Technical Information
- %WINDIR%\tasks\fkfxq.job
- <SYSTEM32>\tasks\fkfxq
- %PROGRAMDATA%\viuvvw\fkfxq.exe
- http://19#.#09.206.212/tor/status-vote/current/consensus
- http://20#.#3.164.118/tor/status-vote/current/consensus
- http://13#.#88.40.189/tor/status-vote/current/consensus
- http://79.##2.28.205/tor/server/fp/803fb98ba0fe1709c087e9138cc6096f22083ca5
- http://79.##2.28.205/tor/server/fp/fe00a3a835680e67fbbc895a724e2657bb253e97
- http://79.##2.28.205/tor/server/fp/80f9ac81e0c64c6cfebe264522c545604f2c4361
- http://79.##2.28.205/tor/server/fp/1b9facf25e17d26e307ea7cfa7d455b144b032e5
- DNS ASK ad###t127ds.xyz
- DNS ASK ad###ace147.xyz
- DNS ASK ap#.#pify.org
- '%PROGRAMDATA%\viuvvw\fkfxq.exe' start
- '%PROGRAMDATA%\viuvvw\fkfxq.exe' start' (with hidden window)