Technical Information
- %TEMP%\cjhojmplmopd.js
- %TEMP%\xnkvxtx_66398.exe
- http://au####oncepts.org/GdEpDm
- http://bi###inrus.ru/IzAtbH
- http://bm##inc.com/4Fv7sK
- http://au####gunsammo.com/KnCOrh
- http://ba###xico.com/POltGd
- http://ba####thingz.com/FBsQtK
- http://au#####ictherapy.com/GpsCve
- http://as##-ir.com/GRV4hE
- http://bh####afoods.com/AJZWId
- http://ar####alurji.com/KmvUJ5
- http://az##s.com/BCxfzy
- DNS ASK be###y4you.cz
- DNS ASK ar####alurji.com
- DNS ASK bh####afoods.com
- DNS ASK ax###overs.com
- DNS ASK ba##son.ru
- DNS ASK as##-ir.com
- DNS ASK au#####ictherapy.com
- DNS ASK ar####utplates.in
- DNS ASK ba####thingz.com
- DNS ASK hu###omains.com
- DNS ASK ba###xico.com
- DNS ASK bl##.#izmohelp.com
- DNS ASK au####gunsammo.com
- DNS ASK bm##inc.com
- DNS ASK be####eonebd.com
- DNS ASK bi###inrus.ru
- DNS ASK au####oncepts.org
- DNS ASK av###.com.tr
- DNS ASK bi####pic.com.tr
- DNS ASK az##s.com
- '<SYSTEM32>\wscript.exe' %TEMP%\cJHOjMplMopD.js