Technical Information
- %TEMP%\ecoyzyqu.js
- http://ha##mee.com/hIPTXx
- http://ko###rkum.org/Lntxhy
- http://ro###arita.com/5NmH3b
- http://le######erryconsulting.com/gXTND7
- http://no#####likejones.com/hati3x
- http://re#####antjobs.co.uk/9cgwZ5
- http://re#####antjobs.co.uk/9cgwZ5/
- http://pu####afacile.it/JvZ9cX
- http://kw##b.it/tNTjZ2
- http://ki##off.ru/WNwvki
- http://pr#####toglass.co.nz/wMcW5Z
- http://pg####unitycab.com/FAlx1b
- http://mc####eyhigh.org/lhAfaC
- http://po###loki.ru/nbTURt
- http://po###loki.ru/404
- DNS ASK ha##mee.com
- DNS ASK pa###.heutagon.com
- DNS ASK oh###-o-d.info
- DNS ASK pg####unitycab.com
- DNS ASK as####station.com
- DNS ASK pr#####toglass.co.nz
- DNS ASK ki##off.ru
- DNS ASK am####-concerts.de
- DNS ASK kw##b.it
- DNS ASK ma###-ce.com
- DNS ASK pu####afacile.it
- DNS ASK re#####antjobs.co.uk
- DNS ASK no#####likejones.com
- DNS ASK le######erryconsulting.com
- DNS ASK ro###arita.com
- DNS ASK ko###rkum.org
- DNS ASK mc####eyhigh.org
- DNS ASK po###loki.ru
- '<SYSTEM32>\wscript.exe' %TEMP%\ECoyZYQU.js