Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\WinDivert1.1] 'ImagePath' = '%TEMP%\3jm3tucf9v\WinDivert64.sys'
- C:\usr\local\etc\kmgkvdb\8ea1d8a86c03064c2b431bd1a66893a7
- %TEMP%\b4j5eawpb8.txt
- %APPDATA%\kmg\fh97xm8zmf\c987266b12640d4b45d638ced6dde110
- %TEMP%\3jm3tucf9v\windivert32.dll
- %TEMP%\3jm3tucf9v\windivert64.sys
- %APPDATA%\kmg\e8vecdvdd6\502c17fc94944daf6564c73c2e96626a
- %APPDATA%\kmg\e8vecdvdd6\5b12bbb07c8a974f6e56c9749f01027b
- %APPDATA%\kmg\e8vecdvdd6\9d8418c1c3cdacd496732276dc27c727
- %WINDIR%\temp\udd9915.tmp
- %WINDIR%\temp\udd9915.tmp
- '10#.#97.43.186':443
- '10#.#96.114.54':443
- 'nu###cnnc5.com':443
- 'zq###x2q9a.com':443
- 'ge#####re-links8.com':443
- 'ge#####re-link3s.com':443
- 'ui####e-time.com':443
- '10#.#55.14.55':443
- '8v##.com':20025
- DNS ASK ui####e-time.com
- DNS ASK ma####-id-auto.com
- DNS ASK ne###s-cdn.com
- DNS ASK ca###a.co.za
- DNS ASK in###lifes.com
- DNS ASK wa###nglog.com
- DNS ASK ad##dns.com
- DNS ASK in####timeline.com
- DNS ASK bl####analysis.com
- DNS ASK tu####n-helper.com
- DNS ASK cr#####-analysis.com
- DNS ASK su###tdata.com
- DNS ASK ne######bangalore-lk2.com
- DNS ASK ge####web-link2.com
- DNS ASK vi#.xvpn.io
- DNS ASK 8v##.com
- DNS ASK nu###cnnc5.com
- DNS ASK zq###x2q9a.com
- DNS ASK ge#####re-link3s.com
- DNS ASK ge#####re-links8.com
- DNS ASK tb##et.com
- '12#.#0.146.199':61982
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 2 "<Полный путь к файлу>"