Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '20985e2661ffcc830eaa151c06a30e77' = 'regsvr32.exe /s /n /u /i:"%APPDATA%\UD22ADY673H.txt" scrobj.dll.'
- %APPDATA%\ud22ady673h.txt
- http://st####.##iinformationsec.com/t
- DNS ASK sm###.#loudnetwork.kz
- DNS ASK st####.#piinformation.kz
- DNS ASK se####.#scontentmaker.kz
- DNS ASK se####.#sc0nten1maker.com
- DNS ASK st####.##iinformationsec.com
- DNS ASK me#.####dcontentsmak.com
- DNS ASK ni###.##permicrotransapi.ru
- DNS ASK te#.###pisettings.kz
- DNS ASK js.#####etopdevelopment.kz
- DNS ASK no###.###tentmakersbyakamai.ru