Technical Information
- %TEMP%\nsaeb33.tmp
- %TEMP%\guqf296\xppid.exe
- %TEMP%\guqf296\we.dat
- %TEMP%\guqf296\vh.dat
- %TEMP%\guqf296\en.dat
- %TEMP%\nsfeba1.tmp\nsisdl.dll
- %TEMP%\nsfeba1.tmp\dcryptdll.dll
- %TEMP%\guqf296\we.exe
- %TEMP%\guqf296\vh.exe
- %TEMP%\guqf296\en.exe
- %TEMP%\guqf296\we.dat
- %TEMP%\guqf296\vh.dat
- %TEMP%\guqf296\en.dat
- %TEMP%\guqf296\we.exe
- %TEMP%\guqf296\vh.exe
- %TEMP%\nsfeba1.tmp\dcryptdll.dll
- %TEMP%\nsfeba1.tmp\nsisdl.dll
- http://x2#.####0520.wrs.mcboo.com/retadpu.exe
- http://zi#f.pl/cr/load.exe?i=##
- DNS ASK ad###.#averevenue.com
- DNS ASK x2#.####0520.wrs.mcboo.com
- DNS ASK zi#f.pl
- '%TEMP%\guqf296\xppid.exe'
- '%TEMP%\guqf296\we.exe'
- '%TEMP%\guqf296\en.exe'