Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SKPFER' = '"%APPDATA%\Windata\CKGIXT.exe"'
- %APPDATA%\Windata\CKGIXT.exe
- %TEMP%\SKPFER.vbs
- 'ip##i.co':443
- 'he####e.dynns.com':4000
- DNS ASK ip##i.co
- DNS ASK he####e.dynns.com
- '<SYSTEM32>\wscript.exe' %TEMP%\SKPFER.vbs