Technical Information
- %TEMP%\hirlb.js
- %TEMP%\jselkwn_31677.exe
- %TEMP%\jselkwn_74273.exe
- http://fm##30.us/BznLrm
- http://qu#####anieriviste.com/WIKuLk
- http://an####vazquez.net/1UaAWY
- http://me####esign.info/o12QeD
- http://ad####schubert.pl/7s56K8
- http://no##sys.com/EwX0sO
- http://c-##r.at/QSa8sI
- http://li##ion.net/9cRXIl
- http://ri####ncoperu.org/B3AlqT
- DNS ASK fm##30.us
- DNS ASK qu#####anieriviste.com
- DNS ASK an####vazquez.net
- DNS ASK me####esign.info
- DNS ASK ad####schubert.pl
- DNS ASK no##sys.com
- DNS ASK c-##r.at
- DNS ASK ba####nhatrang.xyz
- DNS ASK li##ion.net
- DNS ASK ri####ncoperu.org
- DNS ASK af###ityee.com
- DNS ASK be##v24.ru
- DNS ASK je###mpiotr.pl
- '<SYSTEM32>\wscript.exe' %TEMP%\hiRLb.js