Technical Information
- %TEMP%\is-esjr9.tmp\<File name>.tmp
- %TEMP%\is-2fp09.tmp\_isetup\_setup64.tmp
- %TEMP%\is-2fp09.tmp\idp.dll
- %TEMP%\is-2fp09.tmp\itdownload.dll
- %TEMP%\is-2fp09.tmp\psvince.dll
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020022520200226\index.dat
- http://do##.##tchcraftcash.com/afu.php?zo##################
- http://lo####.exelator.com/load/?p=######################################################
- http://do##.##tchcraftcash.com/favicon.ico
- http://cr#.#odaddy.com/gdig2s1-1117.crl
- DNS ASK th####dcaster.com
- DNS ASK do##.##tchcraftcash.com
- DNS ASK lo####.exelator.com
- DNS ASK my.##mark.net
- DNS ASK cr#.#odaddy.com
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\is-esjr9.tmp\<File name>.tmp' /SL5="$90238,641384,57344,<Full path to file>"