Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\wmiprvse.exe.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\searchprotocolhost.lnk
- %APPDATA%\microsoft\windows\start menu\programs\maintenancr\wmiprv.exe
- %APPDATA%\microsoft\windows\start menu\programs\maintenancr\search.exe
- %APPDATA%\microsoft\windows\start menu\programs\maintenancr\wmiprv.exe
- %APPDATA%\microsoft\windows\start menu\programs\maintenancr\search.exe
- http://cc.##168.com/f_ht/ajcx/wj.aspx?cz##################################################
- http://ys##.ys168.com/616885329/216367208/SiuKRIi4754444845QKd7/WmiPrv.exe
- http://ys##.ys168.com/616885321/216373859/SiuKRIq47544558FJQL624/Search.exe
- http://cc.##168.com/f_ht/ajcx/ml.aspx?cz#################################
- DNS ASK cc.##168.com
- DNS ASK ys##.ys168.com
- '%APPDATA%\microsoft\windows\start menu\programs\maintenancr\wmiprv.exe'
- '%APPDATA%\microsoft\windows\start menu\programs\maintenancr\search.exe'