Technical Information
- %WINDIR%\tasks\jkrf.job
- <SYSTEM32>\tasks\jkrf
- %ALLUSERSPROFILE%\rblal\jkrf.exe
- http://19#.#8.81.140/tor/status-vote/current/consensus
- http://52.##1.33.89/tor/server/fp/3367b5923146ccadc506159718aa8f31c2c50f82
- http://52.##1.33.89/tor/server/fp/f8aea2825629e4383599fd2a4bd5740cd1322cbc
- http://52.##1.33.89/tor/server/fp/cc4a3ae960e3617f49bf9887b79186c14cba6813
- http://52.##1.33.89/tor/server/fp/cc605fec74f20d49995d8faaff7365954233b85d
- http://52.##1.33.89/tor/server/fp/cc701fce86d6af95fc3d5b71645d3430794910c1
- http://52.##1.33.89/tor/server/fp/996f98ddcda5a303c0832ac8f842d8dd2842d3bf
- http://52.##1.33.89/tor/server/fp/99742a23a3248cc35113f25e40158758e8e0fbb8
- http://52.##1.33.89/tor/server/fp/99774357e7fd1f113f242c469d1d399d444aa51a
- http://86.#9.21.38/tor/status-vote/current/consensus
- DNS ASK as###d08.com
- DNS ASK as###d08.xyz
- DNS ASK ap#.#pify.org
- '%ALLUSERSPROFILE%\rblal\jkrf.exe' start
- '%ALLUSERSPROFILE%\rblal\jkrf.exe' start' (with hidden window)