Technical Information
- %TEMP%\is-25alo.tmp\<File name>.tmp
- %TEMP%\is-oimjd.tmp\kebbawmduk.exe
- %TEMP%\is-oimjd.tmp\mflupggmiot.zip
- %TEMP%\is-oimjd.tmp\bbhorm.exe
- 's1.#wnls.ws':80
- http://ar####igration.com/v2/events
- DNS ASK ar####igration.com
- DNS ASK s1.#wnls.ws
- '%TEMP%\is-25alo.tmp\<File name>.tmp' /SL5="$500AC,5234844,58368,<Full path to file>"
- '%TEMP%\is-oimjd.tmp\kebbawmduk.exe' -P wGMS "MfLuPggMIOT.zip"
- '%TEMP%\is-oimjd.tmp\bbhorm.exe' 8c49676638f03022f0a90fe2e15e2098
- '%TEMP%\is-oimjd.tmp\kebbawmduk.exe' -P wGMS "MfLuPggMIOT.zip"' (with hidden window)