Technical Information
- %TEMP%\tmp8004.vbs
- 'eg####.persiangig.com':80
- 'ce#.##rsiangig.com':80
- 'pe###angig.com':443
- 'go#####analytics.com':80
- http://eg####.persiangig.com/amir.txt
- http://eg####.persiangig.com/amir.txt/dl
- http://ce#.##rsiangig.com/dl2/style.css
- http://ce#.##rsiangig.com/dl2/images/logo.gif
- http://www.pe###angig.com/static-content/banners/vps.jpg
- http://v.####iangig.com/dl2/style.css
- http://v.####iangig.com/dl2/images/logo.gif
- http://ce#.##rsiangig.com/dl2/images/top-bg.gif
- http://www.go#####analytics.com/analytics.js
- http://v.####iangig.com/dl2/images/top-bg.gif
- http://ce#.##rsiangig.com/images/arrow.png
- http://ce#.##rsiangig.com/dl2/images/logo-tiny.gif
- http://v.####iangig.com/images/arrow.png
- http://v.####iangig.com/dl2/images/logo-tiny.gif
- 'pe###angig.com':443
- DNS ASK eg####.persiangig.com
- DNS ASK ce#.##rsiangig.com
- DNS ASK pe###angig.com
- DNS ASK v.####iangig.com
- DNS ASK go#####analytics.com
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\tmp8004.vbs"