Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'qdate' = 'C:\Users\Public\Documents\Applicationtcpaa.exe'
- %TEMP%\qxx.zip
- C:\users\public\documents\isllts.dll
- %TEMP%\<File name>.txt
- C:\users\public\documents\sjsw.log
- C:\users\public\documents\sjwback.dat
- <PATH_SAMPLE>.txt
- C:\users\public\documents\qxxback.dat
- %TEMP%\holdmecache.txt
- C:\users\public\documents\second.exe
- from <Full path to file> to C:\users\public\documents\applicationtcpaa.exe
- '45.##9.55.39':80
- '10#.#9.103.58':3366
- http://45.##9.55.39/64.txt
- http://45.##9.55.39/6644/zy.txt
- http://45.##9.55.39/6644/tp/zqd.png
- http://45.##9.55.39/6644/tp/cfwd3.png
- http://45.##9.55.39/6644/cdyxf.png
- '%WINDIR%\syswow64\notepad.exe' %TEMP%\<File name>.txt