Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\purple.exe
- <Full path to file>
- %PROGRAMDATA%\sh.txt
- %APPDATA%\microsoft\windows\start menu\programs\startup\purple.exe
- '<SYSTEM32>\cmd.exe' /k "curl ipinfo.io > C:\\ProgramData\\tthclffytot_362020-20H27M30Scurl.txt & exit"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c RD /S /Q %APPDATA%\Mozilla\Firefox\Profiles\\storage\default
- '<SYSTEM32>\cmd.exe' /k "curl ipinfo.io > C:\\ProgramData\\tthclffytot_362020-20H27M30Scurl.txt & exit"