Technical Information
- %TEMP%\chttsnfyluynh.js
- %TEMP%\16544.005107348035.exe
- %TEMP%\59785.779343501315.exe
- http://jt###custom.com/nG2tkw
- http://dl###curity.com/xCNaXQ
- http://as####mmozaik.com/5Qcpwm
- http://fl###ronics.com/S0ayo3
- http://au#####icwickedwear.com/gOSw1u
- http://su####ime.com.au/ZcDiRz
- http://hk##sh.com/F4Q1l6
- DNS ASK de#####riaitalia.com
- DNS ASK lx####ing.com.sg
- DNS ASK ne##rre.com
- DNS ASK ph###tphcm.com
- DNS ASK jt###custom.com
- DNS ASK ec##ers.com
- DNS ASK mo#######dafricantextiles.com
- DNS ASK en###lass.com
- DNS ASK dl###curity.com
- DNS ASK as####mmozaik.com
- DNS ASK da###ren.com.br
- DNS ASK fl###ronics.com
- DNS ASK au#####icwickedwear.com
- DNS ASK su####ime.com.au
- DNS ASK hk##sh.com
- '<SYSTEM32>\wscript.exe' %TEMP%\CHTtsnfYLuYnh.js