Technical Information
- '%PROGRAM_FILES%\Internet Explorer\18.exe'
- '%PROGRAM_FILES%\Internet Explorer\17.exe'
- '%PROGRAM_FILES%\Internet Explorer\20.exe'
- '%PROGRAM_FILES%\Internet Explorer\19.exe'
- '%PROGRAM_FILES%\Internet Explorer\16.exe'
- '%PROGRAM_FILES%\Internet Explorer\13.exe'
- '%PROGRAM_FILES%\Internet Explorer\12.exe'
- '%PROGRAM_FILES%\Internet Explorer\15.exe'
- '%PROGRAM_FILES%\Internet Explorer\14.exe'
- '%PROGRAM_FILES%\Internet Explorer\21.exe'
- '%PROGRAM_FILES%\Internet Explorer\28.exe'
- '%PROGRAM_FILES%\Internet Explorer\27.exe'
- '%PROGRAM_FILES%\Internet Explorer\30.exe'
- '%PROGRAM_FILES%\Internet Explorer\29.exe'
- '%PROGRAM_FILES%\Internet Explorer\26.exe'
- '%PROGRAM_FILES%\Internet Explorer\23.exe'
- '%PROGRAM_FILES%\Internet Explorer\22.exe'
- '%PROGRAM_FILES%\Internet Explorer\25.exe'
- '%PROGRAM_FILES%\Internet Explorer\24.exe'
- '%PROGRAM_FILES%\Internet Explorer\9.exe'
- '%PROGRAM_FILES%\Internet Explorer\5.exe'
- '%PROGRAM_FILES%\Internet Explorer\2.exe'
- '%PROGRAM_FILES%\Internet Explorer\8.exe'
- '%PROGRAM_FILES%\Internet Explorer\4.exe'
- '%PROGRAM_FILES%\Internet Explorer\7.exe'
- '%PROGRAM_FILES%\Internet Explorer\11.exe'
- '%PROGRAM_FILES%\Internet Explorer\6.exe'
- '%PROGRAM_FILES%\Internet Explorer\1.exe'
- '%PROGRAM_FILES%\Internet Explorer\10.exe'
- '%PROGRAM_FILES%\Internet Explorer\4.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\24.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\5.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\30.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\23.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\28.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\1.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\29.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\27.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\25.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\26.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\2.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\22.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\9.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\14.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\16.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\15.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\12.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\11.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\13.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\10.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\20.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\19.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\21.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\6.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\17.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\8.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\7.exe' (downloaded from the Internet)
- '%PROGRAM_FILES%\Internet Explorer\18.exe' (downloaded from the Internet)
- '<SYSTEM32>\attrib.exe' +r +s +h <SYSTEM32>\autorun.exe
- '<SYSTEM32>\findstr.exe' /i f
- '<SYSTEM32>\attrib.exe' +r +s +h e:\autorun.inf
- '<SYSTEM32>\attrib.exe' +r +s +h <SYSTEM32>\autorun.inf
- '<SYSTEM32>\ping.exe' 127.1 -n 20
- '<SYSTEM32>\find.exe' /i "ip address"
- '<SYSTEM32>\ipconfig.exe' /all
- '<SYSTEM32>\attrib.exe' -r -s -h <SYSTEM32>\autorun.inf
- '<SYSTEM32>\attrib.exe' -r -s -h <SYSTEM32>\autorun.exe
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\connnet.bat
- '<SYSTEM32>\fsutil.exe' fsinfo drives
- '<SYSTEM32>\findstr.exe' /i e
- '<SYSTEM32>\attrib.exe' +r +s +h <Drive name for removable media>:\autorun.inf
- '<SYSTEM32>\findstr.exe' /i d
- %PROGRAM_FILES%\Internet Explorer\21.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\21[1].exe
- %PROGRAM_FILES%\Internet Explorer\20.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\22[1].exe
- %PROGRAM_FILES%\Internet Explorer\23.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\23[1].exe
- %PROGRAM_FILES%\Internet Explorer\22.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\20[1].exe
- %PROGRAM_FILES%\Internet Explorer\17.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\17[1].exe
- %PROGRAM_FILES%\Internet Explorer\16.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\18[1].exe
- %PROGRAM_FILES%\Internet Explorer\19.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\19[1].exe
- %PROGRAM_FILES%\Internet Explorer\18.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\29[1].exe
- %PROGRAM_FILES%\Internet Explorer\28.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\28[1].exe
- %PROGRAM_FILES%\Internet Explorer\29.exe
- <SYSTEM32>\connnet.bat
- %PROGRAM_FILES%\Internet Explorer\30.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\30[1].exe
- %PROGRAM_FILES%\Internet Explorer\27.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\25[1].exe
- %PROGRAM_FILES%\Internet Explorer\24.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\24[1].exe
- %PROGRAM_FILES%\Internet Explorer\25.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\27[1].exe
- %PROGRAM_FILES%\Internet Explorer\26.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\26[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\16[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\6[1].exe
- %PROGRAM_FILES%\Internet Explorer\5.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\5[1].exe
- %PROGRAM_FILES%\Internet Explorer\6.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\8[1].exe
- %PROGRAM_FILES%\Internet Explorer\7.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\7[1].exe
- %PROGRAM_FILES%\Internet Explorer\4.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\2[1].exe
- %PROGRAM_FILES%\Internet Explorer\1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].exe
- %PROGRAM_FILES%\Internet Explorer\2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\4[1].exe
- C:\3.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\3[1].exe
- %PROGRAM_FILES%\Internet Explorer\13.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\13[1].exe
- %PROGRAM_FILES%\Internet Explorer\12.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\14[1].exe
- %PROGRAM_FILES%\Internet Explorer\15.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\15[1].exe
- %PROGRAM_FILES%\Internet Explorer\14.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\12[1].exe
- %PROGRAM_FILES%\Internet Explorer\9.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\9[1].exe
- %PROGRAM_FILES%\Internet Explorer\8.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\10[1].exe
- %PROGRAM_FILES%\Internet Explorer\11.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\11[1].exe
- %PROGRAM_FILES%\Internet Explorer\10.exe
- 'ji##ai0.cn':80
- 'localhost':1037
- ji##ai0.cn/down/20.exe
- ji##ai0.cn/down/21.exe
- ji##ai0.cn/down/22.exe
- ji##ai0.cn/down/19.exe
- ji##ai0.cn/down/16.exe
- ji##ai0.cn/down/17.exe
- ji##ai0.cn/down/18.exe
- ji##ai0.cn/down/23.exe
- ji##ai0.cn/down/28.exe
- ji##ai0.cn/down/29.exe
- ji##ai0.cn/down/30.exe
- ji##ai0.cn/down/27.exe
- ji##ai0.cn/down/24.exe
- ji##ai0.cn/down/25.exe
- ji##ai0.cn/down/26.exe
- ji##ai0.cn/down/5.exe
- ji##ai0.cn/down/6.exe
- ji##ai0.cn/down/7.exe
- ji##ai0.cn/down/4.exe
- ji##ai0.cn/down/1.exe
- ji##ai0.cn/down/2.exe
- ji##ai0.cn/down/3.exe
- ji##ai0.cn/down/8.exe
- ji##ai0.cn/down/13.exe
- ji##ai0.cn/down/14.exe
- ji##ai0.cn/down/15.exe
- ji##ai0.cn/down/12.exe
- ji##ai0.cn/down/9.exe
- ji##ai0.cn/down/10.exe
- ji##ai0.cn/down/11.exe
- DNS ASK ji##ai0.cn