Technical Information
- %TEMP%\svcsys.rar (downloaded from the Internet)
- %TEMP%\1.dll
- %TEMP%\fdsfs.tsd
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://cq##888.com
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.m2##.com
- %TEMP%\svcsys.rar
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\m2pk[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\cq15888[1]
- %TEMP%\fdsfs.tsd
- %TEMP%\1.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a.cq15888[1]
- 'localhost':1044
- 'www.m2##.com':80
- 'cq##888.com':80
- 'localhost':1043
- 'localhost':1037
- 'a.###5888.com':80
- 'w.###5888.com':80
- www.m2##.com/
- cq##888.com/
- a.###5888.com/
- w.###5888.com//AddSetup.asp?5<#############################################
- DNS ASK ya###.com.cn
- DNS ASK www.m2##.com
- DNS ASK cq##888.com
- DNS ASK a.###5888.com
- DNS ASK bi###e110.com
- DNS ASK w.###5888.com
- '<Private IP address>':1039
- '<Private IP address>':1040
- '<Private IP address>':1038
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''