Technical Information
- %TEMP%\oxtmi.js
- %TEMP%\hnijqld_46524.exe
- %TEMP%\hnijqld_92272.exe
- %TEMP%\hnijqld_11631.exe
- %TEMP%\hnijqld_71837.exe
- http://pv###jekt.pl/oLlqvX
- http://an####vazquez.net/1UaAWY
- http://ma###-ce.com/n859VM
- http://pg####unitycab.com/FAlx1b
- http://li##ion.net/9cRXIl
- http://kt###akis.com/?la#####
- http://kt###akis.com/UHqig6
- http://me####esign.info/o12QeD
- http://kw##b.it/tNTjZ2
- http://10###nsult.com/zZVPJj
- http://ha##mee.com/hIPTXx
- http://je###mpiotr.pl/IiJlGp
- http://c-##r.at/QSa8sI
- http://al####akhinin.ru/hPBy2R
- http://no##sys.com/EwX0sO
- http://pu####afacile.it/JvZ9cX
- http://ro###arita.com/5NmH3b
- http://le######erryconsulting.com/gXTND7
- http://po###loki.ru/nbTURt
- http://po###loki.ru/404
- DNS ASK pv###jekt.pl
- DNS ASK ma###-ce.com
- DNS ASK pg####unitycab.com
- DNS ASK me##kino.ru
- DNS ASK ca##le78.it
- DNS ASK li##ion.net
- DNS ASK oh###-o-d.info
- DNS ASK kt###akis.com
- DNS ASK mi#######press-randburg.co.za
- DNS ASK me####esign.info
- DNS ASK kw##b.it
- DNS ASK 10###nsult.com
- DNS ASK ha##mee.com
- DNS ASK pa###.heutagon.com
- DNS ASK je###mpiotr.pl
- DNS ASK ar####qayler.com
- DNS ASK sa###iumspb.ru
- DNS ASK c-##r.at
- DNS ASK al####akhinin.ru
- DNS ASK al###zatrio.com
- DNS ASK am####-concerts.de
- DNS ASK no##sys.com
- DNS ASK bi#####prservices.com
- DNS ASK pu####afacile.it
- DNS ASK ro###arita.com
- DNS ASK le######erryconsulting.com
- DNS ASK an####vazquez.net
- DNS ASK po###loki.ru
- '<SYSTEM32>\wscript.exe' %TEMP%\oXTmi.js