Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysray' = '"%CommonProgramFiles%\msnmsgr.exe"'
- User Account Control (UAC)
- %CommonProgramFiles%\msnmsgr.exe
- %WINDIR%\regedit.exe /s %CommonProgramFiles%\c.reg
- <SYSTEM32>\cmd.exe /c <Current directory>\a.bat
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- <Current directory>\a.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\msn[1].htm
- %CommonProgramFiles%\c.reg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\setip[1].htm
- %WINDIR%\verdata.log
- <SYSTEM32>\ur.dll
- %CommonProgramFiles%\ur.dll
- %CommonProgramFiles%\msnmsgr.exe
- 'www.da###ngu.com':80
- 'www.ms#.com':80
- www.da###ngu.com/wwwa/new/setip.asp
- www.ms#.com/
- DNS ASK www.da###ngu.com
- DNS ASK www.ms#.com
- ClassName: 'GxWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'D3D' WindowName: 'texbaiduQQ'
- ClassName: 'D3D' WindowName: 'texQQ'