Technical Information
- "%TEMP%\kjghsad.exe" (downloaded from the Internet)
- "%TEMP%\gdfstr.exe" (downloaded from the Internet)
- "%TEMP%\rterrd.exe" (downloaded from the Internet)
- %TEMP%\gdfstr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\id2[1].php
- %TEMP%\kjghsad.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\id[1].php
- %TEMP%\rterrd.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\id1[1].php
- 'ex###b10.com':80
- ex###b10.com/id2.php
- ex###b10.com/id1.php
- ex###b10.com/id.php
- DNS ASK ex###b10.com