Gen:Variant.FakeAlert.96 (B) (Emsisoft), Gen:Variant.FakeAlert.96 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 00956e5276f734217091682b0990d39d
SHA1: 48f18fb8b0e57770c05e38abce663225b44bcbc7
SHA256: 17f9a6563e58032f3be5ee1dbba9dc8837b342d72c818c2b9ebda435f75ba86f
SSDeep: 98304:5F86/qjqdwkLQHHhsSYt815zc1WiJvJBAUZL1c:Y1csKSOTJV6
Size: 3768320 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2014-06-09 03:59:16
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-PSW. Trojan program intended for stealing users passwords.
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:668
Mutexes
The following mutexes were created/opened:
SHIMLIB_LOG_MUTEX{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}ShimCacheMutex746bbf3569adEncrypt
File activity
The process %original file name%.exe:668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\A4399dv_base[1].swf (5584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\faspbtn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\bg_1[1].gif (791 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\ico_ann[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\logo[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\hottop[1].gif (857 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\icon_keys[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\b_2[1].gif (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\t_1[1].gif (599 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\1GQ340U13[1].gif (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\zwsf2-3[1].gif (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\v134main[1].swf (331219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\c_5[1].gif (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\libg_2[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\MagicWeaponv1240[1].swf (210540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\jquery-1.2.1.pack[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\bg_9[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\0f000QECn8mWOOje4W2f30[1].swf (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\ctrl_mo_v5[1].swf (39156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\t_9[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\crossdomain[1].xml (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\stat[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\4399_14504425052[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\lazy_iframe[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\sy_ico[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\4399_17564382760[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\libg_1[1].gif (899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\zrsp_1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\121055423955[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\t_3[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\0f000ZtbOwy2j0IrKBdl36[1].jpg (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zmxy3_20130916[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\go_bbs[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\v134main[1].htm (923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\sszn[1].gif (2 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\game_bg[1].gif (776 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\bg_3[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\bg[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\n_zm1[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\ucenter[1].js (14244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\click[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\tjrm_img09[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\bds_s_v2[1].js (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\1016440UA2[1].jpg (1855 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\t_lm[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\tgbtn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\bg_5_20130716[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\more_boss[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\play_hs1202[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\101639333L6[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\t_4[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\base[1].css (9771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\bg_7[1].png (6 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@163[1].txt (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\lmbtn[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\ftbtn[1].gif (477 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@4399[1].txt (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\4399[2].js (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\78072[1].htm (3238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\logger[1].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\uijs[1].php (1541 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\core[2].php (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\crossdomain[2].xml (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zb_nav_20131205[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\b_4[1].gif (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\jquery-1.2.1.pack[1].js (1740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\4399_17053265645[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\new5[1].gif (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\4399[1].js (902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\c_2[1].gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\t_2[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\1016395W521[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\1Q62S330N[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zmxy3_20130916[2].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\core[1].php (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\more_boss_s[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\ecom[1].xml (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\headerBg[1].gif (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\flash_ctrl_version[1].xml (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\4399_16460972266[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\tjrm_img06[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\play_hs1202[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\t_6[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\0f0000I41e4oSte6MNwG4s[1].jpg (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\251424335C5[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\CAUZGLEZ.htm (1 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\10163ZO2N[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\is[1].png (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\ico_1[1].gif (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\bg_8[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\baiduLoader_as3[1].swf (2515 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\style[2].css (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[1].txt (925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\c_4[1].gif (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\0f000Q1BFocx-cEB3jw0J0[1].swf (5492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\xml[1].xml (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\jcsp_1[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[2].txt (1518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\tjrm_img011[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\sp_line_1[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\topbg_20140506[1].jpg (4510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\ico[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\231502413S2[1].gif (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\trace_news[1].js (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\scbg[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\chkDomain[1].js (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\style[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\online_v3[1].htm (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\nav_bg[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\bg_4[1].png (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\c_3[1].gif (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\b_5[1].gif (317 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\0f000Q1BFJ3x-cEB3jw0M0[1].jpg (4427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\bg_6[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\c[1].php (952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\b_1[1].gif (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\0913524M015[1].gif (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\c_1[1].gif (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\t_5[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\FuYun[1].swf (22194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\rq[1].htm (347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\crossdomain[1].xml (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\CALK4Z5D.swf (5230 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s8.4399.com\settings.sxx (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zj_btn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\0f000QECn83WOOje4W2fl0[1].swf (1218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\101634512c8[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\t_8[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.wh0512[1].txt (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\0109292I2U[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\core[1].php (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\tjrm_img08[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\zmxy3_20140808[2].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\bdshare[1].js (182 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\s8.4399.com\seed4399Value.sxx (80 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@163[2].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\b_3[1].gif (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\left[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\tjrm_img07[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\right[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\libg_3[1].gif (542 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\zmxy3_20140808[1].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\shell_v2[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\4399_14533870073[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\0f000QumSmNHL3kKP0qi86[1].swf (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\78072[1].htm (3936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\0f0000I41e4oSte6MNwG4s[1].jpg (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\n_mg_bg[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cb.baidu[1].txt (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\uijs[1].xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\more_zb[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\0f000Q1BFoCx-cEB3jw0C0[1].swf (1654 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\bdsstyle[1].css (9 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\0f000Q1BFJcx-cEB3jw0h0[1].jpg (3805 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\sc[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\new_icon_1[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\news_footer[1].js (25 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040820140409\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@163[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\4399[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\jquery-1.2.1.pack[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\78072[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\play_hs1202[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\zmxy3_20140808[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040820140409 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\uijs[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zmxy3_20130916[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@163[1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s8.4399.com\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\0f0000I41e4oSte6MNwG4s[1].jpg (0 bytes)
Registry activity
The process %original file name%.exe:668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014090420140905]
"CacheOptions" = "11"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014090420140905]
"CacheLimit" = "8192"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014090420140905]
"CachePrefix" = ":2014090420140905:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1402275556"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014090420140905]
"CacheRepair" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 D9 DC 51 B2 37 18 F9 EE F3 6D 9C 1D D0 6F EB"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014090420140905]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014090420140905\"
[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040820140409]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
| MD5 | File path |
|---|---|
| 147127382e001f495d1842ee7a9e7912 | c:\SkinH_EL.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\A4399dv_base[1].swf (5584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\faspbtn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\bg_1[1].gif (791 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\ico_ann[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\logo[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\hottop[1].gif (857 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\icon_keys[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\b_2[1].gif (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\t_1[1].gif (599 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\1GQ340U13[1].gif (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\zwsf2-3[1].gif (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\v134main[1].swf (331219 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\c_5[1].gif (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\libg_2[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\MagicWeaponv1240[1].swf (210540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\jquery-1.2.1.pack[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\bg_9[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\0f000QECn8mWOOje4W2f30[1].swf (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\ctrl_mo_v5[1].swf (39156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\t_9[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\crossdomain[1].xml (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\stat[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\4399_14504425052[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\lazy_iframe[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\sy_ico[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\4399_17564382760[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\libg_1[1].gif (899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\zrsp_1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\121055423955[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\t_3[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\0f000ZtbOwy2j0IrKBdl36[1].jpg (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zmxy3_20130916[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\go_bbs[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\v134main[1].htm (923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\sszn[1].gif (2 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\game_bg[1].gif (776 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\bg_3[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\bg[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\n_zm1[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\ucenter[1].js (14244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\click[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\tjrm_img09[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\bds_s_v2[1].js (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\1016440UA2[1].jpg (1855 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\t_lm[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\tgbtn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\bg_5_20130716[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\more_boss[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\play_hs1202[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\101639333L6[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\t_4[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\base[1].css (9771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\bg_7[1].png (6 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@163[1].txt (338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\lmbtn[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\ftbtn[1].gif (477 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@4399[1].txt (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\4399[2].js (2 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\78072[1].htm (3238 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\logger[1].