Technical Information
- <Drive name for removable media>:\»ЖЙ«µзУ°.exe
- %WINDIR%1\kk18_2176.exe (downloaded from the Internet) /SILENT
- %WINDIR%1\install15.exe (downloaded from the Internet) /S
- %WINDIR%\360\360.exe (downloaded from the Internet)
- %WINDIR%1\baidu.exe (downloaded from the Internet)
- %WINDIR%1\t58chat_374931.exe (downloaded from the Internet) /SILENT
- %WINDIR%1\FunshionInstall_C60423.exe (downloaded from the Internet) /S
- %WINDIR%1\coopen4397.exe (downloaded from the Internet)
- %WINDIR%1\9158chat_371184.exe (downloaded from the Internet) /SILENT
- <SYSTEM32>\wscript.exe "%TEMP%\god.vbs"
- %HOMEPATH%\Favorites\ХЅЅ«ґ«Жж.url
- %HOMEPATH%\Favorites\°БКУМмµШ.url
- %HOMEPATH%\Favorites\УсЦ®»к.url
- %HOMEPATH%\Favorites\ГО»ГРЮПЙ.url
- C:\»ЖЙ«µзУ°.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\dydy[1].exe
- %HOMEPATH%\Favorites\µЇµЇМГ.url
- %HOMEPATH%\Favorites\ДРРФЅЎїµНш.url
- %HOMEPATH%\Favorites\РФЦЄК¶КУЖµ.url
- %HOMEPATH%\Favorites\ФЪПЯВЧАн.url
- %HOMEPATH%\Favorites\ГАЕ®КУЖµ.url
- %HOMEPATH%\Favorites\·ІИЛРЮХж.url
- %HOMEPATH%\Favorites\·ЙМмОчУО.url
- %HOMEPATH%\Favorites\ГчіЇК±ґъ.url
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\baidu[1].exe
- %WINDIR%1\kk18_2176.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\kk18_2176[1].exe
- %WINDIR%1\baidu.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\baidu50[1]
- %WINDIR%\360\360.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\360[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\coopen4397[1].exe
- %WINDIR%1\9158chat_371184.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\9158chat_371184[1].exe
- %WINDIR%1\coopen4397.exe
- %WINDIR%1\install15.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\install15[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\dy2[1].html
- %HOMEPATH%\Favorites\іЙИЛР¦»°.url
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\zqxm[1]
- %HOMEPATH%\Favorites\БґЅУ\Ўф МФ±¦ґтХЫИИВф Ўф.url
- %HOMEPATH%\Favorites\БґЅУ\ј¤ЗйРЎУОП·.url
- %HOMEPATH%\Favorites\БґЅУ\ЖЩХЗ№ЙЖ±.url
- %HOMEPATH%\Favorites\БґЅУ\ГАГјј«Ж·Нј.url
- %HOMEPATH%\Favorites\БґЅУ\ёЯЗеУ°Фє.url
- %HOMEPATH%\Favorites\БґЅУ\єГНжРЎУОП·.url
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\qwxyx[1]
- %PROGRAM_FILES%\windsupdate\369safe.exe
- %TEMP%\god.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\download[1].php
- %WINDIR%1\t58chat_374931.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\t58chat_374931[1].exe
- %WINDIR%1\FunshionInstall_C60423.exe
- %HOMEPATH%\Favorites\ГАЕ®НјЖ¬.url
- %HOMEPATH%\Favorites\іЙИЛРЎУОП·.url
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\index[1].htm
- %HOMEPATH%\Favorites\МФ±¦МШВф.url
- %HOMEPATH%\Favorites\РФјјЗЙ.url
- %HOMEPATH%\Favorites\Й«Й«РЎУОП·.url
- %HOMEPATH%\Favorites\№ЙЖ±єЪВнРРЗй.url
- %HOMEPATH%\Favorites\БґЅУ\БЅРФЦЄК¶.url
- %HOMEPATH%\Favorites\БґЅУ\СФЗйРЎЛµ.url
- %HOMEPATH%\Favorites\БґЅУ\іЙИЛУОП·.url
- %HOMEPATH%\Favorites\БґЅУ\РФЦЄК¶КУЖµ.url
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\index[1].htm
- %HOMEPATH%\Favorites\БґЅУ\ГАЕ®КУЖµ.url
- %HOMEPATH%\Favorites\БґЅУ\ДРРФЅЎїµ.url
- '22#.#17.240.30':80
- 'localhost':1047
- 'www.19##9.info':80
- 'h1.##831.info':80
- 'tu###.01lm.com':80
- 'www.ba###50.info':80
- 'www.mm##5.info':80
- 'so#####e.lingxiu98.com':80
- 'www.vo##y.info':80
- 'localhost':1037
- 'ne#####.funshion.com':80
- 'localhost':1034
- 'www.qw##x.com':80
- 'www.zq##.info':80
- 'localhost':1042
- 'localhost':1039
- 'do####ad13.subo.me':80
- so#####e.lingxiu98.com/partner/install15.exe
- www.mm##5.info/dy2.html?z
- 22#.#17.240.30/soft/coopen4397.exe
- tu###.01lm.com/yylm/kk18_2176.exe
- www.ba###50.info/?y
- h1.##831.info/dy/360.exe
- h1.##831.info/dy/baidu.exe
- do####ad13.subo.me/9158/9158chat_371184.exe
- do####ad13.subo.me/t58/t58chat_374931.exe
- ne#####.funshion.com/software/download.php?id############################
- www.qw##x.com/?i
- www.zq##.info/
- h1.##831.info/dy/dydy.exe
- www.19##9.info/index.htm
- www.vo##y.info/index.htm
- DNS ASK www.mm##5.info
- DNS ASK h1.##831.info
- DNS ASK so#####e.lingxiu98.com
- DNS ASK www.ba###50.info
- DNS ASK tu###.01lm.com
- DNS ASK www.19##9.info
- DNS ASK ne#####.funshion.com
- DNS ASK www.qw##x.com
- DNS ASK do####ad13.subo.me
- DNS ASK www.vo##y.info
- DNS ASK www.zq##.info
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''