Technical Information
- %TEMP%\guaguadance.exe /S
- %TEMP%\guaguadance.exe (downloaded from the Internet)
- %TEMP%\guaguadance.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\guaguadance_6060000042[1]
- 'c.###gua.com.cn':80
- 'localhost':1037
- c.###gua.com.cn/c/guaguadance_6060000042
- DNS ASK c.###gua.com.cn
- ClassName: '#32770' WindowName: '????'