Technical Information
- '%WINDIR%\Temp\_ex-08.exe'
- '%WINDIR%\Temp\_ex-68.exe'
- '%WINDIR%\Temp\_ex-08.exe' (downloaded from the Internet)
- '%WINDIR%\Temp\_ex-68.exe' (downloaded from the Internet)
- %WINDIR%\Temp\_ex-08.exe
- %WINDIR%\Temp\_ex-68.exe
- 'ga##uol.in':80
- 'xi##rca.in':80
- http://ga##uol.in/notepad.exe
- http://xi##rca.in/veresk1.exe
- DNS ASK ga##uol.in
- DNS ASK xi##rca.in