Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\kongxian.lnk
- %ALLUSERSPROFILE%\2.zip
- %ALLUSERSPROFILE%\bookmarks.exe
- %ALLUSERSPROFILE%\python23.dll
- %ALLUSERSPROFILE%\xm.xml
- %ALLUSERSPROFILE%\ini.ini
- C:\users\public\1.zip
- %HOMEPATH%\desktop\rar.exe
- %ALLUSERSPROFILE%\l.dll
- %ALLUSERSPROFILE%\cc.exe
- %ALLUSERSPROFILE%\a.ini
- %ALLUSERSPROFILE%\cba.bat
- %ALLUSERSPROFILE%\ccstart.exe
- %ALLUSERSPROFILE%\update.ini
- C:\users\public\documents\jdi\11111.lnk
- %ALLUSERSPROFILE%\dx.vbs
- %HOMEPATH%\desktop\rar.ini
- C:\users\public\1.zip
- %HOMEPATH%\desktop\rar.exe
- %HOMEPATH%\desktop\rar.ini
- C:\users\public\documents\jdi\11111.lnk
- '45.##5.204.56':7799
- '15#.#9.251.14':8888
- http://45.###.204.56:7799//aa.zip?=1######### via 45.##5.204.56
- '15#.#9.251.14':8888
- ClassName: 'CabinetWClass' WindowName: 'jdi'
- ClassName: 'DirectUIHWND' WindowName: ''
- '%ALLUSERSPROFILE%\bookmarks.exe' -hg
- '%HOMEPATH%\desktop\rar.exe' x -y C:\Users\Public\1.zip
- '%ALLUSERSPROFILE%\bookmarks.exe' -hg' (with hidden window)