Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{ACADABAF-1000-0010-8000-10AA006D2EA4}' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\ipconfig.exe' /all
- '%WINDIR%\sleep.exe' 1000
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\delete_downloader.bat
- '<SYSTEM32>\attrib.exe' -h -s -r -a <SYSTEM32>\delete_downloader.bat
- %WINDIR%\Explorer.EXE
- 360tray.exe
- <DRIVERS>\temp_package.tmp
- <SYSTEM32>\delete_downloader.bat
- <SYSTEM32>\system.dat
- 'o1#.cn':80
- 'o1.#1wy.com':80
- 'localhost':1037
- http://o1.#1wy.com/miss/logo3.gif
- http://o1#.cn/Counter/NewCounter.asp?Pa##################################################################################
- http://o1.#1wy.com/miss/logo.gif
- http://o1.#1wy.com/miss/logo2.gif
- DNS ASK o1#.cn
- DNS ASK o1.#1wy.com