Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe] 'Debugger' = '<SYSTEM32>\netdde32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ssst] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\acpidisk] 'Start' = '00000002'
- '%WINDIR%\winwl.exe'
- '%WINDIR%\system\hwm713.exe'
- '%WINDIR%\netdde32.exe'
- '%WINDIR%\system\hwl713.exe'
- '<SYSTEM32>\netdde32.exe' /install 8d007
- '%WINDIR%\kulionrx.exe'
- '%WINDIR%\winow.exe'
- '%WINDIR%\kulionzx.exe'
- '%TEMP%\tempaq' 70080
- '%WINDIR%\system\hwow713.exe'
- '%WINDIR%\winwm.exe'
- '%WINDIR%\system\hzx713.exe'
- '%WINDIR%\system\dodolook326.exe'
- '%WINDIR%\system\my_70080.exe'
- '%WINDIR%\system\8d007.exe'
- '%WINDIR%\system\SkypeClient.exe'
- '%WINDIR%\system\ad_2216.exe'
- '%WINDIR%\system\boolan61.exe'
- '%WINDIR%\system\hrx713.exe'
- '%WINDIR%\wmsj.exe'
- '<SYSTEM32>\d03.exe'
- '%TEMP%\AIS_2216_0.EXE'
- '%WINDIR%\system\hgj713.exe'
- '%TEMP%\1097.exe' 7326
- '%TEMP%\tempaq' (downloaded from the Internet)
- '<SYSTEM32>\rundll32.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%CommonProgramFiles%\CPUSH\cpush.dll"
- %WINDIR%\Explorer.EXE
- ClassName: 'AVP.Product_Notification' WindowName: '(null)'
- ClassName: 'AVP.AlertDialog' WindowName: '(null)'
- %WINDIR%\netdde32.exe
- <DRIVERS>\acpidisk.sys
- %TEMP%\acpidisk.sys
- %WINDIR%\kulionwm.dll
- %CommonProgramFiles%\CPUSH\Uninst.exe
- %TEMP%\nsgA.tmp
- %WINDIR%\winwm.exe
- %WINDIR%\winwl.exe
- %WINDIR%\kulionwl.dll
- %PROGRAM_FILES%\nnno\tttu.dll
- %TEMP%\nsx8.tmp\System.dll
- %TEMP%\DoSSSetup.dll
- %PROGRAM_FILES%\nnno\qqqrlex.ini
- %PROGRAM_FILES%\nnno\ddde.lex
- <SYSTEM32>\winlib .dll
- <SYSTEM32>\mprmsgse.axz
- %WINDIR%\kulionzx.exe
- %WINDIR%\kulionzx.dll
- %PROGRAM_FILES%\nnno\rrrs.ini
- %TEMP%\tempaq
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mminstall[1]
- %WINDIR%\3.tmp
- %WINDIR%\winow.dll
- %CommonProgramFiles%\CPUSH\cpush.dll
- %WINDIR%\winow.exe
- %APPDATA%\Cuckoo\windows2.log
- %WINDIR%\KB998017.log
- %APPDATA%\Cuckoo\Host.dat
- %WINDIR%\system\hwm713.exe
- %WINDIR%\system\hwl713.exe
- %WINDIR%\system\hrx713.exe
- %WINDIR%\system\hwow713.exe
- <SYSTEM32>\67-105-7163
- %TEMP%\nsm2.tmp
- %WINDIR%\system\hzx713.exe
- %WINDIR%\system\dodolook326.exe
- %WINDIR%\system\boolan61.exe
- %WINDIR%\system\ad_2216.exe
- %WINDIR%\system\my_70080.exe
- %WINDIR%\system\hgj713.exe
- %WINDIR%\system\8d007.exe
- %WINDIR%\system\SkypeClient.exe
- %TEMP%\Insshell.exe
- %PROGRAM_FILES%\nnno\aaab.dll
- <SYSTEM32>\d03.exe
- <SYSTEM32>\netdde32.exe
- %WINDIR%\kulionrx.dll
- %PROGRAM_FILES%\nnno\fffg.dll
- %PROGRAM_FILES%\nnno\cccd.dll
- %WINDIR%\kulionrx.exe
- %PROGRAM_FILES%\nnno\mmmn.ini
- %TEMP%\1097.exe
- %TEMP%\nsd5.tmp\System.dll
- %WINDIR%\video.dll
- %PROGRAM_FILES%\nnno\iiij.ini
- %PROGRAM_FILES%\nnno\xxxy.dll
- %WINDIR%\wmsj.exe
- %WINDIR%\system\hzx713.exe
- %WINDIR%\system\hwow713.exe
- %WINDIR%\system\hwm713.exe
- <SYSTEM32>\netdde32.exe
- %TEMP%\AIS_2216_0.EXE
- %WINDIR%\KB998017.log
- %WINDIR%\netdde32.exe
- %WINDIR%\system\hwl713.exe
- %WINDIR%\system\my_70080.exe
- %WINDIR%\system\dodolook326.exe
- %WINDIR%\system\ad_2216.exe
- %WINDIR%\system\SkypeClient.exe
- %WINDIR%\system\hrx713.exe
- %WINDIR%\system\hgj713.exe
- %WINDIR%\system\8d007.exe
- %TEMP%\acpidisk.sys
- %TEMP%\DoSSSetup.dll
- %WINDIR%\kulionzx.dll
- %TEMP%\1097.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mminstall[1]
- C:\~deC.tmp
- %TEMP%\nsd5.tmp\System.dll
- %WINDIR%\3.tmp
- %WINDIR%\kulionwl.dll
- <SYSTEM32>\winlib .dll
- %WINDIR%\video.dll
- %WINDIR%\kulionrx.dll
- %APPDATA%\Cuckoo\Host.dat
- %WINDIR%\winow.dll
- %TEMP%\nsx8.tmp\System.dll
- %WINDIR%\kulionwm.dll
- from %TEMP%\AIS_2216_0.EXE to C:\~deC.tmp
- from %TEMP%\Insshell.exe to %TEMP%\AIS_2216_0.EXE
- 'in#####3.ring520.org':80
- '88#.#43call.cn':80
- 'localhost':1039
- in#####3.ring520.org/kkkk/mminstall.exe?qu###########
- 88#.#43call.cn/pw.ini
- DNS ASK up.#izmd.cn
- DNS ASK www.bo####der.com.cn
- DNS ASK www.bo###nder.cn
- DNS ASK gs.###system.com
- DNS ASK up####.borlander.cn
- DNS ASK 88#.#43call.cn
- DNS ASK in#####3.ring520.org
- ClassName: '###McAlertWindow###' WindowName: '(null)'
- ClassName: '#32770' WindowName: '???????? - ????????????????'
- ClassName: '#32770' WindowName: 'IE????'
- ClassName: '#32770' WindowName: '??????????????????'
- ClassName: '#32770' WindowName: 'VirusScan ??????????????'
- ClassName: '#32770' WindowName: 'McAfee Personal Firewall Plus ????'
- ClassName: '_std_ad_wnd_' WindowName: '_std_ad_wnd_'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: '#32770' WindowName: '??????????'
- ClassName: 'Afx:400000:0' WindowName: '(null)'
- ClassName: '_stdup_cha_wnd_' WindowName: '_stdup_cha_wnd_'