Technical Information
- '%TEMP%\rtnzqs.exe'
- '%TEMP%\gigfwc.exe'
- '%TEMP%\ikvnnz.exe'
- '%TEMP%\gigfwc.exe' (downloaded from the Internet)
- '%TEMP%\ikvnnz.exe' (downloaded from the Internet)
- '%TEMP%\rtnzqs.exe' (downloaded from the Internet)
- %TEMP%\rtnzqs.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\gigfwc[1].exe
- %TEMP%\gigfwc.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ikvnnz[1].exe
- %TEMP%\ikvnnz.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\rtnzqs[1].exe
- 'pi###stx.com':80
- pi###stx.com/nvber/gigfwc.exe
- pi###stx.com/nvber/rtnzqs.exe
- pi###stx.com/nvber/ikvnnz.exe
- DNS ASK pi###stx.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'