Technical Information
- <Current directory>\sqlite30.dll
- <Current directory>\virusscan.dll
- <PATH_SAMPLE>.ini_bak
- <PATH_SAMPLE>.bak
- <Current directory>\hcrypt.dll
- <Current directory>\hssl.dll
- %TEMP%\del1016.tmp
- <PATH_SAMPLE>.ini
- <Current directory>\virusscan.dat
- <Current directory>\user.dat
- <Current directory>\system.dat
- <Current directory>\temp\1ffe.tmp
- <Current directory>\log.txt
- <Current directory>\vsdata.tmp
- <Current directory>\vsdata.tmp
- from <PATH_SAMPLE>.ini_bak to <PATH_SAMPLE>.ini
- <Full path to file>
- <PATH_SAMPLE>.ini_bak
- 'up####.10jqka.com.cn':80
- http://up####.10jqka.com.cn/virus_code/20070606.dat
- http://up####.10jqka.com.cn/?p=#####################################
- DNS ASK up####.10jqka.com.cn
- DNS ASK ua###.10jqka.com.cn
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\del1016.tmp' 304|<Full path to file>|<PATH_SAMPLE>.bak|
- '<Full path to file>'