Technical Information
- %APPDATA%\9kdl4vkcy0\word 2016.lnk
- C:\users\public\<File name>.exe
- %TEMP%\_config.exe
- %TEMP%\_config.inf
- %TEMP%\hi-003_2h3ddrskeg\_config.lnk
- %TEMP%\regworkshop.ini
- %TEMP%\_config.inf
- %TEMP%\_config.exe
- %TEMP%\hi-003_2h3ddrskeg\_config.lnk
- %TEMP%\regworkshop.ini
- '12#.#2.23.71':8888
- '12#.#2.23.71':8848
- http://12#.##.23.71:8888/asd via 12#.#2.23.71
- '12#.#2.23.71':8848
- '%TEMP%\_config.exe' /s "%TEMP%\_config.inf"
- 'C:\users\public\<File name>.exe'