Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '' = '%ProgramFiles%\jnwfme\jnwfme.exe'
- '' (downloaded from the Internet)
- jnwfme.exe
- ClassName: 'FileMonClass', WindowName: ''
- ClassName: 'RegMonClass', WindowName: ''
- %PROGRAMDATA%\001.exe
- %PROGRAMDATA%\autoipclient.exe
- %PROGRAMDATA%\autoip.dll
- %PROGRAMDATA%\wc.dat
- C:\microsoft.cjk
- %ProgramFiles%\jnwfme\wc.dat
- %ProgramFiles%\jnwfme\jnwfme.exe
- %ProgramFiles%\jnwfme\autoip.dll
- '12#.#1.87.199':18926
- http://11#.#31.91.126/8116/001.exe
- http://11#.#31.91.126/8116/AutoIPClient.exe
- http://11#.#31.91.126/8116/autoip.dll
- http://11#.#31.91.126/8116/wc.dat
- '%PROGRAMDATA%\001.exe'
- '%PROGRAMDATA%\autoipclient.exe'
- '%ProgramFiles%\jnwfme\jnwfme.exe'