Technical Information
- '' (downloaded from the Internet)
- %TEMP%\nsy2.tmp
- %TEMP%\nst3.tmp\nsCommands3.dll
- %APPDATA%\temp\V3Lit9_SM.exe
- %TEMP%\nst3.tmp\nsCmds2.dll
- %TEMP%\nst3.tmp\nsCmds2.dll
- %TEMP%\nst3.tmp\nsCommands3.dll
- <Full path to file>
- 'm.####ngicon.net':80
- http://m.####ngicon.net/fdwn/V3Lit9_SM.exe
- DNS ASK m.####ngicon.net
- '%APPDATA%\temp\V3Lit9_SM.exe'
- '<SYSTEM32>\cmd.exe' /c del <Full path to file>