Technical Information
- '<LS_APPDATA>\CBSI2354.exe'
- '<LS_APPDATA>\9ex.exe' <LS_APPDATA>\DMMenu.29079.exe1989011http://do##.#pachat.com/meng/up/DMMenu.29079.exe
- '<LS_APPDATA>\fgcn_102099.exe'
- '<LS_APPDATA>\8ex.exe' <LS_APPDATA>\CBSI2354.exe1989011http://61.##4.183.251/ctrlserver/david/CBSI2354.exe
- '<LS_APPDATA>\livedt_brqds_3.5.0_500dx.exe'
- '<LS_APPDATA>\7ex.exe' <LS_APPDATA>\DuomiMusic_V304.exe1989011http://do##.duomi.com/DuomiMusic_V304.exe
- '<LS_APPDATA>\install1585095.exe'
- '<LS_APPDATA>\10ex.exe' <LS_APPDATA>\setup_v_62624.exe1989011http://se####.litsoft.com.cn/search/setup_v_62624.exe
- '<LS_APPDATA>\setup_v_62624.exe'
- '<LS_APPDATA>\14ex.exe' <LS_APPDATA>\UUSEE_kb1003_Setup_169339.exe1989011http://do####ad.uusee.com/pop/down_new.php?u=###################
- '<LS_APPDATA>\15ex.exe' <LS_APPDATA>\qiqibox_1013.exe1989011http://cl#.#unt.com/link/176116/
- '<LS_APPDATA>\13ex.exe' <LS_APPDATA>\yiqcmg_70877.exe1989011http://dn###xy.qbox.me/yiqcmg_70877.exe
- '<LS_APPDATA>\11ex.exe' <LS_APPDATA>\Dailytq_s[127].exe1989011http://do####ad.071dt.com/download/Dailytq_s[127].exe
- '<LS_APPDATA>\12ex.exe' <LS_APPDATA>\qbxda_30361.exe1989011http://dn###xy.qbox.me/qbxda_30361.exe
- '<LS_APPDATA>\DMMenu.29079.exe'
- '<LS_APPDATA>\0ex.exe' <LS_APPDATA>\tqrl_89_177609.exe1989011http://do##.#ianyunxj.com/tqrl_89_177609.exe
- '<LS_APPDATA>\3ex.exe' <LS_APPDATA>\setup_5387_p3c0.exe1989011http://st####.adshendun.com/client/download/silent/setup_5387_p3c0.exe
- '<LS_APPDATA>\goodpic_dae_633.exe'
- '<LS_APPDATA>\4ex.exe' <LS_APPDATA>\livedt_brqds_3.5.0_500dx.exe1989011http://cl#.#unt.com/link/176604/
- '<LS_APPDATA>\2ex.exe' <LS_APPDATA>\goodpic_dae_633.exe1989011http://dl.###nvkankan.com/goodpic_dae_633.exe
- '<LS_APPDATA>\1ex.exe' <LS_APPDATA>\kt_b_80176.exe1989011http://do##.#unasou.com/kt/kt_b_80176.exe
- '<LS_APPDATA>\kt_b_80176.exe'
- '<LS_APPDATA>\tqrl_89_177609.exe'
- '<LS_APPDATA>\5ex.exe' <LS_APPDATA>\install1585095.exe1989011http://wo####o.qiniudn.com/install1585095%20.exe
- '<LS_APPDATA>\setup_5387_p3c0.exe'
- '<LS_APPDATA>\6ex.exe' <LS_APPDATA>\fgcn_102099.exe1989011http://do###.flashget.com/un/fgcn_102099.exe
- '<LS_APPDATA>\setup_5387_p3c0.exe' (downloaded from the Internet)
- '<LS_APPDATA>\livedt_brqds_3.5.0_500dx.exe' (downloaded from the Internet)
- '<LS_APPDATA>\fgcn_102099.exe' (downloaded from the Internet)
- '<LS_APPDATA>\setup_v_62624.exe' (downloaded from the Internet)
- '<LS_APPDATA>\DMMenu.29079.exe' (downloaded from the Internet)
- '<LS_APPDATA>\goodpic_dae_633.exe' (downloaded from the Internet)
- '<LS_APPDATA>\CBSI2354.exe' (downloaded from the Internet)
- '<LS_APPDATA>\install1585095.exe' (downloaded from the Internet)
- '<LS_APPDATA>\tqrl_89_177609.exe' (downloaded from the Internet)
- '<LS_APPDATA>\kt_b_80176.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\7ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 7ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\9ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 8ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\6ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 6ex.exe
