Technical Information
- '%TEMP%\guagua4397.exe'
- '%TEMP%\uaua4397.exe'
- '%TEMP%\pi4397.exe'
- '%TEMP%\gou4397.exe'
- '%TEMP%\bbtbb.exe'
- '%TEMP%\page.vbs'
- '%TEMP%\xing.vbs'
- '%TEMP%\xing.vbs' (downloaded from the Internet)
- '%TEMP%\pi4397.exe' (downloaded from the Internet)
- '%TEMP%\gou4397.exe' (downloaded from the Internet)
- '%TEMP%\page.vbs' (downloaded from the Internet)
- '%TEMP%\bbtbb.exe' (downloaded from the Internet)
- '%TEMP%\guagua4397.exe' (downloaded from the Internet)
- '%TEMP%\uaua4397.exe' (downloaded from the Internet)
- '%WINDIR%\regedit.exe' /s %TEMP%\ie.reg
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\pi.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\gou.bat" "
- '<SYSTEM32>\wscript.exe' "%TEMP%\safe.vbs"
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\pagepage.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\xingxing.bat" "
- '<SYSTEM32>\wscript.exe' "%TEMP%\bbtbb.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\guagua.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ua2.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\dian.bat" "
- %WINDIR%\Explorer.EXE
- %TEMP%\guagua.bat
- %TEMP%\guagua4397.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\19853[1]
- %TEMP%\gou4397.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gou4397[1].exe
- %TEMP%\uaua4397.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\uaua4397[1].exe
- %TEMP%\ua2.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\guagua4397[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\19856[1]
- %TEMP%\ie.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ie[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\19858[1]
- %TEMP%\safe.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\safe[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\19859[1]
- %TEMP%\gou.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\pi4397[1].exe
- %TEMP%\pi.bat
- %TEMP%\pi4397.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\4[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\3[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\5[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xing[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\6[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index8[1].htm
- %TEMP%\bbtbb.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\tb[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\2[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\1[1].ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\bbtbb[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\19885[1]
- %TEMP%\bbtbb.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\19887[1]
- %TEMP%\dian.bat
- %TEMP%\xingxing.bat
- %TEMP%\xing.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\page[1].txt
- %TEMP%\pagepage.bat
- %TEMP%\page.vbs
- 'www.19##6.info':80
- '22#.#17.240.30':80
- 'www.19##3.info':80
- 'www.19##8.info':80
- 'www.19##9.info':80
- 'www.19##7.info':80
- 'localhost':1038
- 'localhost':1037
- 'www.xs##.info':80
- 'www.19##5.info':80
- 'g1.#####.####u.google.baidu.com.baidu163so.info':80
- 22#.#17.240.30/soft/guagua4397.exe
- www.19##3.info/?gg
- www.19##6.info/?gg
- www.19##7.info/?gg
- 22#.#17.240.30/soft/uaua4397.exe
- 22#.#17.240.30/soft/gou4397.exe
- www.19##8.info/?gg
- g1.#####.####u.google.baidu.com.baidu163so.info/go/safe.txt
- g1.#####.####u.google.baidu.com.baidu163so.info/go/ie.txt
- www.19##9.info/?gg
- 22#.#17.240.30/soft/pi4397.exe
- g1.#####.####u.google.baidu.com.baidu163so.info/dy/bbtbb.html
- g1.#####.####u.google.baidu.com.baidu163so.info/ico/2.ico
- g1.#####.####u.google.baidu.com.baidu163so.info/ico/3.ico
- g1.#####.####u.google.baidu.com.baidu163so.info/ico/1.ico
- www.xs##.info/index8.htm
- g1.#####.####u.google.baidu.com.baidu163so.info/ico/tb.ico
- g1.#####.####u.google.baidu.com.baidu163so.info/ico/4.ico
- g1.#####.####u.google.baidu.com.baidu163so.info/go/page.txt
- www.19##5.info/?gg
- g1.#####.####u.google.baidu.com.baidu163so.info/dy/xing.txt
- g1.#####.####u.google.baidu.com.baidu163so.info/ico/5.ico
- g1.#####.####u.google.baidu.com.baidu163so.info/ico/6.ico
- DNS ASK www.19##3.info
- DNS ASK www.19##6.info
- DNS ASK www.19##8.info
- DNS ASK www.19##9.info
- DNS ASK g1.#####.####u.google.baidu.com.baidu163so.info
- DNS ASK www.xs##.info
- DNS ASK www.19##7.info
- DNS ASK www.19##5.info
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'
- ClassName: 'Proxy Desktop' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'BaseBar' WindowName: 'ChanApp'
- ClassName: 'CSCHiddenWindow' WindowName: '(null)'
- ClassName: 'SystemTray_Main' WindowName: '(null)'
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'