Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 'Flags' = '00000043'
- <Current directory>\config.xml.tmp
- <Current directory>\config.xml
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\toobvb8t\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\7ta9g5y8\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\pqa7n5e9\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\p762nlvj\desktop.ini
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\toobvb8t\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\7ta9g5y8\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\pqa7n5e9\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\p762nlvj\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- <Current directory>\config.xml.tmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://lo###host:8080/proxy.pac via localhost
- http://ka#####esniffer.osdn.jp/version
- http://lo###host:8080/proxy1.pac via localhost
- http://lo###host:8080/proxy2.pac via localhost
- http://lo###host:8080/proxy3.pac via localhost
- http://lo###host:8080/proxy4.pac via localhost
- http://lo###host:8080/proxy5.pac via localhost
- http://lo###host:8080/proxy6.pac via localhost
- DNS ASK ka#####esniffer.osdn.jp
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WinInet.dll",DispatchAPICall 1