Technical Information
- %TEMP%\<File name>_002476.log
- %TEMP%\htmlayout.dll
- %APPDATA%\ipumper\config.xml
- %TEMP%\tmp4a79.exe
- %TEMP%\nst4e32.tmp\system.dll
- %TEMP%\nst4e32.tmp\inetc.dll
- %TEMP%\tmp5558.exe
- %TEMP%\nst4e32.tmp\inetc.dll
- %TEMP%\nst4e32.tmp\system.dll
- http://www.an#####downloader.com/api/cc
- http://www.an#####downloader.com/api/keywordexecute/511c5089cead11eaa33d263f5efd5a03/14600001/knwqjbhh
- http://www.an#####downloader.com/api/firstscreenshown/511c5089cead11eaa33d263f5efd5a03/14600001
- DNS ASK an#####downloader.com
- DNS ASK is######e.conduit-data.com
- DNS ASK am#####zeinstaller.com
- '%TEMP%\tmp4a79.exe' –ctid=CT3282330
- '%TEMP%\tmp5558.exe' /s /t /i Yontoo9