Technical Information
- %TEMP%\qkuwxtbhr.js
- %TEMP%\segrfvd_5893.exe
- %TEMP%\segrfvd_26713.exe
- http://mc####eyhigh.org/lhAfaC
- http://le######erryconsulting.com/gXTND7
- http://ma#####iproperties.com/pQIJGB
- http://pr#####toglass.co.nz/wMcW5Z
- http://ri####ncoperu.org/B3AlqT
- http://fm##30.us/BznLrm
- http://no#####likejones.com/hati3x
- http://re#####antjobs.co.uk/9cgwZ5
- http://re#####antjobs.co.uk/9cgwZ5/
- http://me####esign.info/o12QeD
- http://pv###jekt.pl/oLlqvX
- http://ma###-ce.com/n859VM
- http://kv####vaya-lampa.ru/fC9qZW
- DNS ASK oh###-o-d.info
- DNS ASK mc####eyhigh.org
- DNS ASK le######erryconsulting.com
- DNS ASK ma#####iproperties.com
- DNS ASK pr#####toglass.co.nz
- DNS ASK ri####ncoperu.org
- DNS ASK fm##30.us
- DNS ASK no#####likejones.com
- DNS ASK be##v24.ru
- DNS ASK re#####antjobs.co.uk
- DNS ASK me####esign.info
- DNS ASK pv###jekt.pl
- DNS ASK ma###-ce.com
- DNS ASK kv####vaya-lampa.ru
- '<SYSTEM32>\wscript.exe' %TEMP%\qKuWXTbHR.js