Technical Information
- %WINDIR%\tasks\wrorlpt.job
- <SYSTEM32>\tasks\wrorlpt
- %ALLUSERSPROFILE%\tgrep\wrorlpt.exe
- 'mx###gs19.xyz':4044
- 'sd###ert20.xyz':4044
- 'ap#.#pify.org':443
- 'ip#.#eeip.org':443
- '13#.#88.40.189':80
- http://13#.#88.40.189/tor/status-vote/current/consensus
- 'mx###gs19.xyz':4044
- 'ap#.#pify.org':443
- 'ip#.#eeip.org':443
- DNS ASK mx###gs19.xyz
- DNS ASK sd###ert20.xyz
- DNS ASK ap#.#pify.org
- DNS ASK ip#.#eeip.org
- '%ALLUSERSPROFILE%\tgrep\wrorlpt.exe' start
- '%ALLUSERSPROFILE%\tgrep\wrorlpt.exe' start' (with hidden window)