Technical Information
- <SYSTEM32>\wmonfiis.exe (downloaded from the Internet)
- <SYSTEM32>\wmonjur.exe (downloaded from the Internet)
- <SYSTEM32>\wmonplu.exe (downloaded from the Internet)
- <SYSTEM32>\wmonjur.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wmonfiis[1].jpg
- <SYSTEM32>\wmonfiis.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wmonjur[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wmonplu[1].jpg
- <SYSTEM32>\wmonplu.exe
- %TEMP%\~DFA078.tmp
- 'co#####etavares.com.br':80
- 'localhost':1035
- co#####etavares.com.br/wmonfiis.jpg
- co#####etavares.com.br/wmonjur.jpg
- co#####etavares.com.br/wmonplu.jpg
- DNS ASK co#####etavares.com.br
- '<Private IP address>':1036