Техническая информация
- %WINDIR%\tasks\ggbvq.job
- <SYSTEM32>\tasks\ggbvq
- %PROGRAMDATA%\tcipwf\ggbvq.exe
- http://17#.#5.193.9/tor/status-vote/current/consensus
- http://14#.#10.164.228/tor/server/fp/bed0c8bf41c12e4d5681fcd2fed6599d9f3dc12c
- http://14#.#10.164.228/tor/server/fp/6e1588e440a45388033ac84b6839800c23938c9d
- DNS ASK gm###r23.xyz
- DNS ASK sc####tat14tp.xyz
- DNS ASK ap#.#pify.org
- '%PROGRAMDATA%\tcipwf\ggbvq.exe' start
- '%PROGRAMDATA%\tcipwf\ggbvq.exe' start' (со скрытым окном)