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\uijs[1].php (1541 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\core[2].php (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\crossdomain[2].xml (331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zb_nav_20131205[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\b_4[1].gif (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\jquery-1.2.1.pack[1].js (1740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\4399_17053265645[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\new5[1].gif (177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\4399[1].js (902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\c_2[1].gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\t_2[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\1016395W521[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\1Q62S330N[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zmxy3_20130916[2].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\core[1].php (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\more_boss_s[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\ecom[1].xml (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\headerBg[1].gif (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\flash_ctrl_version[1].xml (530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\4399_16460972266[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\tjrm_img06[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\play_hs1202[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\t_6[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\0f0000I41e4oSte6MNwG4s[1].jpg (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\251424335C5[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\CAUZGLEZ.htm (1 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\10163ZO2N[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\is[1].png (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\ico_1[1].gif (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\bg_8[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\baiduLoader_as3[1].swf (2515 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\style[2].css (4 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[1].txt (925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\c_4[1].gif (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\0f000Q1BFocx-cEB3jw0J0[1].swf (5492 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\xml[1].xml (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\jcsp_1[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.4399[2].txt (1518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\tjrm_img011[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\sp_line_1[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\topbg_20140506[1].jpg (4510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\ico[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\231502413S2[1].gif (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\trace_news[1].js (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\scbg[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\chkDomain[1].js (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\style[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\online_v3[1].htm (821 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\nav_bg[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\bg_4[1].png (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\c_3[1].gif (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\b_5[1].gif (317 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\0f000Q1BFJ3x-cEB3jw0M0[1].jpg (4427 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\bg_6[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\c[1].php (952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\b_1[1].gif (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\0913524M015[1].gif (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\c_1[1].gif (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\t_5[1].gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\FuYun[1].swf (22194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\rq[1].htm (347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\crossdomain[1].xml (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\CALK4Z5D.swf (5230 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s8.4399.com\settings.sxx (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\zj_btn[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\0f000QECn83WOOje4W2fl0[1].swf (1218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\101634512c8[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\t_8[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.wh0512[1].txt (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\0109292I2U[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\core[1].php (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\tjrm_img08[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\zmxy3_20140808[2].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\bdshare[1].js (182 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\s8.4399.com\seed4399Value.sxx (80 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@163[2].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\b_3[1].gif (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\left[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\tjrm_img07[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\right[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\libg_3[1].gif (542 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\zmxy3_20140808[1].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\shell_v2[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\4399_14533870073[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\0f000QumSmNHL3kKP0qi86[1].swf (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\78072[1].htm (3936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\0f0000I41e4oSte6MNwG4s[1].jpg (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\n_mg_bg[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\8KDGBQOV\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cb.baidu[1].txt (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\uijs[1].xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\more_zb[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\0f000Q1BFoCx-cEB3jw0C0[1].swf (1654 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\bdsstyle[1].css (9 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CLWUK2JU\0f000Q1BFJcx-cEB3jw0h0[1].jpg (3805 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\26GZG3A1\sc[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\new_icon_1[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XUIVPI8O\news_footer[1].js (25 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 1114983 | 1118208 | 4.52644 | 34166dc576f9b51ee736fc794c0093ce |
| .rdata | 1122304 | 2429544 | 2433024 | 5.21334 | a712d98ae2378a8e1cbfe31d4466f296 |
| .data | 3555328 | 337898 | 110592 | 3.52425 | f25d1694e7c76974c6d85650a5c145c8 |
| .rsrc | 3895296 | 76857 | 40960 | 3.65216 | dd72cb88f69f3512bfe7524f9e63db74 |
| .rmnet | 3973120 | 61440 | 61440 | 0.388197 | 656925b1066bbbfef83c6554670147c5 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://203.130.61.17/css/zmxy3_20140808.css | |
| hxxp://203.130.61.17/jss/jquery-1.2.1.pack.js | |
| hxxp://z5.cnzz.com/stat.htm?id=5815340&r=&lg=en-us&ntime=none&cnzz_eid=1722835169-1409794067-&showp=1276x846&t=&h=1&rnd=1856641077 | 42.156.140.18 |
| hxxp://c.split.cnzz.com/core.php?web_id=5815340&show=line&online=1&t=z | |
| hxxp://123.58.180.119/blog/static/215741063201301204752584/ | |
| hxxp://203.130.61.17/jss/trace_news.js | |
| hxxp://online.cnzz.com/online/online_v3.php?id=5815340&h=z5.cnzz.com&on=1&s=line | 42.156.162.15 |
| hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=851777303 | |
| hxxp://203.130.61.17/flashzt/img/zmxy3_20120913/logo.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/bg.gif | |
