Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CdnCtr' = '%PROGRAM_FILES%\CNNIC\Cdn\cdnup.exe'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}] 'ClsidExtension' = '{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'realtpsk' = '%WINDIR%\system\realsched.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\adodbc.exe'
- %WINDIR%\Tasks\DM_Install_Program.job
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\103334.exe' = '%TEMP%\103334.exe:*:Enabled:DM'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\system\realsched.exe' = '%WINDIR%\system\realsched.exe:*:Enabled:realsched.exe'
- '%TEMP%\setup175.exe'
- '%TEMP%\13519.exe'
- '%TEMP%\vgo8.tmp.exe' /S
- '%WINDIR%\cnt.exe' 13519
- '%WINDIR%\Temp\ie.exe' /S
- '%TEMP%\103334.exe'
- '%TEMP%\A\setup.exe' 00010802
- '%TEMP%\huacai904.exe'
- '%TEMP%\Setup4.exe'
- '%TEMP%\bind_40123.exe'
- '%TEMP%\setup.exe'
- '%TEMP%\bizG2.exe'
- '%WINDIR%\system\realsched.exe'
- '%WINDIR%\Temp\vgo.exe'
- '%TEMP%\vgosetup1130.exe'
- '%WINDIR%\Temp\ie.exe' (downloaded from the Internet)
- '%WINDIR%\cnt.exe' (downloaded from the Internet)
- '%TEMP%\vgo8.tmp.exe' (downloaded from the Internet)
- '<SYSTEM32>\regsvr32.exe' /u /s "%PROGRAM_FILES%\SearchNet\SNHpr.dll"
- '<SYSTEM32>\regsvr32.exe' <SYSTEM32>\rundll32.dll /s
- '<SYSTEM32>\regsvr32.exe' <DRIVERS>\spoolsv.dll /s
- %TEMP%\A\cdnprh.dll
- %TEMP%\A\cdnins.dll
- %TEMP%\A\cdnforie.dll
- %TEMP%\A\cdnprot.dat
- %TEMP%\A\cdnup.exe
- %TEMP%\A\cdnunins.exe
- %TEMP%\A\cdnprot.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\13519[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\51.ac[1]
- <DRIVERS>\ttfhc.sys
- %WINDIR%\cnt.exe
- %TEMP%\A\cdnaux.dll
- %TEMP%\A\cdn.dll
- %TEMP%\hhu9.tmp
- %TEMP%\A\cdnvers.dat
- %PROGRAM_FILES%\CNNIC\Cdn\cdnup.exe
- %PROGRAM_FILES%\CNNIC\Cdn\cdnaux.dll
- %PROGRAM_FILES%\CNNIC\Cdn\src.dat
- %PROGRAM_FILES%\CNNIC\Cdn\cdnforie.dll
- %WINDIR%\Temp\ie.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\iebar[1].exe
- %TEMP%\103334.exe
- %TEMP%\A\src.dat
- %TEMP%\A\setup.exe
- %TEMP%\A\idnconvs.dll
- %TEMP%\src.tmp
- %PROGRAM_FILES%\CNNIC\Cdn\cdnunins.exe
- %PROGRAM_FILES%\CNNIC\Cdn\cdnvers.dat
- %PROGRAM_FILES%\CNNIC\Cdn\idnconvs.dll
- <SYSTEM32>\HttpReq.dll
- %WINDIR%\inf\cpap.ini
- %TEMP%\Setup4.exe
- <SYSTEM32>\rundll32.dll
- %TEMP%\nsi5.tmp\NSISdl.dll
- %TEMP%\bind_40123.exe
- <SYSTEM32>\WEBDLL.DLL
- %TEMP%\bizG2.exe
- <SYSTEM32>\oledb32.dll
- %TEMP%\setup.exe
- <DRIVERS>\System.ini
- <DRIVERS>\WEBDLL.DLL
- <DRIVERS>\spoolsv.dll
- <DRIVERS>\HttpReq.dll
- %TEMP%\temp.exe
- <SYSTEM32>\cjzqm.xl
- %TEMP%\vgo8.tmp.exe
- <SYSTEM32>\mouzqm.xl
- <SYSTEM32>\dmshell.dll
- %TEMP%\m4et6s.dll
- %TEMP%\setup175.exe
- %TEMP%\13519.exe
- %WINDIR%\system\realsched.exe
- %TEMP%\nsp7.tmp
- %TEMP%\vgosetup1130.exe
- %WINDIR%\system\vp_VM.dll
- <SYSTEM32>\adodbc.exe
- %TEMP%\huacai904.exe
- %WINDIR%\Temp\vgo.exe
- %TEMP%\src.tmp
- %WINDIR%\Temp\ie.exe
- %WINDIR%\Tasks\DM_Install_Program.job
- %TEMP%\hhu9.tmp
- %WINDIR%\Temp\vgo.exe
- %TEMP%\m4et6s.dll
- <DRIVERS>\ttfhc.sys
- 'www.51.#c.cn':80
- 'localhost':1045
- 'do##.51.ac.cn':80
- 'ul####3.dudu.com':80
- 'localhost':1050
- 'localhost':1044
- 'www.v0##7.com':80
- 'fi##.#nionsms.net':80
- 'ho##.#down.21cn.com':80
- 'www.xh#.cn':80
- 'www.8w##.net':80
- www.51.#c.cn/
- www.xh#.cn/dmshell.rar
- ul####3.dudu.com/setup/iebar.exe
- do##.51.ac.cn/13519.exe
- www.v0##7.com/0107/read.asp?id####
- fi##.#nionsms.net/kuzhan/kuzhansetup.exe
- www.8w##.net/ad2/down2.htm
- ho##.#down.21cn.com/rmdownload/drm/data3/eyejoy/olsetup/1130/VGOSetup.exe
- DNS ASK www.51.#c.cn
- DNS ASK www.xh#.cn
- DNS ASK ul####3.dudu.com
- DNS ASK do##.51.ac.cn
- DNS ASK www.v0##7.com
- DNS ASK fi##.#nionsms.net
- DNS ASK www.8w##.net
- DNS ASK ho##.#down.21cn.com
- ClassName: '(null)' WindowName: 'CdnUp'
- ClassName: '(null)' WindowName: 'CdnHide'
- ClassName: '(null)' WindowName: 'Chinese Navigation'
- ClassName: '(null)' WindowName: 'Chinese Navigation Upgrade'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'