Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kabuto' = '<Full path to file>'
- <SYSTEM32>\tasks\kabuto
- <Current directory>\kabuto_debug.txt
- 'ap#.#abuto.io':443
- 'pk#.goog':80
- 'sy###omsp.com':443
- http://pk#.goog/gsr1/gsr1.crt
- 'ap#.#abuto.io':443
- 'sy###omsp.com':443
- DNS ASK ap#.#abuto.io
- DNS ASK pk#.goog
- DNS ASK sy###omsp.com