Technical Information
- %TEMP%\blhlabxcbzntf.js
- %TEMP%\tdiiifj_39784.exe
- %TEMP%\tdiiifj_9967.exe
- http://ir##ems.com/Cg6yib
- http://ma####obilya.com/1d9qpc
- http://el###cadote.com/tTEcWD
- http://ea####tshop.com.br/fkboKu
- http://ex#####ntstorestt.com/Ivszwj
- http://be#####toolcentre.com/iHvSJf
- DNS ASK sa####boutique.com
- DNS ASK ou###or-sz.com
- DNS ASK th#####dothanhly.com
- DNS ASK ir##ems.com
- DNS ASK ma####obilya.com
- DNS ASK el###cadote.com
- DNS ASK sp#####undbyjynx.com
- DNS ASK re#####rsinsandiego.com
- DNS ASK ya##lom.ca
- DNS ASK ea####tshop.com.br
- DNS ASK ex#####ntstorestt.com
- DNS ASK be#####toolcentre.com
- '<SYSTEM32>\wscript.exe' %TEMP%\bLHLAbXCbZNTf.js