Technical Information
- %TEMP%\jawqjta.dll
- http://f0####58.xsph.ru/Files/RIjaiotyhanysnAT.dll
- DNS ASK f0####58.xsph.ru
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 1 & Del "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 1 & Del "<Full path to file>"
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 1