Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'qdatem' = 'C:\Users\Public\Documents\Applicationyfsmx.exe'
- C:\Documents\user\locals~1\temp\<File name>.txt
- %APPDATA%\temp\netbase.dat
- <PATH_SAMPLE>.txt
- from <Full path to file> to C:\users\public\916726\applicationyfsmx.exe
- '45.##7.44.197':80
- http://45.##7.44.197/3333/zy.txt
- '<SYSTEM32>\notepad.exe' C:\DOCUME~1\user\LOCALS~1\Temp\<File name>.txt