Technical Information
- '%WINDIR%\Temp\_ex-08.exe'
- '%WINDIR%\Temp\_ex-68.exe'
- '%WINDIR%\Temp\_ex-08.exe' (downloaded from the Internet)
- '%WINDIR%\Temp\_ex-68.exe' (downloaded from the Internet)
- %WINDIR%\Temp\_ex-08.exe
- %WINDIR%\Temp\_ex-68.exe
- 'xa##ton.in':80
- 'lo##eut.in':80
- http://xa##ton.in/notepad.exe
- http://lo##eut.in/veresk1.exe
- DNS ASK xa##ton.in
- DNS ASK lo##eut.in