Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.lnk
- %WINDIR%\tasks\bidaily synchronize task.job
- <SYSTEM32>\tasks\bidaily synchronize task
- %ALLUSERSPROFILE%\{e707289a-bb53-a620-e707-7289abb5a26a}\<File name>.exe
- %ALLUSERSPROFILE%\{e707289a-bb53-a620-e707-7289abb5a26a}\<File name>.dat
- 'gu###liban.info':80
- 'po####ve-models.com':80
- 'po####ve-models.net':80
- DNS ASK gu###liban.info
- DNS ASK po####ve-models.com
- DNS ASK po####ve-models.net