Technical Information
- %TEMP%\xgexol3
- %TEMP%\xgexol3.dll
- http://he####errick.com/g76dbf?wz###############
- http://od##ium.com/g76dbf?wz###############
- DNS ASK be#####giftsuk.co.uk
- DNS ASK he####errick.com
- DNS ASK od##ium.com
- '<SYSTEM32>\rundll32.exe' %LOCALAPPDATA%\Temp/XGeXol3.dll,qwerty' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %LOCALAPPDATA%\Temp/XGeXol3.dll,qwerty