Technical Information
- %TEMP%\hymhqxeucw.js
- %TEMP%\guuqqtn_63543.exe
- %TEMP%\guuqqtn_23184.exe
- 'au###agic.co.at':80
- http://bh####afoods.com/AJZWId
- http://bo##nz.net/zlsFhm
- http://az##s.com/BCxfzy
- http://b2####daction.fr/8IB6TP
- http://ba####sgarden.com/FXPosh
- http://bi#####inovasyon.org.tr/M4W7Hi
- http://ba###ehype.com/plzg3U
- http://au####oncepts.org/GdEpDm
- http://ar##it.ru/QRspKz
- http://au#####ictherapy.com/GpsCve
- http://bi###ebel.net/KyFfgv
- http://at###tisfood.pl/KFXDB9
- http://ba####thingz.com/FBsQtK
- DNS ASK bh####afoods.com
- DNS ASK bl##.#obrystolik.pl
- DNS ASK at###tisfood.pl
- DNS ASK bi###ebel.net
- DNS ASK at###tic-co.com
- DNS ASK ba####tsmarried.com
- DNS ASK au#####ictherapy.com
- DNS ASK ar##it.ru
- DNS ASK ba##aal.com
- DNS ASK au####oncepts.org
- DNS ASK as###urid.net
- DNS ASK ba###ehype.com
- DNS ASK bi#####inovasyon.org.tr
- DNS ASK av#####nelcrafts.com
- DNS ASK ax###overs.com
- DNS ASK ba##son.ru
- DNS ASK ba####sgarden.com
- DNS ASK b2####daction.fr
- DNS ASK az##s.com
- DNS ASK bo##nz.net
- DNS ASK ba####thingz.com
- DNS ASK au###agic.co.at
- '<SYSTEM32>\wscript.exe' %TEMP%\hyMhqxeUcW.js