Technical Information
Modifies file system
Creates the following files
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\css[2].txt
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\icon18_edit_allbkg[1].gif
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\in[1].js
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\widgets[1].js
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\authorization[1].css
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\warning[1]
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\error[1]
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\error[1]
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\www6_jqueryapi_info[1].htm
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\w8gdh283tvk__lua32tysjifp8ul[1].eot
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\mem8yags126mizpba-ufvz0f[1].eot
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\2sdczg1wl4lcnbucjw8zagw9[1].eot
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\3597120983-css_bundle_v2[1].css
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\3399642339-ieretrofit[1].js
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\jquery.min[1].js
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\css[1].txt
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\zarb-e-azb-blog2-660x330[1].jpg
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\x1121168_30437298.jpg.pagespeed.ic.fkkduvy6b3[1].jpg
Deletes the following files
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\authorization[1].css
Network activity
Connects to
- 'fa###ook.com':443
- 'st####.buffer.com':443
- 'da###motion.com':139
TCP
HTTP GET requests
- http://fo###.#oogleapis.com/css?fa###############
- http://fo###.#oogleapis.com/css?fa#########################################
- http://aj##.#oogleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
- http://fo###.gstatic.com/s/oxygen/v8/2sDcZG1Wl4LcnbuCJW8zaGW9.eot
- http://fo###.gstatic.com/s/opensans/v16/mem8YaGs126MiZpBA-UFVZ0f.eot
- http://fo###.gstatic.com/s/varelaround/v11/w8gdH283Tvk__Lua32TysjIfp8uL.eot
- http://jq###yapi.info/?ge########################################################
- http://ww##.#queryapi.info/?&k################################################################################################################
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- http://www.fa###ook.com/plugins/like.php?hr######################################################################################################################################################...
- http://pl#####m.twitter.com/widgets.js
- http://pl#####m.linkedin.com/in.js
- http://st####.bufferapp.com/js/button.js
- http://im##.#logblog.com/img/icon18_edit_allbkg.gif
UDP
- DNS ASK bl##ger.com
- DNS ASK 3.##.#logspot.com
- DNS ASK st####.bufferapp.com
- DNS ASK da###motion.com
- DNS ASK pl#####m.linkedin.com
- DNS ASK apis.google.com
- DNS ASK fa###ook.com
- DNS ASK pl#####m.twitter.com
- DNS ASK public-trust.com
- DNS ASK co#####.facebook.net
- DNS ASK oc##.thawte.com
- DNS ASK go.##clasrv.com
- DNS ASK s7.##dthis.com
- DNS ASK ww##.#queryapi.info
- DNS ASK go###edrive.com
- DNS ASK jq###yapi.info
- DNS ASK fo###.gstatic.com
- DNS ASK ma####.bootstrapcdn.com
- DNS ASK aj##.#oogleapis.com
- DNS ASK fo###.#oogleapis.com
- DNS ASK im##.#logblog.com
- DNS ASK st####.buffer.com
Miscellaneous
Searches for the following windows
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''