Technical Information
- %TEMP%\nsr2.tmp
- %TEMP%\7za.exe
- %TEMP%\a1.7z
- %TEMP%\a2.7z
- %TEMP%\nsp3.tmp\ExecDos.dll
- %TEMP%\wiretest.exe
- %TEMP%\nsr5.tmp
- <SYSTEM32>\ieframe.dll
- %TEMP%\tmpurl.txt
- %TEMP%\setupv.exe
- %TEMP%\RGI7.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\loud[1].html
- %TEMP%\nsp3.tmp\ExecDos.dll
- %TEMP%\RGI7.tmp
- %TEMP%\tmpurl.txt
- 'localhost':1038
- 'sh####melive.com':80
- http://www.sh####melive.com/loud.html via sh####melive.com
- DNS ASK www.sh####melive.com
- ClassName: 'Button' WindowName: 'OK'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: 'File Download - Security Warning'
- '%TEMP%\7za.exe' x %TEMP%\a2.7z -aoa -o%HOMEPATH%\Local Settings\Temp -pmilfsex
- '%TEMP%\7za.exe' x %TEMP%\a1.7z -aoa -o%HOMEPATH%\Local Settings\Temp -pmilfsex
- '%TEMP%\wiretest.exe'
- '%TEMP%\setupv.exe'