Technical Information
- %TEMP%\rcu0bmjl
- %TEMP%\rcu0bmjl.dll
- '21#.#40.104.2':80
- http://80.##1.232.207/tpryd9
- http://www.me##.metro.ru/uumr65
- DNS ASK tw####pitals.com
- DNS ASK me##.metro.ru
- DNS ASK vi###lw.name
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\RCU0bMJL.dll,qwerty 323