They use Security Shield rogue.
Some crap with PECompact 2
Infection dropped into
C:\Documents and Settings\(user)\Local Settings\Application Data
Anti vm/sandbox, usual stuff..
Following IP's was identified.
The distribution system seem also got links with Bitcoin mining botnet
Edit 09 Sep:Domain changed:
Statistic temporarily disabled: