Technical Information
- [<HKLM>\SOFTWARE\Classes\mboxflash\Shell\open\command] '' = '"%PROGRAM_FILES%\KWMUSIC\KwFlashHolder.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\mbox\Shell\open\command] '' = '"%PROGRAM_FILES%\KWMUSIC\KwMusic.exe" "%1"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\KWMUSIC\KwMV.exe' = '%PROGRAM_FILES%\KWMUSIC\KwMV.exe:*:Enabled:їбОТMVґ«КдТэЗж'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\KWMUSIC\KwMusic.exe' = '%PROGRAM_FILES%\KWMUSIC\KwMusic.exe:*:Enabled:їбОТТфАЦєР'
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\KWMUSIC\dump.ax"
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\KWMUSIC\KwArd.ax"
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%PROGRAM_FILES%\KWMUSIC\KwMusic.exe" їбОТТфАЦєР ENABLE
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%PROGRAM_FILES%\KWMUSIC\KwMV.exe" їбОТMVґ«КдТэЗж ENABLE
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\red-yellow2.jpg
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\red-yellow.jpg
- %PROGRAM_FILES%\KWMUSIC\window-bk\dragon-fly.jpg
- %PROGRAM_FILES%\KWMUSIC\window-bk\bridge.jpg
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\green.jpg
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\green-yellow.jpg
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\pink-crystal.jpg
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\orange-crystal.jpg
- %PROGRAM_FILES%\KWMUSIC\window-bk\girl-balloon.jpg
- %PROGRAM_FILES%\KWMUSIC\Skin\Д¬ИПЖ¤·ф\downnotice.gif
- %PROGRAM_FILES%\KWMUSIC\Skin\Д¬ИПЖ¤·ф\down-icon.gif
- %PROGRAM_FILES%\KWMUSIC\Skin\Д¬ИПЖ¤·ф\skin.jpg
- %PROGRAM_FILES%\KWMUSIC\Skin\Д¬ИПЖ¤·ф\panel.xml
- %PROGRAM_FILES%\KWMUSIC\window-bk\red-flower.jpg
- %PROGRAM_FILES%\KWMUSIC\window-bk\girl-inred.jpg
- %PROGRAM_FILES%\KWMUSIC\Skin\Д¬ИПЖ¤·ф\LoadingGif.gif
- %PROGRAM_FILES%\KWMUSIC\window-bk\sand.bmp
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\green-crystal.jpg
- %PROGRAM_FILES%\KWMUSIC\html\img\pass-mv.jpg
- %PROGRAM_FILES%\KWMUSIC\html\weberror.htm
- %PROGRAM_FILES%\KWMUSIC\font-bk\dew.bmp
- %PROGRAM_FILES%\KWMUSIC\loading\ad\ad.ini
- %PROGRAM_FILES%\KWMUSIC\res\ranks\У°Тфёи·».xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\ТЎ№цПИ·ж.xml
- %PROGRAM_FILES%\KWMUSIC\html\nomv.htm
- %PROGRAM_FILES%\KWMUSIC\html\404.jpg
- %PROGRAM_FILES%\KWMUSIC\font-bk\flower.bmp
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\black-grey.jpg
- %PROGRAM_FILES%\KWMUSIC\font-bk\ѕьКВ.bmp
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\blue-red.jpg
- %PROGRAM_FILES%\KWMUSIC\koowo-bk\blue-crystal.jpg
- %PROGRAM_FILES%\KWMUSIC\font-bk\paw.bmp
- %PROGRAM_FILES%\KWMUSIC\font-bk\flower2.bmp
