Technical Information
- %TEMP%\kiqrojoof.js
- %TEMP%\yszgxds_78903.exe
- %TEMP%\yszgxds_34651.exe
- http://kt###akis.com/UHqig6
- http://kt###akis.com/?la#####
- http://pg####unitycab.com/FAlx1b
- http://mo##.org.mk/oiNWQ0
- http://kw##b.it/tNTjZ2
- http://li##ion.net/9cRXIl
- http://re#####antjobs.co.uk/9cgwZ5
- http://re#####antjobs.co.uk/9cgwZ5/
- http://li##roup.ru/vV9c7l
- http://ro###arita.com/5NmH3b
- http://ha##mee.com/hIPTXx
- http://ki##off.ru/WNwvki
- http://me####esign.info/o12QeD
- DNS ASK kt###akis.com
- DNS ASK ak##rd.com
- DNS ASK ha##mee.com
- DNS ASK ro###arita.com
- DNS ASK li##roup.ru
- DNS ASK re#####antjobs.co.uk
- DNS ASK li##ion.net
- DNS ASK mi#######press-randburg.co.za
- DNS ASK kw##b.it
- DNS ASK ar####qayler.com
- DNS ASK be######bersindallas.com
- DNS ASK ma####nkostyle.net
- DNS ASK ba####nhatrang.xyz
- DNS ASK mo##.org.mk
- DNS ASK me##kino.ru
- DNS ASK pg####unitycab.com
- DNS ASK ki##off.ru
- DNS ASK me####esign.info
- '<SYSTEM32>\wscript.exe' %TEMP%\kIQROjooF.js