Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'COM S' = '%WINDIR%\Terms.EXE.exe'
- '' (downloaded from the Internet)
- C:\test.exe
- %WINDIR%\Terms.EXE.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\NetSyst96[1].exe
- <Full path to file>
- 'localhost':1037
- '12#.#32.11.106':80
- 'localhost':1039
- '47.#3.59.6':31975
- 'us###.qzone.qq.com':80
- http://12#.#32.11.106/NetSyst96.exe
- http://us###.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui###########
- DNS ASK us###.qzone.qq.com
- 'C:\test.exe'
- '%WINDIR%\Terms.EXE.exe'