Technical Information
- '%TEMP%\nsjFF36.tmp\ns8181.tmp' CMD.EXE /c INSTALL.exe
- '%TEMP%\INSTALL.exe'
- '%TEMP%\nsjFF36.tmp\ns7E26.tmp' CMD.EXE /c copy /y "%TEMP%\INSTALL.CAB" *.exe
- '%TEMP%\nsoFA75.tmp\nsFBEC.tmp' %TEMP%\load.exe
- '%TEMP%\load.exe'
- '%TEMP%\INSTALL.exe' (downloaded from the Internet)
- %TEMP%\nsjFF36.tmp\nsExec.dll
- %TEMP%\INSTALL.CAB
- %TEMP%\nsjFF36.tmp\ns7E26.tmp
- %TEMP%\nsjFF36.tmp\ns8181.tmp
- %TEMP%\INSTALL.exe
- %TEMP%\nsjFF36.tmp\nsisdl.dll
- %TEMP%\load.exe
- %TEMP%\nsoFA75.tmp\System.dll
- %TEMP%\nsoFA75.tmp\nsExec.dll
- %TEMP%\nsjFF36.tmp\System.dll
- %TEMP%\nsoFA75.tmp\nsFBEC.tmp
- %TEMP%\nsoFA75.tmp\nsFBEC.tmp
- %TEMP%\nsjFF36.tmp\System.dll
- %TEMP%\nsoFA75.tmp\System.dll
- %TEMP%\nsoFA75.tmp\nsExec.dll
- %TEMP%\nsjFF36.tmp\nsisdl.dll
- %TEMP%\nsjFF36.tmp\ns8181.tmp
- %TEMP%\nsjFF36.tmp\ns7E26.tmp
- %TEMP%\nsjFF36.tmp\nsExec.dll
- %TEMP%\INSTALL.CAB
- '0.#.0.1':80
- 'ge#####loadsfile.com':80
- ge#####loadsfile.com/file/new1.cab
- DNS ASK ge#####loadsfile.com
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: '#32770' WindowName: '(null)'