Technical Information
- "%TEMP%\smarts32.exe" (downloaded from the Internet)
- "%TEMP%\stmhosts.exe" (downloaded from the Internet)
- "%TEMP%\stmhste.exe" (downloaded from the Internet)
- %TEMP%\stmhosts.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\getloader[1].php
- %TEMP%\smarts32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\winsock[1].exe
- %TEMP%\~g7632.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\in[1]
- %TEMP%\stmhste.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\dl[1].php
- %TEMP%\~g7632.tmp
- '20#.#2.108.213':80
- 'www.ho#.ee':80
- 'xt###oad.net':80
- 'localhost':1035
- '79.##5.181.138':80
- 20#.#2.108.213/getloader.php?id###
- www.ho#.ee/jarik/winsock.exe
- 79.##5.181.138/cgi-bin/in.cgi?l=###
- xt###oad.net/dl.php?ai########
- DNS ASK www.ho#.ee
- DNS ASK xt###oad.net