Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7 Activate' = '%WINDIR%\activate.exe'
- %TEMP%\mrt1.tmp\Registry2.mfx
- %TEMP%\mrt1.tmp\kclist.mfx
- %TEMP%\mrt1.tmp\Download.mfx
- <Current directory>\data6.set
- %WINDIR%\activate.exe
- %TEMP%\mrt1.tmp\kcfile.mfx
- %TEMP%\mrt1.tmp\ctrlx.mfx
- %TEMP%\mrt1.tmp\KcActiveX.mfx
- %TEMP%\mrt1.tmp\mmfs2.dll
- %TEMP%\mrt1.tmp\stdrt.exe
- %TEMP%\mrt1.tmp\KcBoxB.mfx
- %TEMP%\mrt1.tmp\kcwctrl.mfx
- %TEMP%\mrt1.tmp\kcmouse.mfx
- %TEMP%\mrt1.tmp\Download.mfx
- %TEMP%\mrt1.tmp\ctrlx.mfx
- %TEMP%\mrt1.tmp\KcBoxB.mfx
- %TEMP%\mrt1.tmp\kcfile.mfx
- %TEMP%\mrt1.tmp\Registry2.mfx
- %TEMP%\mrt1.tmp\kclist.mfx
- %TEMP%\mrt1.tmp\mmfs2.dll
- %TEMP%\mrt1.tmp\stdrt.exe
- <Current directory>\data6.set
- %TEMP%\mrt1.tmp\kcwctrl.mfx
- %TEMP%\mrt1.tmp\kcmouse.mfx
- %TEMP%\mrt1.tmp\KcActiveX.mfx
- 'www.tu###music.com':80
- 'localhost':1036
- 'www.tu###kid.com':80
- www.tu###music.com/playlists.htm
- www.tu###kid.com/data6.set
- DNS ASK www.tu###music.com
- DNS ASK www.tu###kid.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''