Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Wsnivw cexeslks] 'ImagePath' = '%WINDIR%\dsawe.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Wsnivw cexeslks] 'Start' = '00000002'
- C:\0.vbs
- %WINDIR%\dsawe.exe
- %HOMEPATH%\My Documents\Accrerr
- C:\0.vbs
- %HOMEPATH%\My Documents\Accrerr
- 'gu######2476.blog.163.com':80
- 'qq#####60160.f3322.org':15952
- 'bl##.#ina.com.cn':80
- 'hm.##niji.cc':80
- http://gu######2476.blog.163.com/blog/static/2524110192015727113340924/
- http://hm.##niji.cc/asp3.8/fwqlj.asp
- http://bl##.#ina.com.cn/s/blog_13ebd4c900102vreb.html
- DNS ASK gu######2476.blog.163.com
- DNS ASK qq#####60160.f3322.org
- DNS ASK bl##.#ina.com.cn
- DNS ASK hm.##niji.cc
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\0.vbs"
- '%WINDIR%\dsawe.exe'
- '%HOMEPATH%\My Documents\Accrerr'