Technical Information
- %TEMP%\nltqkxlrgjig.js
- %TEMP%\smqwzwg_29387.exe
- %TEMP%\smqwzwg_60284.exe
- %TEMP%\smqwzwg_72873.exe
- http://af###ityee.com/jkpziP
- http://ak##rd.com/R4yjhg
- http://no#####likejones.com/hati3x
- http://mc####eyhigh.org/lhAfaC
- http://li##ion.net/9cRXIl
- http://am##sur.com/sJIEQB
- http://al####akhinin.ru/hPBy2R
- http://ma###-ce.com/n859VM
- http://po###loki.ru/nbTURt
- http://po###loki.ru/404
- DNS ASK af###ityee.com
- DNS ASK ak##rd.com
- DNS ASK me##kino.ru
- DNS ASK be##v24.ru
- DNS ASK no#####likejones.com
- DNS ASK mc####eyhigh.org
- DNS ASK ar####qayler.com
- DNS ASK li##ion.net
- DNS ASK am##sur.com
- DNS ASK al####akhinin.ru
- DNS ASK ma####nkostyle.net
- DNS ASK ma###-ce.com
- DNS ASK bi#####prservices.com
- DNS ASK oh###-o-d.info
- DNS ASK po###loki.ru
- '<SYSTEM32>\wscript.exe' %TEMP%\nltQkXLRGjig.js