Technical Information
- '%TEMP%\IdZroGzeve.exe' (downloaded from the Internet)
- '%TEMP%\SOveCzQHEHWCgYlF4rVR.exe' (downloaded from the Internet)
- '%TEMP%\IdZroGzeve.exe' 57a764d042bf8
- '%TEMP%\SOveCzQHEHWCgYlF4rVR.exe'
- %TEMP%\IdZroGzeve.exe
- %TEMP%\SOveCzQHEHWCgYlF4rVR.exe
- 'ni###atioto.com':80
- 'wp#d':80
- http://ni###atioto.com/get/3/wizzcaster_v2.exe
- http://ni###atioto.com/get/4/remote.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ni###atioto.com
- DNS ASK wp#d