Technical Information
- %TEMP%\is-elago.tmp\<File name>.tmp
- %TEMP%\is-vl8d1.tmp\hpgeq.exe
- %TEMP%\is-vl8d1.tmp\jlmw.zip
- %TEMP%\is-vl8d1.tmp\hli.exe
- 's1.#wnls.ws':80
- http://ap###acion.top/v2/events
- DNS ASK ap###acion.top
- DNS ASK s1.#wnls.ws
- '%TEMP%\is-elago.tmp\<File name>.tmp' /SL5="$45013E,2406298,58368,<Full path to file>"
- '%TEMP%\is-vl8d1.tmp\hpgeq.exe' -P Ypj "JlMW.zip"
- '%TEMP%\is-vl8d1.tmp\hli.exe' beff19648a2c11f60732322a640e5847
- '%TEMP%\is-vl8d1.tmp\hpgeq.exe' -P Ypj "JlMW.zip"' (with hidden window)