Technical Information
- %TEMP%\rdaysykeivyp.js
- %TEMP%\zwxlywi_90096.exe
- %TEMP%\zwxlywi_17646.exe
- http://ea####tshop.com.br/fkboKu
- http://be#####toolcentre.com/iHvSJf
- http://th####ding.pictures/EnKLJk
- http://ma###elight.com/JBmCpi
- http://tu####citytour.com/SxOi2P
- http://sw###led.co.uk/lTKbdU
- http://ir##ems.com/Cg6yib
- http://mu###mart.com/QyZkdj
- http://ph##ci.in/7SC0vA
- http://el###cadote.com/tTEcWD
- DNS ASK ea####tshop.com.br
- DNS ASK na##tet.com
- DNS ASK 17####public.com
- DNS ASK su###fo.com.br
- DNS ASK bw###bler.se
- DNS ASK ya##lom.ca
- DNS ASK ph##ci.in
- DNS ASK di#####tbandmerch.com
- DNS ASK ex#####onellehair.com
- DNS ASK st#####ryourhome.co.uk
- DNS ASK mu###mart.com
- DNS ASK sw###led.co.uk
- DNS ASK ob###ate.com
- DNS ASK tu####citytour.com
- DNS ASK ma###elight.com
- DNS ASK ho####tphuvinh.com
- DNS ASK ca###ecakes.com
- DNS ASK th####ding.pictures
- DNS ASK be#####toolcentre.com
- DNS ASK ir##ems.com
- DNS ASK el###cadote.com
- '<SYSTEM32>\wscript.exe' %TEMP%\rDaYsYkeIVYp.js