Technical Information
- %ALLUSERSPROFILE%\Application Data\wintals.exe (downloaded from the Internet)
- %ALLUSERSPROFILE%\Application Data\winmoto.exe (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wina[1].pr
- %ALLUSERSPROFILE%\Application Data\wintals.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\winmoto[1].pr
- %ALLUSERSPROFILE%\Application Data\winmoto.exe
- 'vi####eb.qipim.ru':80
- vi####eb.qipim.ru/wina.pr
- vi####eb.qipim.ru/winmoto.pr
- DNS ASK vi####eb.qipim.ru
- '<Private IP address>':1035