Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinPlayer' = '%HOMEPATH%\My Documents\\AppPatch\WinService.exe'
- %HOMEPATH%\My Documents\1.jpg
- %HOMEPATH%\My Documents\AppPatch\winin.zip
- %HOMEPATH%\My Documents\AppPatch\WinService.exe
- %CommonProgramFiles%\AppPatch\winins.zip
- %CommonProgramFiles%\AppPatch\WinService.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\3tb_150320234438kqtx546888[1].jpg
- %ProgramFiles%\AppPatch\3tb_150320234438kqt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\3tb_150320234438kqtx546888[1].jpg
- 'd2.#reep.cn':80
- http://d2.#reep.cn/3tb_150320234438kqtx546888.jpg
- DNS ASK d2.#reep.cn
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- '%HOMEPATH%\My Documents\AppPatch\WinService.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %HOMEPATH%\My Documents\1.jpg