Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{880D8DB8-AD25-11D0-98A8-0800361B1170}] 'stubpath' = '<SYSTEM32>\config\aa.exe'
- '%WINDIR%\sleep.exe' 500
- '<SYSTEM32>\cmd.exe' /c <Current directory>\a.bat
- '<SYSTEM32>\config\dllhost.exe'
- <Current directory>\a.bat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\Count[1].asp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\config[1].txt
- %TEMP%\~DFAEBA.tmp
- %TEMP%\~DF9AA0.tmp
- <SYSTEM32>\config\dllhost.exe
- <SYSTEM32>\config\aa.exe
- %TEMP%\~DF9AA0.tmp
- 'ni#.#iuliuw.com':80
- 'localhost':1037
- http://ni#.#iuliuw.com/asp/wenzj/config.txt
- http://ni#.#iuliuw.com/asp/wenzj/tj/Count.asp?ma####################################
- DNS ASK ni#.#iuliuw.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''