Technical Information
- "%TEMP%\kjghsad.exe" (downloaded from the Internet)
- "%TEMP%\kghjdfg.exe" (downloaded from the Internet)
- "%TEMP%\rterrd.exe" (downloaded from the Internet)
- "%TEMP%\gdfstr.exe" (downloaded from the Internet)
- %TEMP%\kjghsad.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\ex[1].php
- %TEMP%\kghjdfg.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\ex[1].php
- %TEMP%\rterrd.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ex[1].php
- %TEMP%\gdfstr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\ex[1].php
- 'as####ornfantasy.in':80
- as####ornfantasy.in/dl/ex.php?2
- as####ornfantasy.in/dl/ex.php?3
- as####ornfantasy.in/dl/ex.php?0
- as####ornfantasy.in/dl/ex.php?1
- DNS ASK as####ornfantasy.in
- '<Private IP address>':1033