Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\chunxpdeu.exe
- %TEMP%\s.bat
- %TEMP%\<File name>.exe.pid
- '18#.#91.32.170':8888
- http://18#.##1.32.170:8888/project/active via 18#.#91.32.170
- http://18#.##1.32.170:8888/bots/chkVersion?cu#################### via 18#.#91.32.170
- http://18#.##1.32.170:8888/gw?wo########## via 18#.#91.32.170
- http://18#.##1.32.170:8888/gw?wo##### via 18#.#91.32.170
- '%WINDIR%\syswow64\cmd.exe' /Q /C %LOCALAPPDATA%\Temp/s.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /Q /C %LOCALAPPDATA%\Temp/s.bat