Technical Information
- '%WINDIR%\Temp\_ex-08.exe'
- '%WINDIR%\Temp\_ex-68.exe'
- '%WINDIR%\Temp\_ex-08.exe' (downloaded from the Internet)
- '%WINDIR%\Temp\_ex-68.exe' (downloaded from the Internet)
- %WINDIR%\Temp\_ex-08.exe
- %WINDIR%\Temp\_ex-68.exe
- 'ae###swzl.ce.ms':80
- 'qg###vnlk.ce.ms':80
- http://ae###swzl.ce.ms/csrss.exe
- http://qg###vnlk.ce.ms/relsd22.exe
- DNS ASK ae###swzl.ce.ms
- DNS ASK qg###vnlk.ce.ms