Technical Information
- %TEMP%\gdngtjngmohdt.js
- %TEMP%\jftzqaq_8407.exe
- %TEMP%\jftzqaq_11528.exe
- http://am##sur.com/sJIEQB
- http://ad####schubert.pl/7s56K8
- http://mu###mdate.com/mlB3PW
- http://kv####vaya-lampa.ru/fC9qZW
- http://mo##.org.mk/oiNWQ0
- http://af###ityee.com/jkpziP
- http://mc####eyhigh.org/lhAfaC
- http://ri####ncoperu.org/B3AlqT
- http://pg####unitycab.com/FAlx1b
- http://kt###akis.com/UHqig6
- http://kt###akis.com/?la#####
- http://no#####likejones.com/hati3x
- http://le######erryconsulting.com/gXTND7
- http://c-##r.at/QSa8sI
- DNS ASK ko###rkum.org
- DNS ASK ar####qayler.com
- DNS ASK no#####likejones.com
- DNS ASK je###mpiotr.pl
- DNS ASK kt###akis.com
- DNS ASK pg####unitycab.com
- DNS ASK ri####ncoperu.org
- DNS ASK mc####eyhigh.org
- DNS ASK le######erryconsulting.com
- DNS ASK af###ityee.com
- DNS ASK mo##.org.mk
- DNS ASK kv####vaya-lampa.ru
- DNS ASK be##v24.ru
- DNS ASK mu###mdate.com
- DNS ASK ad####schubert.pl
- DNS ASK ca##le78.it
- DNS ASK am##sur.com
- DNS ASK pa###.heutagon.com
- DNS ASK c-##r.at
- '<SYSTEM32>\wscript.exe' %TEMP%\gDNgtJNGMOhdT.js