Technical Information
- C:\winsys\BROWN.exe (downloaded from the Internet)
- C:\winsys\wmita.exe (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\wmita[1].exe
- C:\winsys\wsan.exe
- C:\winsys\wmita.exe
- C:\winsys\BROWN.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\BROWN[1].exe
- C:\winsys\wmi.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wmi[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wmsan[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\wsan[1].exe
- C:\winsys\wmsan.exe
- 's3.###zonaws.com':80
- 'localhost':1035
- s3.###zonaws.com/marinho/wmita.exe
- s3.###zonaws.com/marinho/BROWN.exe
- s3.###zonaws.com/marinho/wsan.exe
- s3.###zonaws.com/marinho/wmi.dll
- s3.###zonaws.com/marinho/wmsan.exe
- DNS ASK s3.###zonaws.com
- '<Private IP address>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''