Technical Information
- %WINDIR%\tasks\tejnrw.job
- <SYSTEM32>\tasks\tejnrw
- %PROGRAMDATA%\gjuxlwb\tejnrw.exe
- http://19#.#09.206.212/tor/status-vote/current/consensus
- http://94.##.123.67/tor/server/fp/5d1e99998c3b3ae9fddd26f13b81ce0549a5a786
- http://94.##.123.67/tor/server/fp/e5d7d35357e9c55b47e2adde73199153888bd4cb
- http://94.##.123.67/tor/server/fp/dd0aa66dd9e4e71ffafab658df8300f1ceea0364
- http://94.##.123.67/tor/server/fp/3548129e3b54bf4b833bbcbae214db05ca46ae6b
- DNS ASK ad###og179.xyz
- DNS ASK xa###log279.xyz
- DNS ASK ap#.#pify.org
- '%PROGRAMDATA%\gjuxlwb\tejnrw.exe' start
- '%PROGRAMDATA%\gjuxlwb\tejnrw.exe' start' (with hidden window)