Technical Information
- %TEMP%\trjvrebjzuemk.js
- %TEMP%\jznthpr_69228.exe
- %TEMP%\jznthpr_86523.exe
- %TEMP%\jznthpr_1222.exe
- %TEMP%\jznthpr_18996.exe
- '10###nsult.com':80
- http://kw##b.it/tNTjZ2
- http://fm##30.us/BznLrm
- http://ri####ncoperu.org/B3AlqT
- http://ki##off.ru/WNwvki
- http://ro###arita.com/5NmH3b
- http://li##ion.net/9cRXIl
- http://me####esign.info/o12QeD
- http://mo##.org.mk/oiNWQ0
- http://mo##.org.mk/oiNWQ0/
- http://mu###mdate.com/mlB3PW
- DNS ASK am####-concerts.de
- DNS ASK ma###-ce.com
- DNS ASK kw##b.it
- DNS ASK fm##30.us
- DNS ASK ri####ncoperu.org
- DNS ASK ca##le78.it
- DNS ASK ki##off.ru
- DNS ASK ro###arita.com
- DNS ASK oh###-o-d.info
- DNS ASK li##ion.net
- DNS ASK ma#####iproperties.com
- DNS ASK me####esign.info
- DNS ASK mo##.org.mk
- DNS ASK mu###mdate.com
- DNS ASK 10###nsult.com
- '<SYSTEM32>\wscript.exe' %TEMP%\tRJvreBjZUEMK.js