Technical Information
- '%TEMP%\nsz2.tmp\pczh_155.exe'
- '%TEMP%\nsz2.tmp\90018_ailiao.exe'
- '%TEMP%\nsz2.tmp\kuping_s_51022.exe'
- '%TEMP%\nsz2.tmp\pipi_dae_274.exe'
- '%TEMP%\nsz2.tmp\setup1004.exe'
- '%TEMP%\nsz2.tmp\setup_3038.exe'
- '%TEMP%\nsz2.tmp\setup_open_3747.exe'
- '%TEMP%\nsz2.tmp\mx_4zengjie.exe'
- '%TEMP%\nsz2.tmp\dianxin_silent[108].exe'
- '%TEMP%\nsz2.tmp\s2222.exe'
- '%TEMP%\nsz2.tmp\shenmatv_dae_300.exe'
- '%TEMP%\nsz2.tmp\vmmc_70205.exe'
- '%TEMP%\nsz2.tmp\setup1146568.exe'
- '%TEMP%\nsz2.tmp\setup_qd206.exe'
- '%TEMP%\nsz2.tmp\vxdpwbw_30071.exe'
- '%TEMP%\nsz2.tmp\SoHuVA_4.2.0.0-c204900009-ng-s-run-x.exe'
- '%TEMP%\nsz2.tmp\setups30112.exe'
- '%TEMP%\nsz2.tmp\s2222.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\mx_4zengjie.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\setup_qd206.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\SoHuVA_4.2.0.0-c204900009-ng-s-run-x.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\setup_open_3747.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\shenmatv_dae_300.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\dianxin_silent[108].exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\setup1004.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\kuping_s_51022.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\setup1146568.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\setups30112.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\pipi_dae_274.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\vxdpwbw_30071.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\setup_3038.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\90018_ailiao.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\vmmc_70205.exe' (downloaded from the Internet)
- '%TEMP%\nsz2.tmp\pczh_155.exe' (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\zhihui[1].gif
- %TEMP%\nsz2.tmp\kuping_s_51022.exe
- %TEMP%\nsz2.tmp\pczh_155.exe
- %TEMP%\nsz2.tmp\90018_ailiao.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\ailiao[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\kuping[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\pipi_dae_274[1].txt
- %TEMP%\nsz2.tmp\setups30112.exe
- %TEMP%\nsz2.tmp\pipi_dae_274.exe
- %TEMP%\nsz2.tmp\setup1004.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\miaomiao[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\yinyuefm[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wuji[1].gif
- %TEMP%\nsz2.tmp\dianxin_silent[108].exe
- %TEMP%\nsz2.tmp\setup_open_3747.exe
- %TEMP%\nsz2.tmp\mx_4zengjie.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mx_4zengjie[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\dianxin[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\xiaoxinrili[1].gif
- %TEMP%\nsz2.tmp\setup_3038.exe
- %TEMP%\nsz2.tmp\s2222.exe
- %TEMP%\nsz2.tmp\shenmatv_dae_300.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\shenma[1].gif
- %PROGRAM_FILES%\kuplay\uninst.exe
- %HOMEPATH%\Start Menu\Programs\їбІҐУ°КУ\Uninstall.lnk
- %TEMP%\nsz2.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\kk[1].htm
- %TEMP%\nsz2.tmp\inetc.dll
- %HOMEPATH%\Start Menu\Programs\їбІҐУ°КУ\Website.lnk
- %PROGRAM_FILES%\kuplay\play.exe
- %TEMP%\nsz2.tmp\FindProcDLL.dll
- %HOMEPATH%\Start Menu\Programs\їбІҐУ°КУ\їбІҐУ°КУ.lnk
- %PROGRAM_FILES%\kuplay\їбІҐУ°КУ.url
- %HOMEPATH%\Desktop\їбІҐУ°КУ.lnk
- %PROGRAM_FILES%\kuplay\black.htm
- %TEMP%\nsz2.tmp\vmmc_70205.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\baiduweishi[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ruixing[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\gongjuhui[1].gif
- %TEMP%\nsz2.tmp\setup1146568.exe
- %TEMP%\nsz2.tmp\vxdpwbw_30071.exe
- %TEMP%\nsz2.tmp\SoHuVA_4.2.0.0-c204900009-ng-s-run-x.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\SoHuVA_4.0.0.73-c204900009-ng-s-run-x[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\setup_qd206[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\baidushadu[1].gif
- %TEMP%\nsz2.tmp\setup_qd206.exe
- %TEMP%\nsz2.tmp\setup_open_3747.exe
- %TEMP%\nsz2.tmp\setup_qd206.exe
- %TEMP%\nsz2.tmp\setup_3038.exe
- %TEMP%\nsz2.tmp\setup1146568.exe
- %TEMP%\nsz2.tmp\setups30112.exe
- %TEMP%\nsz2.tmp\vmmc_70205.exe
- %TEMP%\nsz2.tmp\vxdpwbw_30071.exe
- %TEMP%\nsz2.tmp\System.dll
- %TEMP%\nsz2.tmp\shenmatv_dae_300.exe
- %TEMP%\nsz2.tmp\SoHuVA_4.2.0.0-c204900009-ng-s-run-x.exe
- %TEMP%\nsz2.tmp\inetc.dll
- %TEMP%\nsz2.tmp\kuping_s_51022.exe
- %TEMP%\nsz2.tmp\FindProcDLL.dll
- %TEMP%\nsz2.tmp\90018_ailiao.exe
- %TEMP%\nsz2.tmp\dianxin_silent[108].exe
- %TEMP%\nsz2.tmp\s2222.exe
- %TEMP%\nsz2.tmp\setup1004.exe
- %TEMP%\nsz2.tmp\pipi_dae_274.exe
- %TEMP%\nsz2.tmp\mx_4zengjie.exe
- %TEMP%\nsz2.tmp\pczh_155.exe
- 'pu########.#28ceb8923f4f.d01.nanoyun.com':80
- 'dl.#ipi.cn':80
- 'mk.##xthon.cn':80
- 'yu##.yyjdpm.net':80
- 'd.##dtw.com':80
- 'do##.guangsu.cn':80
- pu########.#28ceb8923f4f.d01.nanoyun.com/yinyuefm.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/xiaoxinrili.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/zhihui.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/ailiao.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/wuji.gif
- mk.##xthon.cn/max4/zxr/mx_4zengjie.txt
- pu########.#28ceb8923f4f.d01.nanoyun.com/shenma.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/dianxin.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/kuping.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/baidushadu.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/baiduweishi.gif
- d.##dtw.com/exe/SoHuVA_4.0.0.73-c204900009-ng-s-run-x.txt
- do##.guangsu.cn/qdn/setup_qd206.txt
- dl.#ipi.cn/pipi_dae_274.txt
- pu########.#28ceb8923f4f.d01.nanoyun.com/miaomiao.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/ruixing.gif
- pu########.#28ceb8923f4f.d01.nanoyun.com/gongjuhui.gif
- yu##.yyjdpm.net/kk.php
- DNS ASK pu########.#28ceb8923f4f.d01.nanoyun.com
- DNS ASK dl.#ipi.cn
- DNS ASK mk.##xthon.cn
- DNS ASK yu##.yyjdpm.net
- DNS ASK d.##dtw.com
- DNS ASK do##.guangsu.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'