Technical Information
- '%TEMP%\nsw3.tmp\ns6.tmp' net stop Lace514
- '%TEMP%\nsw3.tmp\ns5.tmp' sc stop OtherSearch
- '%TEMP%\nsw3.tmp\ns4.tmp' sc.exe query
- '<SYSTEM32>\net.exe' stop Lace514
- '<SYSTEM32>\net1.exe' stop Lace514
- '<SYSTEM32>\sc.exe' query
- '<SYSTEM32>\sc.exe' stop OtherSearch
- iexplore.exe
- opera.exe
- firefox.exe
- chrome.exe
- C:\END
- %TEMP%\nsg2.tmp
- %TEMP%\nsw3.tmp\ns5.tmp
- %TEMP%\nsw3.tmp\ns4.tmp
- 'www.cl###radds.com':80
- http://www.cl###radds.com/ext/
- DNS ASK www.cl###radds.com