Technical Information
- %TEMP%\wwllmrlljqeou.js
- %TEMP%\qhutflw_40812.exe
- %TEMP%\qhutflw_19766.exe
- %TEMP%\qhutflw_14631.exe
- http://kt###akis.com/UHqig6
- http://kt###akis.com/?la#####
- http://fm##30.us/BznLrm
- http://pv###jekt.pl/oLlqvX
- http://al####akhinin.ru/hPBy2R
- http://af###ityee.com/jkpziP
- http://ki##off.ru/WNwvki
- http://mo##.org.mk/oiNWQ0
- http://ha##mee.com/hIPTXx
- http://mc####eyhigh.org/lhAfaC
- http://c-##r.at/QSa8sI
- http://me####esign.info/o12QeD
- http://no##sys.com/EwX0sO
- http://no#####likejones.com/hati3x
- DNS ASK re#####.motociclismo.es
- DNS ASK me####esign.info
- DNS ASK c-##r.at
- DNS ASK pa###.heutagon.com
- DNS ASK mc####eyhigh.org
- DNS ASK ha##mee.com
- DNS ASK mo##.org.mk
- DNS ASK ki##off.ru
- DNS ASK am####-concerts.de
- DNS ASK no##sys.com
- DNS ASK af###ityee.com
- DNS ASK be##v24.ru
- DNS ASK me##kino.ru
- DNS ASK al####akhinin.ru
- DNS ASK pv###jekt.pl
- DNS ASK as####station.com
- DNS ASK ar####qayler.com
- DNS ASK fm##30.us
- DNS ASK kt###akis.com
- DNS ASK nw###izel.ru
- DNS ASK no#####likejones.com
- '<SYSTEM32>\wscript.exe' %TEMP%\wWLLmRLLjQEOU.js