Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\winnetwork.exe
- %ALLUSERSPROFILE%\7zxa.dll
- %ALLUSERSPROFILE%\data\data.7z
- %ALLUSERSPROFILE%\data\config.txt
- %ALLUSERSPROFILE%\data\name.txt
- %ALLUSERSPROFILE%\data\process.txt
- %ALLUSERSPROFILE%\data\database.exe
- %ALLUSERSPROFILE%\data\data.7z
- 'gb#####337.hopto.org':21
- 'gb#####337.hopto.org':50847
- 'gb#####337.hopto.org':54760
- 'ip###ger.org':80
- 'ip###ger.org':443
- 'microsoft.com':80
- 'gb#####337.hopto.org':61681
- 'gb#####337.hopto.org':61267
- 'oc##.#ectigo.com':80
- 'gb#####337.hopto.org':21
- 'ip###ger.org':443
- DNS ASK gb#####337.hopto.org
- DNS ASK ip###ger.org
- DNS ASK microsoft.com
- DNS ASK oc##.#ectigo.com
- '%ALLUSERSPROFILE%\data\database.exe' -epool eth-eu1.nanopool.org:9999 -ewal 0x3d1d2c2513e437b7782e35fb1ee0d288af5eacd1 -worker Zavod228 -epsw password666 -mode 1 -Rmode 1 -log 0 -mport 0 -etha 0 -retrydelay 1 -ftime 60 -tt 60 -tst...
- '%ALLUSERSPROFILE%\data\database.exe' -epool eth-eu1.nanopool.org:9999 -ewal 0x3d1d2c2513e437b7782e35fb1ee0d288af5eacd1 -worker Zavod228 -epsw password666 -mode 1 -Rmode 1 -log 0 -mport 0 -etha 0 -retrydelay 1 -ftime 60 -tt 60 -tst...' (with hidden window)