Technical Information
- %WINDIR%\notepad.exe
- iexplore.exe
- %PROGRAMDATA%\tmp\tsakhost.jpg\1.ling
- %PROGRAMDATA%\tmp\yh.jpg\11.ling
- %PROGRAMDATA%\tmp\yh.jpg\2.ling
- %PROGRAMDATA%\tmp\yh.jpg\15.ling
- %PROGRAMDATA%\tmp\yh.jpg\16.ling
- %PROGRAMDATA%\tmp\yh.jpg\5.ling
- %PROGRAMDATA%\tmp\yh.jpg\3.ling
- %PROGRAMDATA%\tmp\yh.jpg\4.ling
- %PROGRAMDATA%\doseos.exe
- %PROGRAMDATA%\tmp\yh.jpg\1.ling
- %PROGRAMDATA%\tmp\yh.jpg\10.ling
- %PROGRAMDATA%\tmp\btc.jpg\15.ling
- %PROGRAMDATA%\tmp\btc.jpg\14.ling
- %PROGRAMDATA%\tmp\btc.jpg\13.ling
- %PROGRAMDATA%\tmp\btc.jpg\12.ling
- %PROGRAMDATA%\tmp\btc.jpg\7.ling
- %PROGRAMDATA%\tmp\btc.jpg\10.ling
- %PROGRAMDATA%\tmp\btc.jpg\11.ling
- %PROGRAMDATA%\tmp\btc.jpg\8.ling
- <Current directory>\btc.jpg
- %PROGRAMDATA%\tmp\fxtxt.jpg\2.ling
- %PROGRAMDATA%\tmp\yh.jpg\6.ling
- %PROGRAMDATA%\tmp\nb.jpg\13.ling
- %PROGRAMDATA%\tmp\nb.jpg\12.ling
- %PROGRAMDATA%\tmp\nb.jpg\14.ling
- %PROGRAMDATA%\tmp\nb.jpg\15.ling
- %PROGRAMDATA%\tmp\nb.jpg\6.ling
- %PROGRAMDATA%\tmp\nb.jpg\8.ling
- %PROGRAMDATA%\tmp\nb.jpg\2.ling
- %PROGRAMDATA%\tmp\nb.jpg\1.ling
- %PROGRAMDATA%\tmp\nb.jpg\4.ling
- %PROGRAMDATA%\tmp\nb.jpg\3.ling
- %PROGRAMDATA%\tmp\nb.jpg\7.ling
- %PROGRAMDATA%\tmp\nb.jpg\10.ling
- %PROGRAMDATA%\office1.exe
- <Current directory>\yh.jpg
- %PROGRAMDATA%\tmp\yh.jpg\8.ling
- %PROGRAMDATA%\tmp\yh.jpg\14.ling
- %PROGRAMDATA%\tmp\yh.jpg\7.ling
- %PROGRAMDATA%\tmp\yh.jpg\9.ling
- %PROGRAMDATA%\tmp\yh.jpg\13.ling
- %PROGRAMDATA%\tmp\btc.jpg\9.ling
- %PROGRAMDATA%\tmp\btc.jpg\16.ling
- %PROGRAMDATA%\tmp\btc.jpg\6.ling
- %PROGRAMDATA%\tmp\btc.jpg\5.ling
- %PROGRAMDATA%\tmp\btc.jpg\2.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\10.ling
- C:\users\public\ergee.txt
- %PROGRAMDATA%\prtoolsd.exe
- <Current directory>\tsakhost.jpg
- %PROGRAMDATA%\tmp\tsakhost.jpg\15.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\14.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\13.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\12.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\11.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\8.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\3.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\9.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\7.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\6.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\3.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\2.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\16.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\5.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\4.ling
- %PROGRAMDATA%\tmp\nb.jpg\11.ling
- %PROGRAMDATA%\tmp\yh.jpg\12.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\4.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\6.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\1.ling
- %PROGRAMDATA%\tmp\btc.jpg\1.ling
- %PROGRAMDATA%\tmp\btc.jpg\4.ling
- %PROGRAMDATA%\tmp\btc.jpg\3.ling
- %PROGRAMDATA%\eqhvgasmfy\cfg
- %PROGRAMDATA%\eqhvgasmfy\cfgi
- C:\users\public\ggghh43.txt
- %PROGRAMDATA%\fcc.exe
- <Current directory>\fxtxt.jpg
- %PROGRAMDATA%\tmp\fxtxt.jpg\16.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\15.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\14.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\13.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\12.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\10.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\11.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\9.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\8.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\7.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\5.ling
- %PROGRAMDATA%\tmp\nb.jpg\16.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\1.ling
- %PROGRAMDATA%\tmp\yh.jpg\16.ling
- %PROGRAMDATA%\tmp\yh.jpg\15.ling
- %PROGRAMDATA%\tmp\yh.jpg\14.ling
- %PROGRAMDATA%\tmp\yh.jpg\13.ling
- %PROGRAMDATA%\tmp\yh.jpg\12.ling
- %PROGRAMDATA%\tmp\yh.jpg\11.ling
- %PROGRAMDATA%\tmp\yh.jpg\10.ling
- %PROGRAMDATA%\tmp\btc.jpg\9.ling
- %PROGRAMDATA%\tmp\yh.jpg\3.ling
- %PROGRAMDATA%\tmp\btc.jpg\8.ling
- %PROGRAMDATA%\tmp\btc.jpg\7.ling
