Техническая информация
- %WINDIR%\tasks\bxhotck.job
- <SYSTEM32>\tasks\bxhotck
- %PROGRAMDATA%\wlxmal\bxhotck.exe
- 'ba####opstars.bar':4035
- http://13#.#88.40.189/tor/status-vote/current/consensus
- http://82.##4.239.154/tor/server/fp/730e0d04d90cc0b15f320f6dfd5dd23752ad52e9
- http://95.##2.235.74/tor/server/fp/dce8dbf94576272ad10d996c9aa0794a4567f304
- http://95.##2.235.74/tor/server/fp/03a33c3454fc0f9ac6966f12fa486999f5a22896
- http://95.##2.235.74/tor/server/fp/7494cb6b5c82725bafb6c1084dc0a1be76591b51
- http://95.##2.235.74/tor/server/fp/f4f605aa21c4633ccb5b8dbbc1ceee5c590c6dce
- http://15#.#5.175.225/tor/status-vote/current/consensus
- http://83.##3.16.211/tor/server/fp/bc0dea16b96bb106d452da5e8001cb519d35a278
- http://83.##3.16.211/tor/server/fp/97f51af6791ad33981ce25dc7a2618429f25b3b0
- http://83.##3.16.211/tor/server/fp/7494cb6b5c82725bafb6c1084dc0a1be76591b51
- http://83.##3.16.211/tor/server/fp/f4f605aa21c4633ccb5b8dbbc1ceee5c590c6dce
- DNS ASK ba####opstars.space
- DNS ASK ba####opstars.bar
- DNS ASK ap#.#pify.org
- '%PROGRAMDATA%\wlxmal\bxhotck.exe' start
- '%PROGRAMDATA%\wlxmal\bxhotck.exe' start' (со скрытым окном)