Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Yyicgcc' = '%TEMP%\regedit.exe'
- %WINDIR%\syswow64\notepad.exe
- %TEMP%\regedit.exe
- from %TEMP%\regedit.exe to %CommonProgramFiles(x86)%\Гїv›Г»wõà wВ¬Г.exe
- 'ta##ao.com':443
- '22#.#11.73.134':11888
- '22#.#11.73.134':88
- '19#.#6.27.26':1588
- http://22#.##1.73.134:88/hacker/regedit.exe via 22#.#11.73.134
- 'ta##ao.com':443
- '22#.#11.73.134':11888
- '19#.#6.27.26':1588
- DNS ASK ta##ao.com
- DNS ASK wo###.taobao.com
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%TEMP%\regedit.exe'
- '%TEMP%\regedit.exe' ' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe' ' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe'