Trojan.Win32.FlyStudio_42bbe53408 – Adaware

Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 42bbe53408b5b20684184b74395da9f6

SHA1: 84a2ec979cbe6f4db7ca66e1f2b86cc04bf865f6

SHA256: 6eeed22e43d81c3c9c755e66292000f02c92bb2bd8c47829df147f971196e5cb

SSDeep: 49152:1e4P9QbA37C1BXMbEL836qdwk0cQHGiYYSzSY5voVU7zQY1jNQ s8KuqGaX0ToIU:5kArEqdwkLQHHhsSYt8 JBAUZLy

Size: 3485696 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171

Company: no certificate found

Created at: 2013-11-16 10:31:12

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):

%original file name%.exe:668

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:668 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_1_20150824[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\zwsf2-3[1].gif (1759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\game_bg[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\c_1[1].gif (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\checkMobile[1].js (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\o[1].swf (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\CA7ASJVX (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\zrsp_1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\sy_ico[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20150824[2].css (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\111111111111111111111111111111111111111[1].htm (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\u=1136749690,815916792&fm=76[1].jpg (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\0f0000nHWaDGGJgmd7u1Zs[1].swf (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\nav_bg[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\tjrm_img09[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\zm_add[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_6[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\CAG1Y74L.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\more_zb[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\lazy_iframe[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\jquery-1.2.1.pack[2].js (1740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\tjrm_img08[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\ftbtn[1].gif (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\wh[1].js (2252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\crossdomain[1].xml (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\logo[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\trace_news[1].js (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zj_btn[1].gif (1 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\CPROID[1].xml (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\flash_ad_version[1].xml (119 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\click[2].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\0f00057I9_MLlocrKCGPLf[1].swf (3659 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\n_zm1[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\bg_7[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\more_boss[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\lmbtn[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20150824[1].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\petEIconv1450[1].swf (15340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\style[1].css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\libg_1[1].gif (899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\topbg_20140506[1].jpg (4153 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\CACT2DFO.htm&cfv=11&tsr=0&tcn=1441846243&tpr=1441846242796&coa=at=image&rsi0=400&rsi1=300&tn=baidujson_patch (1291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\go_bbs[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\xgjv183[1].swf (295719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\jcsp_1[1].jpg (2246 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (1115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\1GQ340U13[1].gif (527 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[1].txt (926 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\b_2[1].gif (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\nova_fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (6220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\unilogin_package[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\t_9[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\news_footer[1].js (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\tjrm_img011[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\10163ZO2N[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.vip5866[1].txt (1038 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\c[1].swf (547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\crossdomain[1].xml (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\FuYun[1].swf (24485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\c[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\tgbtn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\t_8[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\0f0000mUMeDPtm1xsKSa96[1].swf (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\CAURWTUV.swf (5872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_4[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\4399_16125310445[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\CAHCNU7N.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\t_6[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\0f000DTf8hHHd5tgwQ8C8f[1].swf (711 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@4399[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\u=1887182047,2242671149&fm=76[1].jpg (3270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\061051503Y1[1].jpg (4634 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\101634512c8[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\2GJ54T541[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bdshare[1].js (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\crossdomain[1].xml (570 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_5_20130716[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\sp_line_1[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\0f000DEUfr4hniEsJj_ROs[1].swf (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20141010[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\1Q62S330N[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\c[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\logger[1].