Technical Information
- "%TEMP%\tb.exe" (downloaded from the Internet)
- "%TEMP%\warshb.exe" (downloaded from the Internet)
- "%TEMP%\ic.exe" (downloaded from the Internet)
- "%TEMP%\astro.exe" (downloaded from the Internet)
- "%TEMP%\gang.exe" (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\tb[1].exe
- %TEMP%\ic.exe
- %TEMP%\tb.exe
- %TEMP%\warshb.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\warshb[1].exe
- %TEMP%\astro.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\astro[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\gang[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\ic[1].exe
- %TEMP%\gang.exe
- 'ne##ooba.tk':80
- 'localhost':1037
- ne##ooba.tk/file/tb.exe
- ne##ooba.tk/file/warshb.exe
- ne##ooba.tk/file/ic.exe
- ne##ooba.tk/file/astro.exe
- ne##ooba.tk/file/gang.exe
- DNS ASK ne##ooba.tk