Technical Information
- '%TEMP%\UPDTLIST.EXE'
- '%TEMP%\UPDTLIST.EXE' (downloaded from the Internet)
- %TEMP%\~GLH0001.TMP
- C:\~GLHTTP1.TMP
- %TEMP%\~GLH0002.TMP
- %TEMP%\GLC1.tmp
- %TEMP%\GLM2.tmp
- %TEMP%\~GLH0000.TMP
- %TEMP%\GLF4.tmp
- %TEMP%\GLC1.tmp
- C:\~GLHTTP1.TMP
- %TEMP%\GLM2.tmp
- from %TEMP%\~GLH0002.TMP to %TEMP%\UPDTLIST.EXE
- from %TEMP%\~GLH0001.TMP to %TEMP%\picon.dll
- from %TEMP%\~GLH0000.TMP to %TEMP%\GLF4.tmp
- 'www.al###ade.com':80
- www.al###ade.com/spy/action.php?na###########
- www.al###ade.com/bce/UPDTLIST.EXE
- DNS ASK www.al###ade.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'