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\0913524M015[1].gif (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\u=1265655567,1529096812&fm=76[1].jpg (3150 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s8.4399.com\settings.sxx (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\CA638567.htm (5777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\xml[1].xml (680 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\jquery-1.2.1.pack[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\zb_nav_20131205[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\libg_3[1].gif (542 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\tjrm_img06[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\t_1[1].gif (599 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\new5[1].gif (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\desktop.ini (67 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\click[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\011K053B24[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\b_5[1].gif (317 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\u=1421353108,1764487604&fm=76[1].jpg (5722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\play_hs1202[2].js (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\ucenter[1].js (19040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\Commonv1270[1].swf (95193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\libg_2[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\1016395W521[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\bdsstyle[1].css (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20141010[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\u=3117833277,3572889005&fm=76[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\0f000PDTSGXtJ3W50fJSys[1].png (6249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\u=1614745384,2134413757&fm=76[1].jpg (7273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\ctrl_mo_v5[1].swf (42589 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[2].txt (1521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\right[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_3[1].gif (1318 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\c[2].js (2637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\c_3[1].gif (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\core[1].php (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\unilogin_package[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\icon_keys[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\flash_ctrl_version[1].xml (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399[1].js (902 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\cdn.comment.4399pk.com\seed4399Value.sxx (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\xgjv183[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\78072[2].htm (4288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\78072[1].htm (5157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\ecom[1].xml (233 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\oXMLStore[1].xml (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\t_lm[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\t_4[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\tjrm_img07[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\t_2[1].gif (1237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\u=590893569,3884611603&fm=76[1].jpg (5748 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\c_4[1].gif (81 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\02104939B23[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\A4399dv_base_main[1].swf (5973 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\n_mg_bg[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\xgjv183[1].htm (1744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\scbg[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\baiduImageRender[1].swf (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\b_4[1].gif (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\more_boss_s[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\o[1].htm (1394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\b_1[1].gif (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\CAAEB2CL.htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\0f000F_vSMdFWGLTLIlBvs[1].jpg (3609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399_10503158122[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\bg_9[1].gif (926 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\faspbtn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bds_s_v2[1].js (1753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399_14294510451[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\baiduPatch[1].swf (810 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.vip5866[2].txt (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ico_1[1].gif (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\hottop[1].gif (857 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ico_ann[1].gif (1 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\s8.4399.com\seed4399Value.sxx (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\A4399dv_base[1].swf (1629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\lb_ico_v1[1].png (652 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\ico[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\gggggggggggggggggggggggggggggggggggggggg[1].htm (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\2F952341b8[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\shell_v2[1].js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.comment.4399pk.com\settings.sxx (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\c_2[1].gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\headerBg[1].gif (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ac[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\sszn[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\sc[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ac[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\bg_8[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399[2].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\play_hs1202[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\u=1520398955,2520422704&fm=76[1].jpg (6882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\base[1].css (11713 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\c_5[1].gif (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\is[1].png (1992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\t_3[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\left[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\4399_11234392734[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\new_icon_1[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\logo-noborder-light[1].png (455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\31114144J08[1].jpg (2628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\wh[2].js (1520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\crossdomain[2].xml (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\b_3[1].gif (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\core[2].php (764 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\0f000PMN_6_Z09Vbgll5of[1].swf (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\chkDomain[1].js (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\t_5[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\MagicWeaponv1240[1].swf (649687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\4399_17485812405[1].jpg (3 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@www.vip5866[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\wh[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\c[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\play_hs1202[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.comment.4399pk.com\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\xgjv183[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\78072[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\jquery-1.2.1.pack[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s8.4399.com\settings.sol (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20141010[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.vip5866[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\unilogin_package[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\click[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ac[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20150824[1].css (0 bytes)

