Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinDivert1.1] 'ImagePath' = '%TEMP%\3jm3tucf9v\WinDivert64.sys'
- 'WinDivert1.1' %TEMP%\3jm3tucf9v\WinDivert64.sys
- %TEMP%\b4j5eawpb8.txt
- %APPDATA%\kmg\fh97xm8zmf\c987266b12640d4b45d638ced6dde110
- %APPDATA%\kmg\e8vecdvdd6\e9decfb2e6516318d8ac2056eb0b2cfa
- %APPDATA%\kmg\e8vecdvdd6\2794342b47e489932af0c0dff32fd16e
- %TEMP%\3jm3tucf9v\windivert32.dll
- %TEMP%\3jm3tucf9v\windivert64.sys
- %APPDATA%\kmg\e8vecdvdd6\6ebe55edcdac4dd0f2ab1ee4cbdf9aed
- %APPDATA%\cpt55z3yv2\data.mprqnf4brneh73shngum4w53
- %WINDIR%\temp\udd1525.tmp
- %WINDIR%\temp\udd1525.tmp
- from %APPDATA%\cpt55z3yv2\data.mprqnf4brneh73shngum4w53 to %APPDATA%\cpt55z3yv2\data
- '10#.#99.231.130':20028
- '10#.#55.83.127':20028
- DNS ASK tb##et.com
- DNS ASK zq###x2q9a.com
- DNS ASK va###sh3.vip