Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\GBQOTG.lnk
- %TEMP%\aut1.tmp
- %TEMP%\ZIQZJV.txt
- %APPDATA%\Windata\RWHWKA.exe
- %TEMP%\GBQOTG.vbs
- %TEMP%\aut1.tmp
- 'ip##i.co':443
- '12#.#99.166.6':7860
- DNS ASK ip##i.co
- '<SYSTEM32>\wscript.exe' %TEMP%\GBQOTG.vbs
- '<SYSTEM32>\notepad.exe' %TEMP%\ZIQZJV.txt