Technical Information
- <SYSTEM32>\santito.exe
- <SYSTEM32>\outeroca.exe
- <SYSTEM32>\visual.exe
- <SYSTEM32>\outeroca.exe (downloaded from the Internet)
- <SYSTEM32>\visual.exe (downloaded from the Internet)
- <SYSTEM32>\santito.exe (downloaded from the Internet)
- %WINDIR%\explorer.exe
- <SYSTEM32>\santito.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\outeroca[1].exe
- <SYSTEM32>\outeroca.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\santito[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\visual[1].exe
- <SYSTEM32>\visual.exe
- 'dl.##opbox.com':80
- 'localhost':1036
- dl.##opbox.com/u/26679418/edjovem/outeroca.exe
- dl.##opbox.com/u/26679418/edjovem/benevolo.exe
- dl.##opbox.com/u/26679418/edjovem/visual.exe
- dl.##opbox.com/u/26679418/edjovem/santito.exe
- DNS ASK dl.##opbox.com
- '<Private IP address>':1037
- ClassName: '' WindowName: 'GINA Logon'
- ClassName: '' WindowName: ''