Technical Information
- %WINDIR%\explorer.exe
- %HOMEPATH%\desktop\fi51.doc
- %HOMEPATH%\desktop\adhd_and_obesity.docx
- %HOMEPATH%\desktop\210252809.jpg
- %HOMEPATH%\desktop\dial.bmp
- %TEMP%\nsx46c0.tmp
- %TEMP%\thfwuap211qjte2m
- %TEMP%\oelcquxd
- %TEMP%\nsn476d.tmp\system.dll
- 'ju####ypnosis.com':80
- 'fr######iciousberryfarm.com':80
- 'fo###ndbio.com':80
- http://www.ki#####ingslovesyou.com/dp3a/?MR#############################################################################################
- DNS ASK ju####ypnosis.com
- DNS ASK fr######iciousberryfarm.com
- DNS ASK fo###ndbio.com
- DNS ASK go###ukc.com
- DNS ASK ki#####ingslovesyou.com
- '%WINDIR%\syswow64\msdt.exe'
- '%WINDIR%\syswow64\cmd.exe' del "<Full path to file>"