Technical Information
- %TEMP%\zllifdryblcvk.js
- %TEMP%\63127.24039448499.exe
- %TEMP%\92557.3620939576.exe
- http://fa###xwigs.com/AYLsw1
- http://sp####haicafe.com/4I9bwO
- http://bi####dalshop.com/RzYisV
- http://as####mmozaik.com/5Qcpwm
- http://ic####eans.com.br/HGWtEU
- http://xc##.com/waEJFS
- http://jt###custom.com/nG2tkw
- http://ha#####grangdong.com/XUvQAB
- DNS ASK ob#####interieur.com
- DNS ASK po####oals.co.uk
- DNS ASK xc##.com
- DNS ASK ip####kstore.com.br
- DNS ASK 1n###print.com
- DNS ASK em#.com.sg
- DNS ASK yu####jewels.com
- DNS ASK ic####eans.com.br
- DNS ASK as####mmozaik.com
- DNS ASK bi####dalshop.com
- DNS ASK qb###esmaid.com
- DNS ASK sp####haicafe.com
- DNS ASK lo#####tandliving.ca
- DNS ASK fa###xwigs.com
- DNS ASK en###lass.com
- DNS ASK in####t-logic.com
- DNS ASK jt###custom.com
- DNS ASK ha#####grangdong.com
- '<SYSTEM32>\wscript.exe' %TEMP%\ZlLiFDrybLcVK.js