Technical Information
- %TEMP%\lygrbzviruec.js
- %TEMP%\nfchbmp_77557.exe
- %TEMP%\nfchbmp_66550.exe
- %TEMP%\nfchbmp_2211.exe
- %TEMP%\nfchbmp_24202.exe
- 'lo###rana.com':7080
- http://ti###fly.com/L5IJDi
- http://ir##ems.com/Cg6yib
- http://vi#####shairstore.com/oaS39q
- http://pa##ra.com/2h06OR
- http://hi####ket.com.ua/tsnuaA
- http://mu###mart.com/QyZkdj
- http://sw###led.co.uk/lTKbdU
- http://lu###bling.com/UK0NdI
- http://th####ding.pictures/EnKLJk
- http://ma####obilya.com/1d9qpc
- http://gr####lounge.com/iwFqDz
- DNS ASK ti###fly.com
- DNS ASK ya##lom.ca
- DNS ASK ma####obilya.com
- DNS ASK te###-foni.com
- DNS ASK th####ding.pictures
- DNS ASK se###ecarts.com
- DNS ASK ch####utplanet.com
- DNS ASK lu###bling.com
- DNS ASK sw###led.co.uk
- DNS ASK gr####lounge.com
- DNS ASK be#####irecttohome.com
- DNS ASK hi####ket.com.ua
- DNS ASK li###orms.com
- DNS ASK pa##ra.com
- DNS ASK vi#####shairstore.com
- DNS ASK ir##ems.com
- DNS ASK te########dofgiftsandbargains.co.uk
- DNS ASK sa####boutique.com
- DNS ASK th#####dothanhly.com
- DNS ASK mu###mart.com
- DNS ASK lo###rana.com
- '<SYSTEM32>\wscript.exe' %TEMP%\lYgrbzviruEc.js