Technical Information
- %TEMP%\aut9df.tmp
- %TEMP%\aut1a63.tmp
- %TEMP%\wll_jjyzkyp\images\4_check1_2.jpg
- %TEMP%\aut19e6.tmp
- %TEMP%\wll_jjyzkyp\images\4_footer.jpg
- %TEMP%\aut1949.tmp
- %TEMP%\wll_jjyzkyp\images\2_restore_1.jpg
- %TEMP%\aut18fa.tmp
- %TEMP%\wll_jjyzkyp\images\2_view2_1.jpg
- %TEMP%\wll_jjyzkyp\images\h_downicon.jpg
- %TEMP%\aut188b.tmp
- %TEMP%\aut181d.tmp
- %TEMP%\wll_jjyzkyp\images\2_view1_1.jpg
- %TEMP%\aut17de.tmp
- %TEMP%\wll_jjyzkyp\images\2_footer.jpg
- %TEMP%\aut1750.tmp
- %TEMP%\wll_jjyzkyp\images\h_rebut1_1.jpg
- %TEMP%\aut16d3.tmp
- %TEMP%\wll_jjyzkyp\images\h_pause_1.jpg
- %TEMP%\wll_jjyzkyp\images\2_backup_1.jpg
- %TEMP%\aut1684.tmp
- %TEMP%\wll_jjyzkyp\images\4_backup_1.jpg
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\2tivxitc\desktop.ini
- %TEMP%\wll_jjyzkyp\images\0_2_2.jpg
- %TEMP%\aut9216.tmp
- D:\wllos\softinfo.ini
- %TEMP%\wll_jjyzkyp\images\1_1_but1_1.jpg
- %TEMP%\aut7533.tmp
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\rs3g8hb6\desktop.ini
- %TEMP%\wll_jjyzkyp\images\4_check2_2.jpg
- %TEMP%\aut1ab2.tmp
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\n6242qku\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %TEMP%\wll_jjyzkyp\images\4_restore_1.jpg
- %TEMP%\aut1b40.tmp
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\drqmxdtc\desktop.ini
- %TEMP%\aut1615.tmp
- %TEMP%\wll_jjyzkyp\images\h_header.jpg
- %TEMP%\aut152a.tmp
- %TEMP%\wll_jjyzkyp\images\1_1_but1_4.jpg
- %TEMP%\aute4a.tmp
- %TEMP%\wll_jjyzkyp\images\1_header.jpg
- %TEMP%\autd8e.tmp
- %TEMP%\wll_jjyzkyp\images\0_help_1.jpg
- %TEMP%\autd20.tmp
- %TEMP%\wll_jjyzkyp\images\0_4_1.jpg
- %TEMP%\wll_jjyzkyp\images\1_2_xp_1.jpg
- %TEMP%\autc92.tmp
- %TEMP%\autc43.tmp
- %TEMP%\wll_jjyzkyp\images\0_1_3.jpg
- %TEMP%\autc04.tmp
- %TEMP%\wll_jjyzkyp\images\close_1.jpg
- %TEMP%\autba5.tmp
- %TEMP%\wll_jjyzkyp\images\min_1.jpg
- %TEMP%\autaf9.tmp
- %TEMP%\wll_jjyzkyp\images\bg.jpg
- %TEMP%\wll_jjyzkyp\images\0_2_1.jpg
- %TEMP%\autf65.tmp
- %TEMP%\autf06.tmp
- %TEMP%\wll_jjyzkyp\images\1_2_w7x32_1.jpg
- %TEMP%\wll_jjyzkyp\images\1_3_rebut1_1.jpg
- %TEMP%\aut1277.tmp
- %TEMP%\aut14cc.tmp
- %TEMP%\wll_jjyzkyp\images\1_3_pause_1.jpg
- %TEMP%\aut147d.tmp
- %TEMP%\wll_jjyzkyp\images\1_3_wait.jpg
- %TEMP%\aut13e0.tmp
- %TEMP%\wll_jjyzkyp\images\1_2_but1_1.jpg
- %TEMP%\aut12d6.tmp
- %TEMP%\wll_jjyzkyp\images\1_back_1.jpg
- %TEMP%\wll_jjyzkyp\images\1_2_w10x64_1.jpg
- %TEMP%\autfb4.tmp
- %TEMP%\aut1228.tmp
- %TEMP%\wll_jjyzkyp\images\1_2_w10x32_1.jpg
- %TEMP%\aut11c9.tmp
- %TEMP%\wll_jjyzkyp\images\1_2_w8x64_1.jpg
- %TEMP%\aut1090.tmp
- %TEMP%\wll_jjyzkyp\images\1_2_w8x32_1.jpg
- %TEMP%\aut1022.tmp
- %TEMP%\wll_jjyzkyp\images\1_2_w7x64_1.jpg
- %TEMP%\aut44e2.tmp
- %TEMP%\wll_jjyzkyp\images\0_4_2.jpg
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\n6242qku\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\2tivxitc\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\drqmxdtc\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\rs3g8hb6\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- D:\wllos\softinfo.ini
- %TEMP%\aut9df.tmp
- %TEMP%\aut1615.tmp
- %TEMP%\aut1684.tmp
- %TEMP%\aut16d3.tmp
- %TEMP%\aut1750.tmp
- %TEMP%\aut17de.tmp
- %TEMP%\aut181d.tmp
- %TEMP%\autf06.tmp
- %TEMP%\aut188b.tmp
- %TEMP%\aut1949.tmp
- %TEMP%\aut19e6.tmp
- %TEMP%\aut1a63.tmp
- %TEMP%\aut1ab2.tmp
- %TEMP%\aut1b40.tmp
- %TEMP%\aut7533.tmp
- %TEMP%\aut14cc.tmp
- %TEMP%\aut152a.tmp
- %TEMP%\aut147d.tmp
- %TEMP%\aut13e0.tmp
- %TEMP%\aut12d6.tmp
- %TEMP%\autba5.tmp
- %TEMP%\autc04.tmp
- %TEMP%\autc43.tmp
- %TEMP%\autc92.tmp
- %TEMP%\autd20.tmp
- %TEMP%\autd8e.tmp
- %TEMP%\aut9216.tmp
- %TEMP%\aut18fa.tmp
- %TEMP%\aute4a.tmp
- %TEMP%\autfb4.tmp
- %TEMP%\aut1022.tmp
- %TEMP%\aut1090.tmp
- %TEMP%\aut11c9.tmp
- %TEMP%\aut1228.tmp
- %TEMP%\aut1277.tmp
- %TEMP%\autaf9.tmp
- %TEMP%\autf65.tmp
- %TEMP%\aut44e2.tmp
- http://ch######ang.xiuchufang.com/dngsxitong/config.txt
- DNS ASK ba##u.com
- DNS ASK ch######ang.xiuchufang.com
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1