- '<SYSTEM32>\taskkill.exe' /F /IM 9ex.exe
- '<SYSTEM32>\taskkill.exe' /F /IM 11ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\12ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 12ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\10ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 10ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\11ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 1ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\2ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 2ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\0ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 0ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\1ex.exe.bat"
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\3ex.exe.bat"
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\5ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 5ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\8ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 3ex.exe
- '<SYSTEM32>\cmd.exe' /c "<LS_APPDATA>\4ex.exe.bat"
- '<SYSTEM32>\taskkill.exe' /F /IM 4ex.exe
- <LS_APPDATA>\9ex.exe
- <LS_APPDATA>\fgcn_102099.exe
- <LS_APPDATA>\10ex.exe
- <LS_APPDATA>\install1585095.exe
- <LS_APPDATA>\8ex.exe
- <LS_APPDATA>\CBSI2354.exe
- <LS_APPDATA>\11ex.exe
- <LS_APPDATA>\13ex.exe
- <LS_APPDATA>\14ex.exe
- <LS_APPDATA>\15ex.exe
- <LS_APPDATA>\DMMenu.29079.exe
- <LS_APPDATA>\12ex.exe
- <LS_APPDATA>\setup_v_62624.exe
- <LS_APPDATA>\7ex.exe
- <LS_APPDATA>\tqrl_89_177609.exe
- <LS_APPDATA>\2ex.exe
- <LS_APPDATA>\kt_b_80176.exe
- %PROGRAM_FILES%\open.ini
- <LS_APPDATA>\0ex.exe
- <LS_APPDATA>\1ex.exe
- <LS_APPDATA>\3ex.exe
- <LS_APPDATA>\setup_5387_p3c0.exe
- <LS_APPDATA>\6ex.exe
- <LS_APPDATA>\livedt_brqds_3.5.0_500dx.exe
- <LS_APPDATA>\goodpic_dae_633.exe
- <LS_APPDATA>\4ex.exe
- <LS_APPDATA>\5ex.exe
- %PROGRAM_FILES%\open.ini
- '61.##4.183.251':80
- 'wo####o.qiniudn.com':80
- 'do###.flashget.com':80
- 'se####.litsoft.com.cn':80
- 'do##.#pachat.com':80
- 'cl#.#unt.com':80
- 'do##.#ianyunxj.com':80
- 'wz.#m3k.cn':80
- 'do##.#unasou.com':80
- 'st####.adshendun.com':80
- 'dl.###nvkankan.com':80
- http://61.##4.183.251/ctrlserver/david/CBSI2354.exe
- http://wo####o.qiniudn.com/install1585095%20.exe
- http://do###.flashget.com/un/fgcn_102099.exe
- http://se####.litsoft.com.cn/search/setup_v_62624.exe
- http://do##.#pachat.com/meng/up/DMMenu.29079.exe
- http://cl#.#unt.com/link/176604/
- http://do##.#ianyunxj.com/tqrl_89_177609.exe
- http://wz.#m3k.cn/tongji.asp?sn######################################################
- http://do##.#unasou.com/kt/kt_b_80176.exe
- http://st####.adshendun.com/client/download/silent/setup_5387_p3c0.exe
- http://dl.###nvkankan.com/goodpic_dae_633.exe
- DNS ASK do##.#pachat.com
- DNS ASK do##.duomi.com
- DNS ASK do###.flashget.com
- DNS ASK se####.litsoft.com.cn
- DNS ASK do####ad.uusee.com
- DNS ASK dn###xy.qbox.me
- DNS ASK do####ad.071dt.com
- DNS ASK do##.#unasou.com
- DNS ASK do##.#ianyunxj.com
- DNS ASK wz.#m3k.cn
- DNS ASK dl.###nvkankan.com
- DNS ASK wo####o.qiniudn.com
- DNS ASK cl#.#unt.com
- DNS ASK st####.adshendun.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''