- %PROGRAM_FILES%\KWMUSIC\font-bk\wheat.bmp
- %PROGRAM_FILES%\KWMUSIC\font-bk\sand.bmp
- %PROGRAM_FILES%\KWMUSIC\zlib.dll
- %PROGRAM_FILES%\KWMUSIC\Reco.dll
- %PROGRAM_FILES%\KWMUSIC\KwArd.ax
- %PROGRAM_FILES%\KWMUSIC\dump.ax
- %PROGRAM_FILES%\KWMUSIC\http.dll
- %PROGRAM_FILES%\KWMUSIC\fzip.dll
- %PROGRAM_FILES%\KWMUSIC\player.dll
- %PROGRAM_FILES%\KWMUSIC\pd.dll
- %PROGRAM_FILES%\KWMUSIC\Uninstall.exe
- %TEMP%\nss3.tmp\inetc.dll
- %TEMP%\nss3.tmp\Base64.dll
- %PROGRAM_FILES%\KWMUSIC\1.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\music[1].htm
- %HOMEPATH%\Start Menu\Programs\їбОТТфАЦєР\ИнјюЛµГч.lnk
- %HOMEPATH%\Start Menu\Programs\їбОТТфАЦєР\їбОТТфАЦєР.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\їбОТТфАЦєР.lnk
- %HOMEPATH%\Desktop\їбОТТфАЦєР.lnk
- %PROGRAM_FILES%\KWMUSIC\dotag.dll
- %PROGRAM_FILES%\KWMUSIC\Skin\НъНъ_Ж¤·ф\panel.xml
- %PROGRAM_FILES%\KWMUSIC\Skin\НъНъ_Ж¤·ф\downnotice.gif
- %WINDIR%\KwYl.dat
- %PROGRAM_FILES%\KWMUSIC\Skin\НъНъ_Ж¤·ф\skinpack.pkg
- %PROGRAM_FILES%\KWMUSIC\Skin\Д¬ИПЖ¤·ф\small.bmp
- %PROGRAM_FILES%\KWMUSIC\Skin\Д¬ИПЖ¤·ф\skinpack.pkg
- %PROGRAM_FILES%\KWMUSIC\Skin\НъНъ_Ж¤·ф\down-icon.gif
- %PROGRAM_FILES%\KWMUSIC\Skin\НъНъ_Ж¤·ф\LoadingGif.gif
- %PROGRAM_FILES%\KWMUSIC\msvcr71.dll
- %PROGRAM_FILES%\KWMUSIC\lidx.dll
- %PROGRAM_FILES%\KWMUSIC\LocalServer.dll
- %PROGRAM_FILES%\KWMUSIC\KwUpdate.dll
- %PROGRAM_FILES%\KWMUSIC\KwLogSvr.dll
- %PROGRAM_FILES%\KWMUSIC\mfc71.dll
- %PROGRAM_FILES%\KWMUSIC\msvcp71.dll
- %PROGRAM_FILES%\KWMUSIC\KwFlashHolder.exe
- %PROGRAM_FILES%\KWMUSIC\KwMV.exe
- %PROGRAM_FILES%\KWMUSIC\res\ranks\ПаЙщРЎЖ·.xml
- %PROGRAM_FILES%\KWMUSIC\face\defaultbak\bk2_r1_c1.jpg
- %PROGRAM_FILES%\KWMUSIC\face\rigt.bmp
- %PROGRAM_FILES%\KWMUSIC\face\defaultbak\bk4_r1_c1.jpg
- %PROGRAM_FILES%\KWMUSIC\face\defaultbak\bk3_r1_c1.jpg
- %PROGRAM_FILES%\KWMUSIC\face\kwplog.img
- %PROGRAM_FILES%\KWMUSIC\face\kwpcmd.img
- %PROGRAM_FILES%\KWMUSIC\face\pub.img
- %PROGRAM_FILES%\KWMUSIC\face\left.bmp
- %PROGRAM_FILES%\KWMUSIC\face\defaultbak\bk5_r1_c1.jpg
- %PROGRAM_FILES%\KWMUSIC\swf\enjoy.swf
- %PROGRAM_FILES%\KWMUSIC\swf\directx.swf
- %PROGRAM_FILES%\KWMUSIC\swf\neterror.swf
- %PROGRAM_FILES%\KWMUSIC\swf\load.swf
- %PROGRAM_FILES%\KWMUSIC\face\defaultbak\bkground2.jpg
- %PROGRAM_FILES%\KWMUSIC\face\defaultbak\bkground1.jpg
- %PROGRAM_FILES%\KWMUSIC\swf\coverflow.swf
- %PROGRAM_FILES%\KWMUSIC\swf\MvComplete.swf
- %PROGRAM_FILES%\KWMUSIC\face\kwc.img
- %PROGRAM_FILES%\KWMUSIC\KwMusic.exe
- %TEMP%\nss3.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\KWMUSIC\recoEngine.exe
- %PROGRAM_FILES%\KWMUSIC\Encode.exe
- %TEMP%\nss3.tmp\System.dll
- %TEMP%\nsn2.tmp
