Technical Information
- %WINDIR%\syswow64\netbtugc.exe
- %WINDIR%\syswow64\cmd.exe
- <Current directory>\dbkoztjoj.exe
- <Current directory>\config.ini
- from <Full path to file> to %TEMP%\dbkoztjoj\....\dbkoztjoj
- 'o4##2f.cn':1219
- 'o4##2f.cn':9004
- http://o4###f.cn:1219/Data/A31C3U6HmidtnmhCQj8abp01YsrKD3VNbQ9DYPkALg25kfVu0yThdwo9ZOF33q9EOZ4iXmkamuQhz1ZVdleXn6wS3le4gxnGMCUNfuQ8viVREyU6HcSjtr6y32303231C4EA37D4C238C8D533CAB133B7D63439C3EB.t...
- http://o4###f.cn:1219/001/Tips.txt?46#### via o4##2f.cn
- http://o4###f.cn:9004/HttpApiGb.ashx?ac################# via o4##2f.cn
- DNS ASK o4##2f.cn
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'CrossFire' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\netbtugc.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\netbtugc.exe'