Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{ACADABAE-1101-0010-8001-00AA006D2EA8}' = ''
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\9vtan.dll
- <SYSTEM32>\9vad.bat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\gg[1].gif
- %TEMP%\9vad.tmp
- 'localhost':1038
- 'qq.##711.com':80
- http://qq.##711.com/qq/gg.gif
- DNS ASK qq.##711.com
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\9vad.bat
- '<SYSTEM32>\attrib.exe' -h -s -r -a <SYSTEM32>\9vad.bat
- '%WINDIR%\sleep.exe' 3000