- %TEMP%\nss3.tmp\AnimGif.dll
- %PROGRAM_FILES%\KWMUSIC\instpage.gif
- %PROGRAM_FILES%\KWMUSIC\appendDL.ini
- %PROGRAM_FILES%\KWMUSIC\face\font.bmp
- %PROGRAM_FILES%\KWMUSIC\face\default.jpg
- %PROGRAM_FILES%\KWMUSIC\face\hand-open.cur
- %PROGRAM_FILES%\KWMUSIC\face\hand-close.cur
- %PROGRAM_FILES%\KWMUSIC\lrcCfg.ini
- %PROGRAM_FILES%\KWMUSIC\config.ini
- %PROGRAM_FILES%\KWMUSIC\face\back.bmp
- %PROGRAM_FILES%\KWMUSIC\readme.txt
- %PROGRAM_FILES%\KWMUSIC\res\ranks\°Щ¶ИИИёи°с.xml
- %PROGRAM_FILES%\KWMUSIC\res\msg\view.gif
- %PROGRAM_FILES%\KWMUSIC\res\ranks\і¬ј¶НЇЙщ.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\°Щ¶ИРВёи°с.xml
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\7.JPG
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\6.JPG
- %PROGRAM_FILES%\KWMUSIC\res\msg\msg.htm
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\8.jpg
- %PROGRAM_FILES%\KWMUSIC\res\ranks\µзТфDJ.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\їбОТРВёи°с.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\їбОТИИёи°с.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\НшВзёиНх.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\МмфҐЦ®Тф.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\ѕўОиНЕЧЁЗш.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\·иїсёгР¦.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\їЁАOK.xml
- %PROGRAM_FILES%\KWMUSIC\res\ranks\ѕµд»іѕЙ.xml
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\5.JPG
- %PROGRAM_FILES%\KWMUSIC\res\PanesData.xml
- %PROGRAM_FILES%\KWMUSIC\swf\serverbusy.swf
- %PROGRAM_FILES%\KWMUSIC\res\hot_singer.xml
- %PROGRAM_FILES%\KWMUSIC\res\artists.xml
- %PROGRAM_FILES%\KWMUSIC\swf\nomtv.swf
- %PROGRAM_FILES%\KWMUSIC\swf\no.swf
- %PROGRAM_FILES%\KWMUSIC\swf\picexception.swf
- %PROGRAM_FILES%\KWMUSIC\swf\nores.swf
- %PROGRAM_FILES%\KWMUSIC\res\mblistcount.xml
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\2.JPG
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\1.JPG
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\4.JPG
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\3.JPG
- %PROGRAM_FILES%\KWMUSIC\res\rihan_singer.xml
- %PROGRAM_FILES%\KWMUSIC\res\oumei_singer.xml
- %PROGRAM_FILES%\KWMUSIC\res\coverflow\001.jpg
- %PROGRAM_FILES%\KWMUSIC\res\starmenu2.0.xml
- %TEMP%\nss3.tmp\inetc.dll
- %TEMP%\nss3.tmp\KillProcDLL.dll
- %TEMP%\nss3.tmp\System.dll
- %PROGRAM_FILES%\KWMUSIC\1.txt
- %TEMP%\nss3.tmp\AnimGif.dll
- %TEMP%\nss3.tmp\Base64.dll
- 'lo#.#oowo.com':80
- lo#.#oowo.com/music.yl
- DNS ASK lo#.#oowo.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'KwMusicServer' WindowName: 'KwMusicServer'
- ClassName: '#32770' WindowName: ''