Technical Information
- %TEMP%\ecqtoeipphca.dll
- 'mu####rombali.com':80
- 'ma#####rfinancial.com':80
- http://mu####rombali.com/m5ahlo
- http://ma#####rfinancial.com/mcrpe0
- DNS ASK mu####rombali.com
- DNS ASK ma#####rfinancial.com
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\ECQTOE~1.DLL,0004