Technical Information
- %WINDIR%\tasks\iloq.job
- <SYSTEM32>\tasks\iloq
- %ALLUSERSPROFILE%\rsshiuv\iloq.exe
- http://86.#9.21.38/tor/status-vote/current/consensus
- http://17#.#5.193.9/tor/status-vote/current/consensus
- http://51.##3.135.69/tor/server/fp/88b0c4485ba11c6f02d2966c32a7b34063991820
- http://51.##3.135.69/tor/server/fp/234d4373b5359d80aadfb5f469a635ec44dc6c0b
- http://51.##3.135.69/tor/server/fp/adc4e832dc8a3d9242ffa6424a99bd55eba1403b
- http://51.##3.135.69/tor/server/fp/4ecbf37e4953f48aa02ca30ae929789218b07c80
- DNS ASK mx###gs19.xyz
- DNS ASK sd###ert20.xyz
- DNS ASK ap#.#pify.org
- '%ALLUSERSPROFILE%\rsshiuv\iloq.exe' start
- '%ALLUSERSPROFILE%\rsshiuv\iloq.exe' start' (with hidden window)