Technical Information
- YY.exe
- <Current directory>\RCX4.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\yyroom[1].txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\yyroom1[1].txt
- <Current directory>\YY.exe{CC0EEF9C-D8C2-4981-BABE-1ED1A0CDA1D2}
- <Full path to file>{F6E16956-5482-4ab5-B633-8162E145BD05}
- <Current directory>\RCX2.tmp
- <Current directory>\YY.exe
- <Current directory>\YY.exe
- <Current directory>\YY.exe{CC0EEF9C-D8C2-4981-BABE-1ED1A0CDA1D2}
- <Full path to file>{F6E16956-5482-4ab5-B633-8162E145BD05}
- from <Current directory>\YY.exe to %TEMP%\_@3.tmp
- from <Full path to file> to %TEMP%\_@1.tmp
- <Current directory>\YY.exe{CC0EEF9C-D8C2-4981-BABE-1ED1A0CDA1D2}
- <Current directory>\YY.exe
- <Full path to file>{F6E16956-5482-4ab5-B633-8162E145BD05}
- <Full path to file>
- 'pi##iuwu.cn':80
- http://pi##iuwu.cn/yyroom1.txt
- http://pi##iuwu.cn/yyroom.txt
- DNS ASK pi##iuwu.cn
- '<Current directory>\YY.exe'