Technical Information
- '<SYSTEM32>\iex.exe'
- '%TEMP%\Temp\sv.exe'
- '<SYSTEM32>\svch0st.exe'
- '<SYSTEM32>\TXPlatform.exe'
- '%TEMP%\Temp\ie.exe'
- 'C:\config\dr\update.exe'
- 'C:\config\dr\iex.exe'
- '%TEMP%\Temp\TXPlatform.exe'
- '%TEMP%\Temp\1.exe'
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\4.vbs"
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\2.bat" /start"
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\2.vbs"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '<SYSTEM32>\sc.exe' config winmgmt start= demand
- '<SYSTEM32>\sc.exe' start winmgmt
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\4.bat" /start"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\MSWINSCK.OCX"
- '<SYSTEM32>\wscript.exe' "c:\config\dr\sc.vbs"
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\1.vbs"
- '<SYSTEM32>\wscript.exe' "C:\config\dr\$wdd.vbs"
- '<SYSTEM32>\cmd.exe' /c ""C:\config\dr\$wdd.bat" /start"
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\3.vbs"
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\3.bat" /start"
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\1.bat" /start"
- '<SYSTEM32>\ping.exe' www.ba##u.com
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\login0[1].htm
- <SYSTEM32>\svch0st.exe
- <SYSTEM32>\DesClick.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\w.web7b[1]
- %TEMP%\~DFA173tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\server[1].txt
- <SYSTEM32>\NetBarIE.exe
- <SYSTEM32>\TXPlatform.exe
- <SYSTEM32>\iex.exe
- <SYSTEM32>\MSWINSCK.OCX
- %TEMP%\~DF08A3.TMP
- %TEMP%\~DF0A8B.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\list[1].ini
- %TEMP%\~DF0B8C.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\w.web7b[2]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ip.woai310[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\ip.woai310[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\w.web7b[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\TXPlatform[1].ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\w.web7b[1]
- <SYSTEM32>\web7b.ini
- <SYSTEM32>\conffig.ini
- <SYSTEM32>\1.vbs
- <SYSTEM32>\1.bat
- %TEMP%\Temp\TXPlatform.exe
- %TEMP%\Temp\1.exe
- <SYSTEM32>\iex.txt
- C:\config\dr\iex.exe
- C:\config\dr\$wdd.vbs
- C:\config\dr\$wdd.bat
- C:\config\dr\1.mp3
- C:\config\dr\update.exe
- C:\config\dr\sc.vbs
- <SYSTEM32>\ie.txt
- <SYSTEM32>\2.vbs
- <SYSTEM32>\2.bat
- <SYSTEM32>\s.txt
- <SYSTEM32>\4.vbs
- <SYSTEM32>\4.bat
- <SYSTEM32>\3.bat
- %TEMP%\Temp\sv.exe
- %TEMP%\Temp\ie.exe
- C:\1.txt
- <SYSTEM32>\t.txt
- <SYSTEM32>\3.vbs
- C:\config\dr\update.exe
- <SYSTEM32>\conffig.ini
- <SYSTEM32>\web7b.ini
- C:\config\dr\sc.vbs
- C:\config\dr\$wdd.bat
- C:\config\dr\$wdd.vbs
- C:\config\dr\iex.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\server[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\w.web7b[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\ip.woai310[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\w.web7b[1]
- C:\config\dr\sc.vbs
- C:\config\dr\$wdd.vbs
- C:\config\dr\$wdd.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\w.web7b[1]
- %TEMP%\~DFA173tmp
- C:\config\dr\iex.exe
- 'up####.guokui.net':80
- 'up.##ngzhua.net':80
- 'ip.##ai310.com':80
- 'op#####fig.woai310.com':80
- 'www.we##b.cn':80
- 'localhost':1036
- 'w.##b7b.cn':80
- 'up####.woai310.com':80
- op#####fig.woai310.com/txwm/TXPlatform.ini
- up####.guokui.net/count/server.txt
- ip.##ai310.com/
- up####.woai310.com/count/list.ini
- up####.woai310.com/count/server.txt
- www.we##b.cn/banben.asp?ba########
- up.##ngzhua.net/count/server.txt
- w.##b7b.cn/
- DNS ASK up####.guokui.net
- DNS ASK up.##ngzhua.net
- DNS ASK ip.##ai310.com
- DNS ASK op#####fig.woai310.com
- DNS ASK www.we##b.cn
- DNS ASK www.ba##u.com
- DNS ASK w.##b7b.cn
- DNS ASK up####.woai310.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Progman' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'