Technical Information
- %APPDATA%\ermq.exe
- 'cr####alaffair.com':80
- 'cr####alaffair.com':443
- 'x1.#.lencr.org':80
- 'x2.#.lencr.org':80
- http://www.cr####alaffair.com/wp-admin/admin-ajax.php
- http://x1.#.lencr.org/
- http://x2.#.lencr.org/
- 'cr####alaffair.com':443
- DNS ASK cr####alaffair.com
- DNS ASK x1.#.lencr.org
- DNS ASK x2.#.lencr.org
- '%APPDATA%\ermq.exe'