Technical Information
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1456
- %APPDATA%\1c159.xsl
- %TEMP%\1103301.cvr
- %WINDIR%\temp\48x7d.dll
- 'om###mart.com':80
- 'al#####cancun.com.mx':80
- http://al#####cancun.com.mx/wp-content/themes/vw-security-guard/template-parts/header/dvhW3tqNnyOlf.php
- DNS ASK iv####rusglobal.com
- DNS ASK kl###en.com.br
- DNS ASK me##one.com
- DNS ASK te#####rtonburger.com
- DNS ASK om###mart.com
- DNS ASK ku###oding.com
- DNS ASK al#####cancun.com.mx
- ClassName: 'cONSOLeWIndOwcLAsS' WindowName: ''
- '<SYSTEM32>\wbem\wmic.exe'
- '<SYSTEM32>\rundll32.exe' C:/Windows/Temp//48x7d.dll InitHelperDll
- '<SYSTEM32>\wbem\wmic.exe' ' (with hidden window)