Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\jwuiufre.lnk
- <SYSTEM32>\tasks\opera scheduled autoupdate 3131961357
- https://u.teknik.io/u6ssu.txt as %temp%\yvetqqyefi.exe
- %TEMP%\yvetqqyefi.exe
- %APPDATA%\microsoft\windows\jwuiufre\avivfsav.exe
- %APPDATA%\microsoft\windows\jwuiufre\avivfsav.exe
- %TEMP%\yvetqqyefi.exe
- 'u.##knik.io':443
- 'ms###csi.com':80
- 'cm##re.ca':80
- http://cm##re.ca/1/
- DNS ASK u.##knik.io
- DNS ASK cm##re.ca
- '%TEMP%\yvetqqyefi.exe'