Technical Information
- %TEMP%\azafr.js
- http://c-##r.at/QSa8sI
- http://re#####antjobs.co.uk/9cgwZ5
- http://re#####antjobs.co.uk/9cgwZ5/
- http://no#####likejones.com/hati3x
- http://mc####eyhigh.org/lhAfaC
- http://kv####vaya-lampa.ru/fC9qZW
- http://li##roup.ru/vV9c7l
- http://kw##b.it/tNTjZ2
- http://am##sur.com/sJIEQB
- http://pr#####toglass.co.nz/wMcW5Z
- DNS ASK c-##r.at
- DNS ASK be##v24.ru
- DNS ASK la###umano.cl
- DNS ASK pa###.heutagon.com
- DNS ASK oh###-o-d.info
- DNS ASK am##sur.com
- DNS ASK kw##b.it
- DNS ASK nw###izel.ru
- DNS ASK li##roup.ru
- DNS ASK bi#####prservices.com
- DNS ASK kv####vaya-lampa.ru
- DNS ASK mc####eyhigh.org
- DNS ASK kt###akis.com
- DNS ASK no#####likejones.com
- DNS ASK ma#####iproperties.com
- DNS ASK as####station.com
- DNS ASK re#####antjobs.co.uk
- DNS ASK be###basol.com
- DNS ASK mi#######press-randburg.co.za
- DNS ASK am####-concerts.de
- DNS ASK pr#####toglass.co.nz
- DNS ASK pg####unitycab.com
- '<SYSTEM32>\wscript.exe' %TEMP%\AzAFR.js