Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'ReRun' = 'C:\Temp\ReRun.exe'
- C:\temp\rerun.exe
- C:\temp\adls.exe
- %HOMEPATH%\desktop\t启动器.exe
- <Current directory>\启动器.exe
- <Current directory>\设置器.exe
- C:\temp\tempfa2.ini
- <Current directory>\pic\jcp2.zip
- <Current directory>\pic\loadinjectdriver.a
- <Current directory>\pic\driversdll.dll
- <Current directory>\pic\checkl.a
- <Current directory>\pic\魔界雪人的心意.bmp
- <Current directory>\pic\ac.db
- <Current directory>\pic\new.zip
- <Current directory>\pic\updatefile.xml
- <Current directory>\down\new.exe
- <Current directory>\vhth8a2808.exe
- 'fn############95395.cos.ap-guangzhou.myqcloud.com':443
- 'ba##u.com':80
- http://www.ba##u.com/
- 'fn############95395.cos.ap-guangzhou.myqcloud.com':443
- DNS ASK fn############95395.cos.ap-guangzhou.myqcloud.com
- DNS ASK ba##u.com
- ClassName: '' WindowName: '提示'
- 'C:\temp\rerun.exe'
- '<Current directory>\vhth8a2808.exe'