- %PROGRAMDATA%\tmp\btc.jpg\6.ling
- %PROGRAMDATA%\tmp\btc.jpg\5.ling
- %PROGRAMDATA%\tmp\btc.jpg\4.ling
- %PROGRAMDATA%\tmp\btc.jpg\3.ling
- %PROGRAMDATA%\tmp\yh.jpg\1.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\6.ling
- %PROGRAMDATA%\tmp\yh.jpg\4.ling
- %PROGRAMDATA%\tmp\nb.jpg\6.ling
- %PROGRAMDATA%\tmp\nb.jpg\4.ling
- %PROGRAMDATA%\tmp\nb.jpg\3.ling
- %PROGRAMDATA%\tmp\nb.jpg\2.ling
- %PROGRAMDATA%\tmp\nb.jpg\16.ling
- %PROGRAMDATA%\tmp\nb.jpg\15.ling
- %PROGRAMDATA%\tmp\nb.jpg\14.ling
- %PROGRAMDATA%\tmp\btc.jpg\2.ling
- %PROGRAMDATA%\tmp\yh.jpg\2.ling
- %PROGRAMDATA%\tmp\nb.jpg\11.ling
- %PROGRAMDATA%\tmp\nb.jpg\10.ling
- %PROGRAMDATA%\tmp\nb.jpg\1.ling
- %PROGRAMDATA%\tmp\yh.jpg\9.ling
- %PROGRAMDATA%\tmp\yh.jpg\8.ling
- %PROGRAMDATA%\tmp\yh.jpg\7.ling
- %PROGRAMDATA%\tmp\yh.jpg\6.ling
- %PROGRAMDATA%\tmp\nb.jpg\12.ling
- %PROGRAMDATA%\tmp\yh.jpg\5.ling
- %PROGRAMDATA%\tmp\btc.jpg\16.ling
- %PROGRAMDATA%\tmp\btc.jpg\15.ling
- %PROGRAMDATA%\tmp\btc.jpg\14.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\2.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\9.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\8.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\7.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\6.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\5.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\4.ling
- %PROGRAMDATA%\tmp\nb.jpg\7.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\10.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\16.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\15.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\14.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\13.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\12.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\11.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\10.ling
- %PROGRAMDATA%\tmp\tsakhost.jpg\3.ling
- %PROGRAMDATA%\tmp\nb.jpg\13.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\11.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\14.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\12.ling
- %PROGRAMDATA%\tmp\btc.jpg\13.ling
- %PROGRAMDATA%\tmp\btc.jpg\12.ling
- %PROGRAMDATA%\tmp\btc.jpg\11.ling
- %PROGRAMDATA%\tmp\btc.jpg\10.ling
- %PROGRAMDATA%\tmp\btc.jpg\1.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\9.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\13.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\8.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\1.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\5.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\4.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\3.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\2.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\16.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\15.ling
- %PROGRAMDATA%\tmp\fxtxt.jpg\7.ling
- %PROGRAMDATA%\tmp\nb.jpg\8.ling
- %PROGRAMDATA%\tmp\yh.jpg\9.ling
- %PROGRAMDATA%\tmp\yh.jpg\8.ling
- %PROGRAMDATA%\tmp\yh.jpg\4.ling
- %PROGRAMDATA%\tmp\yh.jpg\7.ling
- %PROGRAMDATA%\tmp\yh.jpg\3.ling
- %PROGRAMDATA%\tmp\yh.jpg\6.ling
- %PROGRAMDATA%\tmp\yh.jpg\1.ling
- %PROGRAMDATA%\tmp\yh.jpg\2.ling
- %PROGRAMDATA%\tmp\yh.jpg\5.ling
- %PROGRAMDATA%\tmp\yh.jpg\16.ling
- %PROGRAMDATA%\tmp\yh.jpg\14.ling
- %PROGRAMDATA%\tmp\yh.jpg\15.ling
- %PROGRAMDATA%\tmp\yh.jpg\13.ling
- %PROGRAMDATA%\tmp\yh.jpg\11.ling
- %PROGRAMDATA%\tmp\yh.jpg\10.ling
- %PROGRAMDATA%\tmp\yh.jpg\12.ling
- http://my###saat.xyz/tsakhost.jpg
- http://xm#.##rongapt.life/xmr.txt
- http://my###saat.xyz/fxtxt.jpg
- http://my###saat.xyz/btc.jpg
- http://my###saat.xyz/yh.jpg
- http://rs#.##websaat.xyz/yh.jpg
- http://my###saat.xyz/nb.jpg
- DNS ASK my###saat.xyz
- DNS ASK up##ad.ee
- DNS ASK xm#.##rongapt.life
- DNS ASK xm#####.nanopool.org
- DNS ASK rs#.##websaat.xyz
- '%PROGRAMDATA%\prtoolsd.exe'
- '%PROGRAMDATA%\fcc.exe'
- '%PROGRAMDATA%\doseos.exe'
- '%PROGRAMDATA%\office1.exe'
- '<SYSTEM32>\cmd.exe' /c set' (with hidden window)
- '%WINDIR%\notepad.exe' -c "%PROGRAMDATA%\EQHvgaSMFY\cfg"
- '<SYSTEM32>\cmd.exe' /c set
- '%WINDIR%\notepad.exe' -c "%PROGRAMDATA%\EQHvgaSMFY\cfgi"