Technical Information
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %APPDATA%\microsoft\windows\templates\qq.exe
- %TEMP%\p7_kuujswsa_ihlmjlozbamewvnmfi8tmvsjyqj4.exe
- %TEMP%\$inst\temp_0.tmp
- http://ca###.yyupload.com/down/537255/soft/tools/p7_kuujswsa_ihlMjlOZbaMEwvNmfi8TMvSJyQJ4.exe
- http://15#.#####.directlink.tv002.com/down/537255/soft/tools/p7_kuujswsa_ihlMjlOZbaMEwvNmfi8TMvSJyQJ4.exe?t=###########################################################
- DNS ASK do##.7654.com
- DNS ASK ca###.yyupload.com
- DNS ASK 15#.#####.directlink.tv002.com
- '%APPDATA%\microsoft\windows\templates\qq.exe' http://do##.7654.com/downloads/special/uc/Browser_V4.0.4368.0_f_4589_(Build150306)_CP50540.exe
- '%APPDATA%\microsoft\windows\templates\qq.exe' http://ca###.yyupload.com/down/537255/soft/tools/p7_kuujswsa_ihlMjlOZbaMEwvNmfi8TMvSJyQJ4.exe
- '%APPDATA%\microsoft\windows\templates\qq.exe' http://do##.7654.com/downloads/special/uc/Browser_V4.0.4368.0_f_4589_(Build150306)_CP50540.exe' (with hidden window)
- '%APPDATA%\microsoft\windows\templates\qq.exe' http://ca###.yyupload.com/down/537255/soft/tools/p7_kuujswsa_ihlMjlOZbaMEwvNmfi8TMvSJyQJ4.exe' (with hidden window)