Technical Information
- <SYSTEM32>\tasks\<File name>
- <SYSTEM32>\tasks\editimage
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\startup\editimage.lnk
- C:\recovery\editimage.exe
- <Full path to file>
- C:\recovery\editimage.exe
- '12#.#0.12.181':8888
- '12#.#0.12.181':6666
- 'zh####s.ipshu.com':443
- 'oc##.##ust-provider.cn':80
- http://oc##.##ust-provider.cn/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQDhvjmfMdSVsHZ9u52p9jqu3rd8gQUXzp8ERB%2BDGdxYdyLo7UAA2f1VxwCEQC2B52AzlDX1r7UsJRUZ6J5
- '12#.#0.12.181':8888
- '12#.#0.12.181':6666
- 'zh####s.ipshu.com':443
- DNS ASK zh####s.ipshu.com
- DNS ASK oc##.##ust-provider.cn
- 'C:\recovery\editimage.exe'