Technical Information
- %TEMP%\~nsu.tmp\Au_.exe _?=%TEMP%\
- %TEMP%\uninst.exe
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://tj.######.setup-down.com:8080/alltj.html?up####
- %TEMP%\nsq5.tmp
- %TEMP%\uninst.exe
- %TEMP%\nsx7.tmp
- %TEMP%\~nsu.tmp\Au_.exe
- %TEMP%\nsc3.tmp\InetLoad.dll
- %TEMP%\nsw2.tmp
- %TEMP%\temp.ini
- %TEMP%\nsc3.tmp\System.dll
- %TEMP%\uninst.exe
- %TEMP%\temp.ini
- %TEMP%\nsc3.tmp\InetLoad.dll
- %TEMP%\nsc3.tmp\System.dll
- 'tj.#####r.setup-down.com':8080
- 'localhost':1038
- 'dd##.###up.setup-down.com':8080
- DNS ASK tj.#####r.setup-down.com
- DNS ASK dd##.###up.setup-down.com
- '<Private IP address>':1035
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''