Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{E7D9FF09-D55C-7FCC-27CA-4EEC9FDBC04C}' = '%APPDATA%\kfCciqHj\XaBhHrzR\wDEefzhY\VpBbpGgVX.exe'
- %WINDIR%\Tasks\{E7D9FF09-D55C-7FCC-27CA-4EEC9FDBC04C}.job
- '%APPDATA%\kfCciqHj\XaBhHrzR\wDEefzhY\VpBbpGgVX.exe'
- %APPDATA%\kfCciqHj\XaBhHrzR\wDEefzhY\VpBbpGgVX.exe
- 'ta###peri.party':80
- 'li#####cksreport.com':80
- 'vi#####gladiator.com':443
- 'lo####kibogi.com':80
- http://li#####cksreport.com/Lo8Hb4RfoLk/scaning.php
- http://ta###peri.party/Lo8Hb4RfoLk/scaning.php
- http://lo####kibogi.com/Lo8Hb4RfoLk/scaning.php
- DNS ASK ta###peri.party
- DNS ASK li#####cksreport.com
- DNS ASK vi#####gladiator.com
- DNS ASK lo####kibogi.com