Technical Information
- %WINDIR%\tasks\dhjmo.job
- <SYSTEM32>\tasks\dhjmo
- %ALLUSERSPROFILE%\rdmwh\dhjmo.exe
- http://13#.#88.40.189/tor/status-vote/current/consensus
- http://45.#6.86.86/tor/server/fp/f939d91a6405a4213ecf468c970b347c92cdb809
- http://45.#6.86.86/tor/server/fp/fccf812cd6b7909ac26cff226b8ca16f3de9c392
- http://45.#6.86.86/tor/server/fp/e05cac929e391787077066c29461a9d22ecf0809
- http://45.#6.86.86/tor/server/fp/ea3616a0b9bbbdc74121d8d6f01eabddcf6be35d
- DNS ASK pz####dvert475.xyz
- DNS ASK pz####erv275.xyz
- DNS ASK ap#.#pify.org
- '%ALLUSERSPROFILE%\rdmwh\dhjmo.exe' start
- '%ALLUSERSPROFILE%\rdmwh\dhjmo.exe' start' (with hidden window)