Technical Information
- '<SYSTEM32>\regsvr32.exe' atl.dll /s
- Handler for all processes: <Current directory>\cfgdll.dll
- %WINDIR%\inf\bt1a.bmp
- %WINDIR%\inf\zy.bmp
- %WINDIR%\inf\zengyuan.bmp
- %WINDIR%\inf\bt1b.bmp
- %WINDIR%\inf\bt3a.bmp
- %WINDIR%\inf\bt2b.bmp
- %WINDIR%\inf\bt2a.bmp
- %WINDIR%\inf\yuancheng.bmp
- %WINDIR%\inf\yk6.bmp
- %WINDIR%\inf\yk2.bmp
- %WINDIR%\inf\yxzrjdt.bmp
- %WINDIR%\inf\zdjb.bmp
- %WINDIR%\inf\zbymr2.bmp
- %WINDIR%\inf\zbymr.bmp
- %WINDIR%\inf\bt3b.bmp
- %WINDIR%\inf\ben7.bmp
- %WINDIR%\inf\ben6.bmp
- %WINDIR%\inf\ax6.bmp
- %WINDIR%\inf\ben8.bmp
- %WINDIR%\inf\blcb2.bmp
- %WINDIR%\inf\ben10.bmp
- %WINDIR%\inf\ben9.bmp
- %WINDIR%\inf\ax1.bmp
- %WINDIR%\inf\sjq1.bmp
- %WINDIR%\inf\sjq2.bmp
- %WINDIR%\inf\ax2.bmp
- %WINDIR%\inf\ax5.bmp
- %WINDIR%\inf\ax4.bmp
- %WINDIR%\inf\ax3.bmp
- %WINDIR%\inf\s11j1.bmp
- %WINDIR%\inf\s11.bmp
- %WINDIR%\inf\s10j2.bmp
- %WINDIR%\inf\s11j2.bmp
- %WINDIR%\inf\shou.bmp
- %WINDIR%\inf\sa.bmp
- %WINDIR%\inf\s11j3.bmp
- %WINDIR%\inf\s8.bmp
- %WINDIR%\inf\s.bmp
- %WINDIR%\inf\qiang.bmp
- %WINDIR%\inf\s8j1.bmp
- %WINDIR%\inf\s10j1.bmp
- %WINDIR%\inf\s10.bmp
- %WINDIR%\inf\s9.bmp
- %WINDIR%\inf\sidai.bmp
- %WINDIR%\inf\xljd.bmp
- %WINDIR%\inf\xlhm.bmp
- %WINDIR%\inf\xlgjs.bmp
- %WINDIR%\inf\xlymr.bmp
- %WINDIR%\inf\yk1.bmp
- %WINDIR%\inf\xx.bmp
- %WINDIR%\inf\xlyts.bmp
- %WINDIR%\inf\sk.bmp
- %WINDIR%\inf\sjq.bmp
- %WINDIR%\inf\sj.bmp
- %WINDIR%\inf\sl.bmp
- %WINDIR%\inf\xlgj.bmp
- %WINDIR%\inf\sui.bmp
- %WINDIR%\inf\sl2.bmp
- %WINDIR%\inf\blcb3.bmp
- %WINDIR%\inf\14.txt
- %WINDIR%\inf\13.txt
- %WINDIR%\inf\12.txt
- %WINDIR%\inf\15.txt
- %WINDIR%\inf\bzsl.txt
- %WINDIR%\inf\bl.txt
- %WINDIR%\inf\bd.txt
- %WINDIR%\inf\7.txt
- %WINDIR%\inf\6.txt
- %WINDIR%\inf\5.txt
- %WINDIR%\inf\8.txt
- %WINDIR%\inf\11.txt
- %WINDIR%\inf\10.txt
- %WINDIR%\inf\9.txt
- %WINDIR%\inf\bzsl2.txt
- %WINDIR%\inf\oem9.inf
- %WINDIR%\inf\nv1.txt
- %WINDIR%\inf\xbs.txt
- %WINDIR%\inf\oem19.inf
- C:\ProgramData\System\dm.dll
- %WINDIR%\inf\oem39.inf
- %WINDIR%\inf\oem29.inf
- %WINDIR%\inf\lv.txt
- %WINDIR%\inf\kz2.txt
- %WINDIR%\inf\kz1.txt
- %WINDIR%\inf\yz.txt
- %WINDIR%\inf\zy.txt
- %WINDIR%\inf\zdrl.txt
- %WINDIR%\inf\zbsj.txt
- %WINDIR%\inf\by8.bmp
- %WINDIR%\inf\by7.bmp
