Technical Information
Modifies file system
Creates the following files
- %TEMP%\is-u5tpg.tmp\<File name>.tmp
- %TEMP%\is-4tub9.tmp\_isetup\_regdll.tmp
- %TEMP%\is-4tub9.tmp\_isetup\_setup64.tmp
- %TEMP%\is-4tub9.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-4tub9.tmp\setupg.exe
Moves the following files
- from %TEMP%\is-4tub9.tmp\setupg.exe to %TEMP%\is-4tub9.tmp\75801194.exe
Network activity
Connects to
- 'ws##123.cc':80
- 'xi###ingdou.com':80
UDP
- DNS ASK 12##.ip138.com
- DNS ASK ws##123.cc
- DNS ASK xi###ingdou.com
Miscellaneous
Creates and executes the following
- '%TEMP%\is-u5tpg.tmp\<File name>.tmp' /SL5="$1401FE,533805,54272,<Full path to file>"
- '%TEMP%\is-4tub9.tmp\75801194.exe' /UID:51495
