Техническая информация
- %TEMP%\rhfuc.js
- %TEMP%\bquktyn_62267.exe
- %TEMP%\bquktyn_10461.exe
- 'lo###rana.com':7080
- http://ph##ci.in/7SC0vA
- http://ci#####tinhas.com.br/3I5ySB
- http://is###lstyle.com/gqD9aA
- http://ro##da.com/tw5MeF
- http://na##om.com/6K13lL
- http://si####gems.com.au/lczTQ6
- DNS ASK di#####tbandmerch.com
- DNS ASK ph##ci.in
- DNS ASK hn###tore.com
- DNS ASK ci#####tinhas.com.br
- DNS ASK hh##.#x3webs.com
- DNS ASK is###lstyle.com
- DNS ASK ro##da.com
- DNS ASK 17####public.com
- DNS ASK na##om.com
- DNS ASK si####gems.com.au
- DNS ASK ma###goods.com
- DNS ASK ir#####ganics.com.au
- DNS ASK lo###rana.com
- '<SYSTEM32>\wscript.exe' %TEMP%\rhFuC.js