Technical Information
- <SYSTEM32>\tasks\plans powerful empower
- C:\users\public\documents\go80a\d0hx5sujk.exe
- C:\users\public\documents\go80a\d0hx5sujk.dat
- C:\users\public\documents\go80a\edge.xml
- C:\users\public\documents\go80a\edge.jpg
- %TEMP%\_ir_tu2_temp_0\_tuprojdt.dat
- %TEMP%\_ir_tu2_temp_0\irimg1.jpg
- %TEMP%\_ir_tu2_temp_0\irimg2.jpg
- %TEMP%\_ir_tu2_temp_0\irimg3.jpg
- %TEMP%\_ir_tu2_temp_0\irimg4.jpg
- %TEMP%\xshell 6 update log.txt
- C:\users\public\documents\go80a\g6wfb.exe
- C:\users\public\documents\go80a\g6wfb.dat
- C:\xxxx.ini
- '47.##.103.13':7800
- 'localhost':7060
- '47.##.103.13':7000
- http://47.##.103.13:7800/L-1 via 47.##.103.13
- http://47.##.103.13:7800/1 via 47.##.103.13
- http://47.##.103.13:7800/2 via 47.##.103.13
- http://47.##.103.13:7800/3 via 47.##.103.13
- http://47.##.103.13:7800/4 via 47.##.103.13
- DNS ASK wt##xx.com
- 'C:\users\public\documents\go80a\d0hx5sujk.exe'
- 'C:\users\public\documents\go80a\d0hx5sujk.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c echo.>c:\xxxx.ini' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c echo.>c:\xxxx.ini