Technical Information
- '%APPDATA%\System\Dir\explorer.exe' (downloaded from the Internet)
- '%APPDATA%\System\Dir\svchost.exe' (downloaded from the Internet)
- '%APPDATA%\System\Install\dllhost.exe' (downloaded from the Internet)
- '%APPDATA%\System\Install\setup.exe' (downloaded from the Internet)
- '%APPDATA%\System\Dir\explorer.exe'
- '%APPDATA%\System\Dir\svchost.exe'
- '%APPDATA%\System\Install\dllhost.exe'
- '%APPDATA%\System\Install\setup.exe'
- %APPDATA%\System\Dir\svchost.exe
- %APPDATA%\System\Install\setup.exe
- %APPDATA%\System\Dir\explorer.exe
- %APPDATA%\System\Install\dllhost.exe
- %APPDATA%\System\Dir\svchost.exe
- %APPDATA%\System\Install\setup.exe
- %APPDATA%\System\Dir\explorer.exe
- %APPDATA%\System\Install\dllhost.exe
- 'li####reto.890m.com':80
- 'wp#d':80
- http://li####reto.890m.com/666/1.jpg
- http://li####reto.890m.com/666/1.mp3
- http://li####reto.890m.com/666/1.mp4
- http://11#.#11.111.1/wpad.dat via wp#d
- http://li####reto.890m.com/666/1.png
- DNS ASK li####reto.890m.com
- DNS ASK wp#d