Technical Information
- %TEMP%\xbwgesy3bescvu
- 'cm#.ro':80
- http://ka#####hacht.addr.com/jjfzp
- http://cl###fmalw.ws/0lq45
- http://www.fe##esur.es/d8tqk
- DNS ASK cm#.ro
- DNS ASK ka#####hacht.addr.com
- DNS ASK cl###fmalw.ws
- DNS ASK fe##esur.es
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\XBWGES~1.DLL,qwerty 323