Technical Information
- %TEMP%\lfbeyscosyrwxa.js
- %TEMP%\pvwlmfy_31354.exe
- %TEMP%\pvwlmfy_32361.exe
- http://sw###led.co.uk/lTKbdU
- http://mu###mart.com/QyZkdj
- http://hi####ket.com.ua/tsnuaA
- http://pa###oards.com/8KJZdt
- http://my###tstore.com/LSGA6M
- http://ci#####tinhas.com.br/3I5ySB
- http://el###cadote.com/tTEcWD
- http://ar###angown.com/dKclwM
- http://ti###fly.com/L5IJDi
- http://is###lstyle.com/gqD9aA
- http://gr####lounge.com/iwFqDz
- http://wh#######.undercovermama.com/zJm4Cd
- http://be#####toolcentre.com/iHvSJf
- http://ea####tshop.com.br/fkboKu
- http://ha##tto.com/Syik4D
- DNS ASK bw###bler.se
- DNS ASK ea####tshop.com.br
- DNS ASK be#####toolcentre.com
- DNS ASK wh#######.undercovermama.com
- DNS ASK sh#######atrizexpress.com.br
- DNS ASK gr####lounge.com
- DNS ASK is###lstyle.com
- DNS ASK ti###fly.com
- DNS ASK ar###angown.com
- DNS ASK el###cadote.com
- DNS ASK es###tyvest.com
- DNS ASK ci#####tinhas.com.br
- DNS ASK my###tstore.com
- DNS ASK sh####mejewelry.com
- DNS ASK ch####utplanet.com
- DNS ASK pa###oards.com
- DNS ASK di#####tbandmerch.com
- DNS ASK hn###tore.com
- DNS ASK hi####ket.com.ua
- DNS ASK mu###mart.com
- DNS ASK sw###led.co.uk
- DNS ASK su###fo.com.br
- DNS ASK ha##tto.com
- '<SYSTEM32>\wscript.exe' %TEMP%\LFBEyScosyrwXa.js