Registry activity

The process %original file name%.exe:668 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015091020150911]
"CacheOptions" = "11"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015091020150911]
"CacheLimit" = "8192"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015091020150911]
"CachePrefix" = ":2015091020150911:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1384590672"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015091020150911]
"CacheRepair" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 CF 18 E1 CC 11 98 03 E4 07 D8 AE 21 3E 25 35"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015091020150911]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015091020150911\"

[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
147127382e001f495d1842ee7a9e7912	c:\SkinH_EL.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_1_20150824[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\zwsf2-3[1].gif (1759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\game_bg[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\c_1[1].gif (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\checkMobile[1].js (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\o[1].swf (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\CA7ASJVX (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\zrsp_1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\sy_ico[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20150824[2].css (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\111111111111111111111111111111111111111[1].htm (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\u=1136749690,815916792&fm=76[1].jpg (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\0f0000nHWaDGGJgmd7u1Zs[1].swf (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\nav_bg[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\tjrm_img09[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\zm_add[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_6[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\CAG1Y74L.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\more_zb[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\lazy_iframe[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\jquery-1.2.1.pack[2].js (1740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\tjrm_img08[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\ftbtn[1].gif (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\wh[1].js (2252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\crossdomain[1].xml (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\logo[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\trace_news[1].js (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zj_btn[1].gif (1 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\CPROID[1].xml (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\flash_ad_version[1].xml (119 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\click[2].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\0f00057I9_MLlocrKCGPLf[1].swf (3659 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\n_zm1[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\bg_7[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\more_boss[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\lmbtn[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20150824[1].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\petEIconv1450[1].swf (15340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\style[1].css (337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\libg_1[1].gif (899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\topbg_20140506[1].jpg (4153 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\CACT2DFO.htm&cfv=11&tsr=0&tcn=1441846243&tpr=1441846242796&coa=at=image&rsi0=400&rsi1=300&tn=baidujson_patch (1291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\go_bbs[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\xgjv183[1].swf (295719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\jcsp_1[1].jpg (2246 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (1115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\1GQ340U13[1].gif (527 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[1].txt (926 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\b_2[1].gif (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\nova_fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (6220 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\unilogin_package[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\t_9[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\news_footer[1].js (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\tjrm_img011[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\10163ZO2N[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.vip5866[1].txt (1038 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\c[1].swf (547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\crossdomain[1].xml (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\FuYun[1].swf (24485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\c[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\tgbtn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\t_8[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\0f0000mUMeDPtm1xsKSa96[1].swf (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\CAURWTUV.swf (5872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_4[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\4399_16125310445[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\CAHCNU7N.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\t_6[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\0f000DTf8hHHd5tgwQ8C8f[1].swf (711 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@4399[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\u=1887182047,2242671149&fm=76[1].jpg (3270 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\061051503Y1[1].jpg (4634 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\101634512c8[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\2GJ54T541[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bdshare[1].js (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\crossdomain[1].xml (570 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_5_20130716[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\sp_line_1[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\0f000DEUfr4hniEsJj_ROs[1].swf (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20141010[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\1Q62S330N[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\c[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\logger[1].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\0913524M015[1].gif (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\u=1265655567,1529096812&fm=76[1].jpg (3150 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s8.4399.com\settings.sxx (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\CA638567.htm (5777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\xml[1].xml (680 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\jquery-1.2.1.pack[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\zb_nav_20131205[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\libg_3[1].gif (542 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\tjrm_img06[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\t_1[1].gif (599 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\new5[1].gif (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\desktop.ini (67 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\click[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\011K053B24[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\b_5[1].gif (317 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\u=1421353108,1764487604&fm=76[1].jpg (5722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\play_hs1202[2].js (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\ucenter[1].js (19040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\Commonv1270[1].swf (95193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\libg_2[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\1016395W521[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\bdsstyle[1].css (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\zmxy3_20141010[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\u=3117833277,3572889005&fm=76[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\0f000PDTSGXtJ3W50fJSys[1].png (6249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\u=1614745384,2134413757&fm=76[1].jpg (7273 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\ctrl_mo_v5[1].swf (42589 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[2].txt (1521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\right[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg_3[1].gif (1318 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\c[2].js (2637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\c_3[1].gif (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\core[1].php (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\unilogin_package[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\icon_keys[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\flash_ctrl_version[1].xml (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399[1].js (902 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\cdn.comment.4399pk.com\seed4399Value.sxx (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\xgjv183[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\78072[2].htm (4288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\78072[1].htm (5157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\ecom[1].xml (233 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\oXMLStore[1].xml (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\t_lm[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\t_4[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\tjrm_img07[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\t_2[1].gif (1237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\u=590893569,3884611603&fm=76[1].jpg (5748 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\c_4[1].gif (81 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\02104939B23[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\A4399dv_base_main[1].swf (5973 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\n_mg_bg[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\xgjv183[1].htm (1744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\scbg[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\baiduImageRender[1].swf (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\b_4[1].gif (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\more_boss_s[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\o[1].htm (1394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\b_1[1].gif (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\CAAEB2CL.htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\0f000F_vSMdFWGLTLIlBvs[1].jpg (3609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399_10503158122[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\bg_9[1].gif (926 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\faspbtn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bds_s_v2[1].js (1753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399_14294510451[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\baiduPatch[1].swf (810 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.vip5866[2].txt (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ico_1[1].gif (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\hottop[1].gif (857 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ico_ann[1].gif (1 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\s8.4399.com\seed4399Value.sxx (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\A4399dv_base[1].swf (1629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\lb_ico_v1[1].png (652 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\bg[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\ico[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\gggggggggggggggggggggggggggggggggggggggg[1].htm (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\2F952341b8[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\shell_v2[1].js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.comment.4399pk.com\settings.sxx (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\c_2[1].gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\headerBg[1].gif (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ac[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\sszn[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\sc[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\ac[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\bg_8[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\4399[2].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\play_hs1202[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\u=1520398955,2520422704&fm=76[1].jpg (6882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\base[1].css (11713 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\c_5[1].gif (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\is[1].png (1992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IVPM0D6O\t_3[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\left[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\4399_11234392734[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\new_icon_1[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\logo-noborder-light[1].png (455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\31114144J08[1].jpg (2628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\wh[2].js (1520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\crossdomain[2].xml (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\b_3[1].gif (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\core[2].php (764 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\0f000PMN_6_Z09Vbgll5of[1].swf (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GTAOUJZ3\chkDomain[1].js (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\t_5[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXIZCD23\MagicWeaponv1240[1].swf (649687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KDMZSP6J\4399_17485812405[1].jpg (3 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: ??
Product Name: ?????
Product Version: 3.0.9.7
Legal Copyright: ?? ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3.0.9.7
File Description: ?????
Comments: ??????????(http://www.eyuyan.com)
Language: Language Neutral

