Technical Information
- %TEMP%\vzlwlsaqz.js
- %TEMP%\rqsxxsc_64731.exe
- %TEMP%\rqsxxsc_24432.exe
- 'hn###tore.com':80
- http://wh#######.undercovermama.com/zJm4Cd
- http://ti###fly.com/L5IJDi
- http://pu###apart.com/YCDUH9
- http://my###tstore.com/LSGA6M
- http://go###zon.com/6WcNjA
- http://ma####obilya.com/1d9qpc
- http://na##om.com/6K13lL
- http://ro##da.com/tw5MeF
- http://pa##ra.com/2h06OR
- DNS ASK wh#######.undercovermama.com
- DNS ASK pa##ra.com
- DNS ASK wl###tore.com
- DNS ASK ro##da.com
- DNS ASK na##om.com
- DNS ASK lo###rana.com
- DNS ASK ma####obilya.com
- DNS ASK th#####dothanhly.com
- DNS ASK be####achtayduc.net
- DNS ASK bw###bler.se
- DNS ASK ya##lom.ca
- DNS ASK tr######alsforhotels.com
- DNS ASK go###zon.com
- DNS ASK my###tstore.com
- DNS ASK pu###apart.com
- DNS ASK ti###fly.com
- DNS ASK hu######lsuppliesmfg.com
- DNS ASK hn###tore.com
- '<SYSTEM32>\wscript.exe' %TEMP%\vzLWlSAQZ.js