Technical Information
- %TEMP%\virus.exe
- %TEMP%\AimBoot.exe
- %TEMP%\virus.exe (downloaded from the Internet)
- %TEMP%\virus.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Dragon%20Crypter[1].exe
- %TEMP%\AimBoot.exe
- <Full path to virus>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Dragon%20Crypter[1].exe
- 'r0###.brazi.us':80
- r0###.brazi.us/r00t/Dragon%20Crypter.exe
- DNS ASK r0###.brazi.us