
- DNS ASK www.so###ion.com
Miscellaneous:
Creates and executes the following:
- '%TEMP%\is-LC3RL.tmp\<File name>.tmp' /SL5="$30092,6012591,119296,<Full path to file>"
