Technical Information
- '%TEMP%\FunshionInstall_C60679.exe' /S
- 'C:\gg.exe'
- '%TEMP%\FunshionInstall_C60679.exe' (downloaded from the Internet)
- '<SYSTEM32>\wscript.exe' "%TEMP%\AV_PLAY.vbs"
- %TEMP%\FunshionInstall_C60679.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\download[1].php
- %HOMEPATH%\Desktop\°Щ¶ИЛСЛч.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\baidu[1].ico
- <SYSTEM32>\taobao.ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\taobao[1].ico
- <SYSTEM32>\baidu.ico
- <SYSTEM32>\mm1.vbs
- %TEMP%\AV_PLAY.vbs
- C:\gg.exe
- %HOMEPATH%\Desktop\ВгБДґуМь.lnk
- <SYSTEM32>\mm2.vbs
- %HOMEPATH%\Desktop\МФ±¦Нш.lnk
- <SYSTEM32>\mm.vbs
- %TEMP%\AV_PLAY.vbs
- 'www.99#8.in':80
- 'pa#####.funshion.com':80
- 'localhost':1037
- www.99#8.in/ico/taobao.ico
- www.99#8.in/ico/baidu.ico
- pa#####.funshion.com/partner/download.php?id######
- DNS ASK www.99#8.in
- DNS ASK pa#####.funshion.com