Technical Information
- %APPDATA%\tyhgfds.exe
- %TEMP%\tgrfedc.txt
- %PROGRAMDATA%\nnqnmntxqup\8372422.txt
- %PROGRAMDATA%\nnqnmntxqup\files\_information.txt
- %PROGRAMDATA%\nnqnmntxqup\46173476.txt
- %PROGRAMDATA%\nnqnmntxqup\nl_2020_06_13___00_56___eivm_95.211.190.199.zip
- %PROGRAMDATA%\nnqnmntxqup\46173476.txt
- %PROGRAMDATA%\nnqnmntxqup\8372422.txt
- %APPDATA%\tyhgfds.exe
- http://rr###ad04.top/download.php?fi########
- http://rr###ad04.top/downfiles/6.exe
- http://ip##pi.com/line/
- http://ip##pi.com/line
- DNS ASK rr###ad04.top
- DNS ASK ip##pi.com
- DNS ASK ip###ger.org
- DNS ASK 2n#.co
- ClassName: 'AutoHotkey' WindowName: '<Full path to file>'
- '%APPDATA%\tyhgfds.exe'
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q %PROGRAMDATA%\nnqnmntxqup & timeout 2 & del /f /q "%APPDATA%\tyhgfds.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q %PROGRAMDATA%\nnqnmntxqup & timeout 2 & del /f /q "%APPDATA%\tyhgfds.exe"
- '%WINDIR%\syswow64\timeout.exe' 2