Company Name: ??Product Name: ?????Product Version: 3.0.9.7Legal Copyright: ?? ????Legal Trademarks: Original Filename: Internal Name: File Version: 3.0.9.7File Description: ?????Comments: ??????????(http://www.eyuyan.com)Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	966656	966656	4.59486	4f9829b0d8f143c2da14ae696b61ed4a
.rdata	970752	2357560	2359296	5.23291	3b0dab475d404b17f6458cb78df43d47
.data	3330048	393482	114688	3.65953	1c25e89336f17eca25c113a44c66619f
.rsrc	3727360	40960	40960	3.89926	17073b281e3cb5671a7a30cb6133927d

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://www.vip5866.net/xiaoyao/111111111111111111111111111111111111111.html	162.218.54.132
hxxp://www.vip5866.net/xiaoyao/111111111111111111111111111111111111111.html?WebShieldDRSessionVerify=E4zdt2CZbuOfpIUMCUJr	162.218.54.132
hxxp://4399hw.xdwscache.ourglb0.com/flash/78072.htm
hxxp://www.vip5866.net/xiaoyao/gggggggggggggggggggggggggggggggggggggggg.html	162.218.54.132
hxxp://e.xdwscache.ourglb0.com/js/checkMobile.js
hxxp://4399hw.xdwscache.ourglb0.com/css/zmxy3_20150824.css
hxxp://4399hw.xdwscache.ourglb0.com/jss/jquery-1.2.1.pack.js
hxxp://4399hw.xdwscache.ourglb0.com/jss/trace_news.js
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/logo.gif
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/bg.gif
hxxp://e.xdwscache.ourglb0.com/uploads/userup/1507/2F952341b8.jpg
hxxp://4399hw.xdwscache.ourglb0.com/moeryongshi/images/headerBg.gif
hxxp://4399hw.xdwscache.ourglb0.com/imageyx/seer2012/hottop.gif
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/go_bbs.gif
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/sc.gif
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/topbg_20140506.jpg
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/game_bg.gif
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/lb_ico_v1.png
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/zj_btn.gif
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3/zm_add.png
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy2/icon_keys.gif
hxxp://4399hw.xdwscache.ourglb0.com/flashzt/img/zmxy3_20120913/bg_1_20150824.gif
hxxp://other.all.4399yyy.com/4399swf/upload_swf/ftp7/hanbao/20120107/6/xgjv183.htm
hxxp://other.all.4399yyy.com/4399swf/js/chkDomain.js
hxxp://wmjs.wshifen.com/cpro/ui/c.js
hxxp://4399hw.xdwscache.ourglb0.com/resource/css/base.css
hxxp://4399hw.xdwscache.ourglb0.com/resource/ucenter.js
hxxp://4399hw.xdwscache.ourglb0.com/flashUniLogin/css/style.css?v=20121016
hxxp://other.all.4399yyy.com/4399swf/upload_swf/ftp7/hanbao/20120107/6/xgjv183.swf
hxxp://4399hw.xdwscache.ourglb0.com/jss/unilogin_package.js
hxxp://cb.e.shifen.com/acom?di=u2279006&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1441600610&ltu=http://www.4399.com/flash/78072.htm&liu=&ltr=&lcr=&ps=784x-2&psr=1276x846&par=1276x818&pcs=951x668&pss=990x880&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=gb2312&cdo=-1&tsr=266&tlm=1441793824&tcn=1441846230&tpr=1441846229578&dpt=none&coa=&dpr=1&ti=茅