| hxxp://pcookie.split.cnzz.com/app.gif?&cna=Gq6ODEoRhRUCASU5EL0s8UhE | |
| hxxp://e.xdwscache.glb0.lxdns.com/moeryongshi/images/headerBg.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/go_bbs.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1406/231502413S2.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1309/121055423955.gif | |
| hxxp://download023.rdb.cnc.ccgslb.net/4399swf/upload_swf/ftp7/hanbao/20120107/6/v134main.htm | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2014/8/7/4399_17564382760.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2014/6/6/4399_14533870073.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2014/2/12/4399_14504425052.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2012/tjyx/tjrm_img08.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/sc.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2014/6/6/4399_16460972266.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2012/tjyx/tjrm_img07.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/imageyx/seer2012/hottop.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1405/101634512c8.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1405/10163ZO2N.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/topbg_20140506.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/zj_btn.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1405/101639333L6.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1405/1016395W521.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/game_bg.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/bg_1.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1408/251424335C5.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1408/0109292I2U.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/c_1.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/bg_5_20130716.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1405/1016440UA2.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1404/0913524M015.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/bg_6.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/libg_1.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2012/tjyx/tjrm_img06.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/new5.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy2/icon_keys.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_1.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1302/1Q62S330N.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/uploads/userup/1209/1GQ340U13.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/n_zm1.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/bg_3.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/bg_4.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/b_1.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/left.gif | |
| hxxp://download023.rdb.cnc.ccgslb.net/4399swf/js/chkDomain.js | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/sszn.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/nav_bg.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/scbg.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/bg_7.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/n_mg_bg.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/lmbtn.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/c_2.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/tgbtn.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2012/tjyx/tjrm_img011.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2013/5/27/4399_17053265645.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/ico_1.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/ftbtn.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/c_3.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/faspbtn.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/more_boss.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/more_boss_s.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/bg_8.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/more_zb.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/upload_pic/2012/tjyx/tjrm_img09.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/libg_2.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/bg_9.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/ico_ann.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/c_4.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_lm.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_5.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_6.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/jcsp_1.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/sp_line_1.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/c_5.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_9.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/zb_nav_20131205.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/libg_3.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/jss/lazy_iframe.js | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/right.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_2.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/b_2.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_3.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/b_3.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_4.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/b_4.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/new_icon_1.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3/zrsp_1.jpg | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/b_5.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/t_8.png | |
| hxxp://e.xdwscache.glb0.lxdns.com/jss/news_footer.js | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/newaobidao/ico.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/js/bdshare.js?t=844 | |
| hxxp://e.xdwscache.glb0.lxdns.com/jss/zmxy3_20130916.js?v=1 | |
| hxxp://e.xdwscache.glb0.lxdns.com/resource/ucenter.js?20130513 | |
| hxxp://e.xdwscache.glb0.lxdns.com/resource/css/base.css | |
| hxxp://cc00063.h.cnc.ccgslb.net/flashUniLogin/css/style.css?v=20121016 | |
| hxxp://bae.jomodns.com/static/js/shell_v2.js?t=4 | |
| hxxp://download023.rdb.cnc.ccgslb.net/4399swf/upload_swf/ftp7/hanbao/20120107/6/v134main.swf | |
| hxxp://bae.jomodns.com/static/js/logger.js?cdnversion=391610 | |
| hxxp://bae.jomodns.com/static/js/bds_s_v2.js?cdnversion=391610 | |
| hxxp://bae.jomodns.com/static/css/bdsstyle.css?cdnversion=20131219 | |
| hxxp://bae.jomodns.com/static/images/is.png?cdnversion=20131219 | |
| hxxp://e.xdwscache.glb0.lxdns.com/flashzt/img/zmxy3_20120913/sy_ico.gif | |
| hxxp://e.xdwscache.glb0.lxdns.com/jss/play_hs1202.js | |
| hxxp://e.xdwscache.glb0.lxdns.com/jss/4399.js | |
| hxxp://4399stat.5054399.com/js/click.js | 115.182.52.78 |
| hxxp://stat.d.4399api.net/crossdomain.xml | |
| hxxp://stat.d.4399api.net/flash_ctrl_version.xml?ran=38740.6537309289 | |
| hxxp://tauruscz.danuoyi.tbcache.com/c.php?id=30039538 | |
| hxxp://c.split.cnzz.com/core.php?web_id=30039538&t=q | |
| hxxp://c.split.cnzz.com/stat.php?id=4073713&web_id=4073713&show=pic | |
| hxxp://q7.cnzz.com/stat.htm?id=30039538&r=&lg=en-us&ntime=none&cnzz_eid=805688180-1409790831-&showp=1276x846&t=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined...&h=1&rnd=2086695384 | |
| hxxp://c.split.cnzz.com/core.php?web_id=4073713&show=pic&t=z | |
| hxxp://e.xdwscache.glb0.lxdns.com/crossdomain.xml | |
| hxxp://z3.cnzz.com/stat.htm?id=4073713&r=&lg=en-us&ntime=none&cnzz_eid=916211647-1409794086-&showp=1276x846&t=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined...&h=1&rnd=485620972 | |
| hxxp://e.xdwscache.glb0.lxdns.com/control/zwsf2-3.gif?20120719 | |
| hxxp://icon.cnzz.com/img/pic.gif | 42.156.162.7 |
| hxxp://e.xdwscache.glb0.lxdns.com/control/A4399dv_base.swf?20130625 | |
| hxxp://stat.d.4399api.net/xml.php?ran=3799.88020285964&gameid=100015389&url=http://s8.4399.com/4399swf/upload_swf/ftp7/hanbao/20120107/6/v134main.htm | |
| hxxp://static.n.shifen.com/v.gif?pid=307&type=3071&sc=1980,4739,1276,818&desturl=&apitype=1&linkid=hznf0pbl823&velo_load=1735&velo_cssload=1016&velo_jsLoad=1000&cite_uid=480925&cite_type=1&cite_mini=1 | |
| hxxp://cb.e.shifen.com/crossdomain.xml | |
| hxxp://cb.e.shifen.com/ecom?di=62872&tm=BAIDU_CLB_XML&asp_url=4399.com&return_type=1&ran=810.5809288099408 | |
| hxxp://cpro.e.shifen.com/cpro/ui/baiduLoader_as3.swf | |
| hxxp://cpro.e.shifen.com/cpro/ui/uijs.php?at=6&fv=11&ch=417&ie=1&q=www4399com_tp_cpr&n=1&k=茅虏艙猫艩卤&f=猫驴鈥∶β宦っ |