Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'qdatem' = 'C:\Users\Public\Documents\Applicationolicw.exe'
- C:\users\public\documents\aeehy.dll
- %TEMP%\<File name>.txt
- C:\users\public\documents\sjsw.log
- %APPDATA%\temp\netbase.dat
- <PATH_SAMPLE>.txt
- from <Full path to file> to C:\users\public\019019\applicationolicw.exe
- '45.##7.45.194':80
- '45.##7.45.197':80
- 'sh##1.top':3367
- http://45.##7.45.194/6661/zy.txt
- http://45.##7.45.197/6661/cdyxf.png
- 'sh##1.top':3367
- DNS ASK sh##1.top
- '%WINDIR%\syswow64\notepad.exe' %TEMP%\<File name>.txt