Technical Information
- %TEMP%\bifytwvy.js
- %TEMP%\atqtvba_40429.exe
- %TEMP%\atqtvba_47856.exe
- http://pu####afacile.it/JvZ9cX
- http://ad####schubert.pl/7s56K8
- http://le######erryconsulting.com/gXTND7
- http://pr#####toglass.co.nz/wMcW5Z
- http://fm##30.us/BznLrm
- http://kv####vaya-lampa.ru/fC9qZW
- http://kt###akis.com/UHqig6
- http://kt###akis.com/?la#####
- http://c-##r.at/QSa8sI
- DNS ASK pu####afacile.it
- DNS ASK ad####schubert.pl
- DNS ASK be##v24.ru
- DNS ASK be###basol.com
- DNS ASK la###umano.cl
- DNS ASK le######erryconsulting.com
- DNS ASK ro##mind.pl
- DNS ASK pr#####toglass.co.nz
- DNS ASK fm##30.us
- DNS ASK kv####vaya-lampa.ru
- DNS ASK kt###akis.com
- DNS ASK c-##r.at
- '<SYSTEM32>\wscript.exe' %TEMP%\bIFyTwvY.js