Technical Information
- %TEMP%\rad99d6a.tmp
- 'bu###hana.com':80
- 'ta####ective.org':80
- http://bu###hana.com/wp-content/cache/busting/1c.jpg
- http://ta####ective.org/wp-content/themes/grandcollege_v1-08/stylesheet/ie-fix/1c.jpg
- DNS ASK bu###hana.com
- DNS ASK ta####ective.org
- '<SYSTEM32>\cmd.exe' /c %TEMP%\rad99D6A.tmp' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\rad99D6A.tmp
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %TEMP%\rad99D6A.tmp