Technical Information
- %TEMP%\elhbpfjyqiebl.js
- %TEMP%\tzyjpdx_17132.exe
- %TEMP%\tzyjpdx_32589.exe
- 'lo###rana.com':7080
- http://ta###iti.com/MfZwxQ
- http://da###arine.com/0YEkg2
- http://rh###obal.com/HiY4EN
- http://ed##kb.ru/g9UReM
- http://th####yhorse.com/UK3BvT
- http://na##om.com/6K13lL
- http://in####astminute.com/3TFsAP
- http://ex#####ntstorestt.com/Ivszwj
- http://sw###led.co.uk/lTKbdU
- http://ar###angown.com/dKclwM
- http://pu###apart.com/YCDUH9
- http://el###cadote.com/tTEcWD
- DNS ASK ta###iti.com
- DNS ASK pu###apart.com
- DNS ASK ar###angown.com
- DNS ASK sw###led.co.uk
- DNS ASK re######vewebtemplate.com
- DNS ASK ma###elight.com
- DNS ASK sh#######atrizexpress.com.br
- DNS ASK ne###ws.com.br
- DNS ASK ex#####ntstorestt.com
- DNS ASK in####astminute.com
- DNS ASK hu######lsuppliesmfg.com
- DNS ASK na##om.com
- DNS ASK th####yhorse.com
- DNS ASK ed##kb.ru
- DNS ASK rh###obal.com
- DNS ASK su###fo.com.br
- DNS ASK da###arine.com
- DNS ASK th####ding.pictures
- DNS ASK el###cadote.com
- DNS ASK lo###rana.com
- '<SYSTEM32>\wscript.exe' %TEMP%\elHBPFjYQiebl.js