- %WINDIR%\inf\by6.bmp
- %WINDIR%\inf\fsu1.bmp
- %WINDIR%\inf\fsu4.bmp
- %WINDIR%\inf\fsu3.bmp
- %WINDIR%\inf\fsu2.bmp
- %WINDIR%\inf\blcb6.bmp
- %WINDIR%\inf\blcb5.bmp
- %WINDIR%\inf\blcb4.bmp
- %WINDIR%\inf\by2.bmp
- %WINDIR%\inf\by5.bmp
- %WINDIR%\inf\by4.bmp
- %WINDIR%\inf\by3.bmp
- %WINDIR%\inf\gjnh1.bmp
- %WINDIR%\inf\15.bmp
- %WINDIR%\inf\hf.bmp
- %WINDIR%\inf\mszy.bmp
- %WINDIR%\inf\1.txt
- %WINDIR%\inf\4.txt
- %WINDIR%\inf\3.txt
- %WINDIR%\inf\2.txt
- %WINDIR%\inf\x10.bmp
- %WINDIR%\inf\x9.bmp
- %WINDIR%\inf\gjnh2.bmp
- %WINDIR%\inf\ymrw1.bmp
- %WINDIR%\inf\fsu5.bmp
- %WINDIR%\inf\x8.bmp
- %WINDIR%\inf\ymrw2.bmp
- %WINDIR%\inf\5.bmp
- %WINDIR%\inf\4q1.bmp
- %WINDIR%\inf\4.bmp
- %WINDIR%\inf\5q1.bmp
- %WINDIR%\inf\7.bmp
- %WINDIR%\inf\6q1.bmp
- %WINDIR%\inf\6.bmp
- <Current directory>\radiobox_disabled_checked.ico
- <Current directory>\radiobox_unchecked.ico
- <Current directory>\radiobox_checked.ico
- <Current directory>\radiobox_disabled_unchecked.ico
- %WINDIR%\inf\3.bmp
- %WINDIR%\inf\2.bmp
- %WINDIR%\inf\1.bmp
- %WINDIR%\inf\7q1.bmp
- %WINDIR%\inf\11q2.bmp
- %WINDIR%\inf\11q.bmp
- %WINDIR%\inf\11.bmp
- %WINDIR%\inf\12.bmp
- %WINDIR%\inf\16.bmp
- %WINDIR%\inf\14.bmp
- %WINDIR%\inf\13.bmp
- %WINDIR%\inf\9.bmp
- %WINDIR%\inf\8q1.bmp
- %WINDIR%\inf\8.bmp
- %WINDIR%\inf\9q1.bmp
- %WINDIR%\inf\10q2.bmp
- %WINDIR%\inf\10q1.bmp
- %WINDIR%\inf\10.bmp
- <Current directory>\plugin\FILE.DLL
- <Current directory>\plugin\REGDLL.DLL
- <Current directory>\plugin\AJJL.DLL
- <Current directory>\plugin\PIC.DLL
- <Current directory>\cfgdll.dll
- %TEMP%\BackGround.bmp
- %TEMP%\mymacro.zip
- %TEMP%\mac2.tmp
- %TEMP%\mac1.tmp
- %TEMP%\mymacro_errinfo.exe
- %TEMP%\plugin.zip
- <Current directory>\plugin\WINDOW.DLL
- <Current directory>\plugin\MSG.DLL
- <Current directory>\plugin\GETSYSINFO.DLL
- <Current directory>\ShieldModule.dat
- <Current directory>\timer_icon.ico
- %APPDATA%\qmacro\shield\Shield.ini
- %APPDATA%\qmacro\shield\SD004.dat
- <Current directory>\checkbox_checked.ico
- <Current directory>\checkbox_disabled_unchecked.ico
- <Current directory>\checkbox_disabled_checked.ico
- <Current directory>\checkbox_unchecked.ico
- <Current directory>\<Virus name>.ini
- %TEMP%\25c3.tmp
- %APPDATA%\mymacro\qdisp.dll
- %APPDATA%\qmacro\shield\SD000.dat
