Technical Information
- %TEMP%\a83ee.tmp
- %TEMP%\wrz..bat
- %TEMP%\a83ee.tmp
- DNS ASK fa####tionart.com
- DNS ASK gi####oodart.com
- DNS ASK fl####rtssite.com
- '%WINDIR%\syswow64\cmd.exe' /q /c "%TEMP%\Wrz..bat" > nul 2> nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /q /c "%TEMP%\Wrz..bat" > nul 2> nul