Technical Information
- '%TEMP%\nse2.tmp\ns4.tmp' <SYSTEM32>\cmd.exe /C Sc delete AdobeFlashPlayerHash>>install.log
- '<SYSTEM32>\cmd.exe' /C Sc delete AdobeFlashPlayerHash>>install.log
- '<SYSTEM32>\sc.exe' delete AdobeFlashPlayerHash
- '<SYSTEM32>\net1.exe' stop AdobeFlashPlayerHash
- '%TEMP%\nse2.tmp\ns3.tmp' <SYSTEM32>\cmd.exe /C net stop AdobeFlashPlayerHash>install.log
- '<SYSTEM32>\cmd.exe' /C net stop AdobeFlashPlayerHash>install.log
- '<SYSTEM32>\net.exe' stop AdobeFlashPlayerHash
- %TEMP%\nse2.tmp\nsExec.dll
- %TEMP%\nse2.tmp\ns3.tmp
- %TEMP%\nse2.tmp\ns4.tmp
- <SYSTEM32>\HS\parameters.ini
- <SYSTEM32>\HS\iQyGqONRP.exe
- %TEMP%\nse2.tmp\nsisdl.dll
- %TEMP%\nse2.tmp\ns3.tmp
- 'ha####remload.ru':80
- http://ha####remload.ru/pocket/HS_Svc.exe
- DNS ASK ha####remload.ru