Technical Information
- YY.exe
- <Current directory>\RCX4.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\yyroom[1].txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\yyroom1[1].txt
- <Current directory>\YY.exe{E13363D3-DA0E-46a3-B31A-789536CFC289}
- <Full path to file>{4DDC4041-5B19-49de-8F79-BEFF3AD2BB63}
- <Current directory>\RCX2.tmp
- <Current directory>\YY.exe
- <Current directory>\YY.exe
- <Current directory>\YY.exe{E13363D3-DA0E-46a3-B31A-789536CFC289}
- <Full path to file>{4DDC4041-5B19-49de-8F79-BEFF3AD2BB63}
- from <Current directory>\YY.exe to %TEMP%\_@3.tmp
- from <Full path to file> to %TEMP%\_@1.tmp
- <Current directory>\YY.exe{E13363D3-DA0E-46a3-B31A-789536CFC289}
- <Current directory>\YY.exe
- <Full path to file>{4DDC4041-5B19-49de-8F79-BEFF3AD2BB63}
- <Full path to file>
- 'pi##iuwu.cn':80
- 'yy##l.com':80
- http://pi##iuwu.cn/yyroom1.txt
- http://yy##l.com/yyroom.txt
- DNS ASK pi##iuwu.cn
- DNS ASK yy##l.com
- '<Current directory>\YY.exe'