Technical Information
- <SYSTEM32>\moneset85.exe (downloaded from the Internet)
- <SYSTEM32>\monerst85.exe (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\riitqpF[1].EXE
- <SYSTEM32>\moneset85.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\atxmmppi[1].exe
- <SYSTEM32>\monerst85.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\riitqpF[1].EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\atxmmppi[1].exe
- 'wi##ar.net':80
- 'th####netbar.com':80
- 'localhost':1035
- wi##ar.net/ilcd1/dncheck.php?ch##############
- th####netbar.com/cccost/riitqpF.EXE
- th####netbar.com/cccost/atxmmppi.exe
- DNS ASK wi##ar.net
- DNS ASK th####netbar.com