Technical Information
- %TEMP%\vzlwlsaqz.js
- %TEMP%\rqsxxsc_74712.exe
- 'lo###rana.com':7080
- http://wh#######.undercovermama.com/zJm4Cd
- http://ti###fly.com/L5IJDi
- http://pu###apart.com/YCDUH9
- http://my###tstore.com/LSGA6M
- http://go###zon.com/6WcNjA
- http://ma####obilya.com/1d9qpc
- DNS ASK wh#######.undercovermama.com
- DNS ASK ti###fly.com
- DNS ASK pu###apart.com
- DNS ASK my###tstore.com
- DNS ASK go###zon.com
- DNS ASK tr######alsforhotels.com
- DNS ASK ya##lom.ca
- DNS ASK bw###bler.se
- DNS ASK be####achtayduc.net
- DNS ASK th#####dothanhly.com
- DNS ASK ma####obilya.com
- DNS ASK lo###rana.com
- '<SYSTEM32>\wscript.exe' %TEMP%\vzLWlSAQZ.js