Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4143a4531b6de0ae3131d85b597ba6de' = 'regsvr32.exe /s /n /u /i:"%APPDATA%\C89I50XZD35.txt" scrobj.dll.'
- %APPDATA%\c89i50xzd35.txt
- http://st####.##iinformationsec.com/t
- DNS ASK sm###.#loudnetwork.kz
- DNS ASK st####.#piinformation.kz
- DNS ASK se####.#scontentmaker.kz
- DNS ASK se####.#sc0nten1maker.com
- DNS ASK st####.##iinformationsec.com
- DNS ASK me#.####dcontentsmak.com
- DNS ASK ni###.##permicrotransapi.ru
- DNS ASK te#.###pisettings.kz
- DNS ASK js.#####etopdevelopment.kz
- DNS ASK no###.###tentmakersbyakamai.ru