Technical Information
- '%TEMP%\Zango\messenger\INSTAL~1.EXE' (downloaded from the Internet)
- '%TEMP%\Zango\messenger\BIDULA~1.EXE' (downloaded from the Internet)
- %TEMP%\Zango\messenger\~GLH0000.TMP
- %TEMP%\Zango\messenger\~GLH0001.TMP
- %TEMP%\GLC1.tmp
- %TEMP%\GLM2.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLM2.tmp
- from %TEMP%\Zango\messenger\~GLH0001.TMP to %TEMP%\Zango\messenger\InstallerShell.exe
- from %TEMP%\Zango\messenger\~GLH0000.TMP to %TEMP%\Zango\messenger\Bidulator.exe
- 'do####ads.zango.com':80
- do####ads.zango.com/ZangoApps/InstallFiles/Messenger/DPA0001/InstallerShell.exe
- do####ads.zango.com/ZangoApps/InstallFiles/Messenger/DPA0001/Bidulator.exe
- DNS ASK do####ads.zango.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'