Technical Information
- %TEMP%\fvttmr.js
- %TEMP%\cknopeo_85261.exe
- %TEMP%\cknopeo_95577.exe
- %TEMP%\cknopeo_21423.exe
- http://no##sys.com/EwX0sO
- http://no#####likejones.com/hati3x
- http://me####esign.info/o12QeD
- http://fm##30.us/BznLrm
- http://pu####afacile.it/JvZ9cX
- http://mc####eyhigh.org/lhAfaC
- http://li##roup.ru/vV9c7l
- http://li##ion.net/9cRXIl
- http://mu###mdate.com/mlB3PW
- http://je###mpiotr.pl/IiJlGp
- http://af###ityee.com/jkpziP
- http://pr#####toglass.co.nz/wMcW5Z
- DNS ASK no##sys.com
- DNS ASK ba###ashion.ru
- DNS ASK je###mpiotr.pl
- DNS ASK mu###mdate.com
- DNS ASK li##ion.net
- DNS ASK ca##le78.it
- DNS ASK li##roup.ru
- DNS ASK re#####.motociclismo.es
- DNS ASK af###ityee.com
- DNS ASK ma###-ce.com
- DNS ASK mc####eyhigh.org
- DNS ASK pu####afacile.it
- DNS ASK fm##30.us
- DNS ASK mi#######press-randburg.co.za
- DNS ASK am####-concerts.de
- DNS ASK me####esign.info
- DNS ASK no#####likejones.com
- DNS ASK sa###iumspb.ru
- DNS ASK pr#####toglass.co.nz
- '<SYSTEM32>\wscript.exe' %TEMP%\FvtTMr.js