Technical Information
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' http://do##.###up-down.com:8080/alltj.html?up####
- %TEMP%\nst99c2.tmp
- %TEMP%\nsj99d3.tmp\inetload.dll
- %TEMP%\nsj99d3.tmp\system.dll
- %TEMP%\temp.ini
- %TEMP%\uninst.exe
- %TEMP%\nswa079.tmp
- %TEMP%\~nsu.tmp\au_.exe
- %TEMP%\nsxa29c.tmp
- %TEMP%\nsj99d3.tmp\inetload.dll
- %TEMP%\nsj99d3.tmp\system.dll
- %TEMP%\uninst.exe
- %TEMP%\temp.ini
- DNS ASK dd##.#etup-down.com
- DNS ASK do##.#etup-down.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'Static' WindowName: ''
- '%TEMP%\uninst.exe'
- '%TEMP%\~nsu.tmp\au_.exe' _?=%TEMP%\
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' http://do##.###up-down.com:8080/alltj.html?up####' (with hidden window)