Technical Information
- %WINDIR%\tasks\mgcwsp.job
- <SYSTEM32>\tasks\mgcwsp
- %PROGRAMDATA%\qtwbfi\mgcwsp.exe
- 'ad###og179.xyz':4044
- 'xa###log279.xyz':4044
- DNS ASK ad###og179.xyz
- DNS ASK xa###log279.xyz
- '%PROGRAMDATA%\qtwbfi\mgcwsp.exe' start
- '%PROGRAMDATA%\qtwbfi\mgcwsp.exe' start' (with hidden window)