Technical Information
- <SYSTEM32>\services.exe
- %WINDIR%\Explorer.EXE
- C:\RECYCLER\S-1-5-18\$2ebe1c2e2a38cb36436c4d1cb8c2630c\o
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\$ID2D7CE11
- C:\RECYCLER\S-1-5-18\$2ebe1c2e2a38cb36436c4d1cb8c2630c\@
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\$2ebe1c2e2a38cb36436c4d1cb8c2630c\@
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\$2ebe1c2e2a38cb36436c4d1cb8c2630c\o
- from <Full path to virus> to C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\$RD2D7CE11
- '20#.#8.32.176':80
- 'j.###mind.com':80
- 20#.#8.32.176/count.php?pa################################
- j.###mind.com/app/geoip.js
- DNS ASK qz#ŷ�
- DNS ASK qz#MT�D
- DNS ASK qz#T&�v
- DNS ASK qz#x�|�
- DNS ASK qz#� ,
- DNS ASK qz#�ű
- DNS ASK j.###mind.com
- DNS ASK qz#x�
- DNS ASK qz#ڜ��
- DNS ASK qz#K �1