Technical Information
- '%APPDATA%\vindowss.exe'
- '' (downloaded from the Internet)
- %APPDATA%\vindowss.txt
- from %APPDATA%\vindowss.txt to %APPDATA%\vindowss.exe
- 'ci####irizmir.net':80
- http://ci####irizmir.net/bot/vindowss.exe
- DNS ASK ci####irizmir.net
- ClassName: 'MS_WINHELP' WindowName: ''