- %APPDATA%\qmacro\shield\SD003.dat
- %APPDATA%\qmacro\shield\SD002.dat
- %APPDATA%\qmacro\shield\SD001.dat
- %WINDIR%\inf\17.bmp
- %WINDIR%\inf\j1.bmp
- %WINDIR%\inf\j.bmp
- %WINDIR%\inf\hy.bmp
- %WINDIR%\inf\j10.bmp
- %WINDIR%\inf\jk10.bmp
- %WINDIR%\inf\jgj.bmp
- %WINDIR%\inf\jb.bmp
- %WINDIR%\inf\hou.bmp
- %WINDIR%\inf\hm.bmp
- %WINDIR%\inf\haiyang.bmp
- %WINDIR%\inf\hsym.bmp
- %WINDIR%\inf\hx2.bmp
- %WINDIR%\inf\hx.bmp
- %WINDIR%\inf\hui.bmp
- %WINDIR%\inf\jk11.bmp
- %WINDIR%\inf\mei.bmp
- %WINDIR%\inf\m.bmp
- %WINDIR%\inf\luo.bmp
- %WINDIR%\inf\mei2.bmp
- %WINDIR%\inf\pingfen.bmp
- %WINDIR%\inf\n.bmp
- %WINDIR%\inf\moren.bmp
- %WINDIR%\inf\jszd.bmp
- %WINDIR%\inf\jrhm.bmp
- %WINDIR%\inf\jksd.bmp
- %WINDIR%\inf\ln1.bmp
- %WINDIR%\inf\ln4.bmp
- %WINDIR%\inf\ln3.bmp
- %WINDIR%\inf\ln2.bmp
- %WINDIR%\inf\chu.bmp
- %WINDIR%\inf\by.bmp
- %WINDIR%\inf\bxjl.bmp
- %WINDIR%\inf\csbsb1.bmp
- %WINDIR%\inf\dam.bmp
- %WINDIR%\inf\csbsb3.bmp
- %WINDIR%\inf\csbsb2.bmp
- %WINDIR%\inf\baiyun.bmp
- %WINDIR%\inf\akjgj.bmp
- %WINDIR%\inf\18.bmp
- %WINDIR%\inf\bl.bmp
- %WINDIR%\inf\buyao.bmp
- %WINDIR%\inf\buxian.bmp
- %WINDIR%\inf\bs.bmp
- %WINDIR%\inf\deng.bmp
- %WINDIR%\inf\g2.bmp
- %WINDIR%\inf\g1.bmp
- %WINDIR%\inf\fsgc.bmp
- %WINDIR%\inf\gb.bmp
- %WINDIR%\inf\gr.bmp
- %WINDIR%\inf\gong2.bmp
- %WINDIR%\inf\gong.bmp
- %WINDIR%\inf\fen.bmp
- %WINDIR%\inf\dou.bmp
- %WINDIR%\inf\dhk.bmp
- %WINDIR%\inf\fq.bmp
- %WINDIR%\inf\fs8.bmp
- %WINDIR%\inf\fs7.bmp
- %WINDIR%\inf\fs6.bmp
- <Current directory>\radiobox_checked.ico
- <Current directory>\checkbox_disabled_unchecked.ico
- <Current directory>\checkbox_disabled_checked.ico
- <Current directory>\radiobox_disabled_unchecked.ico
- <Current directory>\radiobox_disabled_checked.ico
- <Current directory>\radiobox_unchecked.ico
- <Current directory>\ShieldModule.dat
- %TEMP%\mymacro.zip
- %TEMP%\plugin.zip
- <Current directory>\checkbox_unchecked.ico
- <Current directory>\checkbox_checked.ico
- <Current directory>\timer_icon.ico
- from %TEMP%\BackGround.bmp to %TEMP%\b28background.bmp
- 'c.###huoa.com':80
- c.###huoa.com/c2/MymacroidSalesUrl.aspx?my#######################
- c.###huoa.com/banner/Q09427.htm
- DNS ASK c.###huoa.com
- ClassName: 'Shell_TrayWnd' WindowName: ''