Technical Information
- %ALLUSERSPROFILE%\Application Data\gwr\wsav.exe (downloaded from the Internet)
- %TEMP%\nsh2.tmp\NSISdl.dll
- %ALLUSERSPROFILE%\Application Data\gwr\wsav.exe
- %TEMP%\nsh2.tmp\exdll.dll
- <DRIVERS>\etc\h1
- %TEMP%\nsh2.tmp\UAC.dll
- <DRIVERS>\etc\hosts
- 'zp##.##een-av-pro.com':80
- zp##.##een-av-pro.com/P4AE4B40F4E24AB1018CF0/wsav.ttt
- DNS ASK zp##.##een-av-pro.com
- '<Private IP address>':1035