Technical Information
- '%ALLUSERSPROFILE%\Application Data\iwdefender.exe'
- %ALLUSERSPROFILE%\Desktop\Internet Security PRO.lnk
- %ALLUSERSPROFILE%\Application Data\iwdefender
- from %ALLUSERSPROFILE%\Application Data\iwdefender to %ALLUSERSPROFILE%\Application Data\iwdefender.exe
- from <Full path to virus> to %TEMP%\2.tmp
- 'ci###myn.com':80
- 'tw###cam.net':80
- tw###cam.net/images/s.php?id###
- DNS ASK ci###myn.com
- DNS ASK tw###cam.net