Technical Information
- %TEMP%\gdngtjngmohdt.js
- http://no#####likejones.com/hati3x
- http://ma###-ce.com/n859VM
- http://ro###arita.com/5NmH3b
- http://ri####ncoperu.org/B3AlqT
- http://le######erryconsulting.com/gXTND7
- http://al####akhinin.ru/hPBy2R
- http://pv###jekt.pl/oLlqvX
- http://kv####vaya-lampa.ru/fC9qZW
- http://pg####unitycab.com/FAlx1b
- http://po###loki.ru/nbTURt
- http://po###loki.ru/404
- DNS ASK no#####likejones.com
- DNS ASK kv####vaya-lampa.ru
- DNS ASK pv###jekt.pl
- DNS ASK as####station.com
- DNS ASK mi#######press-randburg.co.za
- DNS ASK al####akhinin.ru
- DNS ASK le######erryconsulting.com
- DNS ASK ri####ncoperu.org
- DNS ASK pg####unitycab.com
- DNS ASK nw###izel.ru
- DNS ASK ro##mind.pl
- DNS ASK be###basol.com
- DNS ASK ko###rkum.org
- DNS ASK ro###arita.com
- DNS ASK ma###-ce.com
- DNS ASK oh###-o-d.info
- DNS ASK ma####nkostyle.net
- DNS ASK sa###iumspb.ru
- DNS ASK po###loki.ru
- '<SYSTEM32>\wscript.exe' %TEMP%\gDNgtJNGMOhdT.js