Technical Information
- '%TEMP%\nsy3.tmp\ns4.tmp' "<SYSTEM32>\cscript.exe" "%PROGRAM_FILES%\WinSafe\kk.ill"
- '%PROGRAM_FILES%\green\greensetup.exe'
- '%PROGRAM_FILES%\їмЅЭАё\KDocks.exe'
- '%ALLUSERSPROFILE%\Templates\installstat.exe'
- '%PROGRAM_FILES%\green\TheWorld_3.2.0.5.exe' /VERYSILENT -sp
- '%PROGRAM_FILES%\green\4399webgame.exe'
- '%PROGRAM_FILES%\green\setup_30025.exe'
- '%PROGRAM_FILES%\green\sogou_pinyin_mini_5078.exe'
- '<SYSTEM32>\wscript.exe' "%ALLUSERSPROFILE%\Templates\kk.ill"
- '<SYSTEM32>\cscript.exe' "%PROGRAM_FILES%\WinSafe\kk.ill"
- '<SYSTEM32>\wscript.exe' "%PROGRAM_FILES%\green\ins.jse"
- [<HKCU>\Software\FlashFXP]
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoInternetIcon' = '00000001'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\t[1]
- %PROGRAM_FILES%\їмЅЭАё\KDocks.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\g[1]
- %ALLUSERSPROFILE%\Templates\installstat.exe
- %PROGRAM_FILES%\їмЅЭАё\icons\јЖЛгЖч.png
- %PROGRAM_FILES%\їмЅЭАё\icons\јЗКВ±ѕ.png
- %PROGRAM_FILES%\їмЅЭАё\icons\IE1.png
- %PROGRAM_FILES%\їмЅЭАё\icons\IE2.png
- %PROGRAM_FILES%\WinSafe\33.dat
- %ALLUSERSPROFILE%\Templates\kk.ill
- %PROGRAM_FILES%\Microsoft\pack.dat
- %PROGRAM_FILES%\WinSafe\win.dat
- %TEMP%\version.ini
- %TEMP%\nsy3.tmp\ns4.tmp
- %PROGRAM_FILES%\WinSafe\kk.ill
- %TEMP%\nsy3.tmp\nsExec.dll
- %PROGRAM_FILES%\їмЅЭАё\icons\їШЦЖГж°е.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\Word.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\і¬ј¶НГЧУ.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\RealOne.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\Winamp.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\УЕ»ЇґуК¦.png
- %PROGRAM_FILES%\їмЅЭАё\kkjDock.cfg
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\їб№·.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\З§З§ѕІМэ.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\ACDSee.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\CS.png
- %PROGRAM_FILES%\їмЅЭАё\icons\ОТµДµзДФ.png
- %PROGRAM_FILES%\їмЅЭАё\icons\ОТµДОДµµ.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\PS.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\QQ.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\FXP.png
- %PROGRAM_FILES%\їмЅЭАё\icons\soft\MSN.png
- %PROGRAM_FILES%\green\is-54GM2.tmp
- %TEMP%\is-N895H.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-N895H.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\green\is-LPORF.tmp
- %PROGRAM_FILES%\green\is-UFC2O.tmp
- %PROGRAM_FILES%\green\is-K8LR1.tmp
- %PROGRAM_FILES%\green\is-6ALF2.tmp
- %PROGRAM_FILES%\green\TheWorld_3.2.0.5-0.bin
- %PROGRAM_FILES%\green\TheWorld_3.2.0.5-1.bin
- %PROGRAM_FILES%\green\greensetup.exe
- %PROGRAM_FILES%\green\TheWorld_3.2.0.5.exe
- %PROGRAM_FILES%\green\4399webgame.exe
- %PROGRAM_FILES%\green\sogou_pinyin_mini_5078.exe
- %PROGRAM_FILES%\green\ins.jse
- %PROGRAM_FILES%\green\setup_30025.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\web.icw
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internat Exlporer.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.txt
- %HOMEPATH%\My Documents\backup\Windows Media Player.lnk
- %PROGRAM_FILES%\green\unins000.dat
- %PROGRAM_FILES%\Microsoft\in
- %PROGRAM_FILES%\Microsoft\t
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.txt
- %PROGRAM_FILES%\Microsoft\y.dat
- %TEMP%\nsy3.tmp\System.dll
- %HOMEPATH%\Desktop\Internat Exlporer.lnk
- %ALLUSERSPROFILE%\Desktop\КАЅзЦ®ґ°.lnk
- %HOMEPATH%\My Documents\backup\Show Desktop.scf
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\КАЅзЦ®ґ°.lnk
- %HOMEPATH%\My Documents\backup\desktop.ini
- %HOMEPATH%\My Documents\backup\Launch Internet Explorer Browser.lnk
- %TEMP%\nsy3.tmp\ns4.tmp
- %HOMEPATH%\My Documents\backup\Windows Media Player.txt
- %HOMEPATH%\My Documents\backup\Show Desktop.scf
- %TEMP%\nsy3.tmp\System.dll
- %TEMP%\nsy3.tmp\nsExec.dll
- %ALLUSERSPROFILE%\Templates\installstat.exe
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\КАЅзЦ®ґ°.lnk
- %TEMP%\is-N895H.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-N895H.tmp\_isetup\_RegDLL.tmp
- %HOMEPATH%\My Documents\backup\Launch Internet Explorer Browser.txt
- %PROGRAM_FILES%\green\ins.jse
- %HOMEPATH%\My Documents\backup\desktop.ini
- from %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.txt to %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
- from %HOMEPATH%\My Documents\backup\Windows Media Player.lnk to %HOMEPATH%\My Documents\backup\Windows Media Player.txt
- from %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.txt to %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
- from %PROGRAM_FILES%\WinSafe\33.dat to %PROGRAM_FILES%\WinSafe\33.bat
- from %PROGRAM_FILES%\WinSafe\win.dat to %PROGRAM_FILES%\WinSafe\win.ill
- from %HOMEPATH%\My Documents\backup\Launch Internet Explorer Browser.lnk to %HOMEPATH%\My Documents\backup\Launch Internet Explorer Browser.txt
- from %PROGRAM_FILES%\green\is-K8LR1.tmp to %PROGRAM_FILES%\green\green.ico
- from %PROGRAM_FILES%\green\is-54GM2.tmp to %PROGRAM_FILES%\green\unins000.exe
- from %PROGRAM_FILES%\green\is-6ALF2.tmp to %PROGRAM_FILES%\green\TheWorld.ini
- from %PROGRAM_FILES%\green\is-UFC2O.tmp to %PROGRAM_FILES%\green\xmp.exe
- from %PROGRAM_FILES%\green\is-LPORF.tmp to %PROGRAM_FILES%\green\TheWorld.exe
- 'localhost':1040
- 'www.ad##ma.cn':80
- 'localhost':1043
- 'localhost':1035
- 'localhost':1038
- 'www.so##u.com':80
- www.ad##ma.cn/t/?az
- www.ad##ma.cn/g/?al#
- www.so##u.com/pinyin/version.php?h=#######################################
- DNS ASK do####ad.mu51.com
- DNS ASK www.hu###ang.com
- DNS ASK www.so##u.com
- DNS ASK www.ad##ma.cn
- ClassName: '' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''