Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Ookej' = '%PROGRAMDATA%\afcojq\Ookej.url'
- iibfu.exe
- %PROGRAMDATA%\afcojq\iibfu.exe
- %PROGRAMDATA%\afcojq\ookej.url
- %APPDATA%\clientview\04-04-2020
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- DNS ASK si###ncurl.de
- '%PROGRAMDATA%\afcojq\iibfu.exe'