Win32.HLLW.Autoruner1.61830

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170445.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170448.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170440.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170442.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170450.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170458.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170500.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170452.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170455.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170438.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170421.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170424.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170416.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170419.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170426.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170433.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170435.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170428.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170431.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170502.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170552.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170555.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170545.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170549.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170557.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170604.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170607.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170600.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170602.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170543.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170521.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170524.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170507.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170518.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170526.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170537.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170540.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170528.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170531.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170246.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170248.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170241.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170243.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170250.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170257.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170300.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170253.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170255.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170238.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170215.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170220.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IE70' = ''
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170211.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170227.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170234.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170236.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170229.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170231.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170302.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170347.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170349.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170342.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170345.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170352.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170412.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170414.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170358.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170407.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170340.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170309.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170313.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170305.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170307.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170321.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170335.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170338.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170324.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WiniDows' = '%WINDIR%\temp\QQ20131029170333.exe'

Creates the following files on removable media:

<Drive name for removable media>:\sos1645.exe
<Drive name for removable media>:\autorun.inf

Malicious functions:

To complicate detection of its presence in the operating system,

forces the system hide from view:

hidden files

Creates and executes the following:

'%WINDIR%\Temp\QQ20131029170445.exe'
'%WINDIR%\Temp\QQ20131029170448.exe'
'%WINDIR%\Temp\QQ20131029170440.exe'
'%WINDIR%\Temp\QQ20131029170442.exe'
'%WINDIR%\Temp\QQ20131029170450.exe'
'%WINDIR%\Temp\QQ20131029170458.exe'
'%WINDIR%\Temp\QQ20131029170500.exe'
'%WINDIR%\Temp\QQ20131029170452.exe'
'%WINDIR%\Temp\QQ20131029170455.exe'
'%WINDIR%\Temp\QQ20131029170438.exe'
'%WINDIR%\Temp\QQ20131029170421.exe'
'%WINDIR%\Temp\QQ20131029170424.exe'
'%WINDIR%\Temp\QQ20131029170416.exe'
'%WINDIR%\Temp\QQ20131029170419.exe'
'%WINDIR%\Temp\QQ20131029170426.exe'
'%WINDIR%\Temp\QQ20131029170433.exe'
'%WINDIR%\Temp\QQ20131029170435.exe'
'%WINDIR%\Temp\QQ20131029170428.exe'
'%WINDIR%\Temp\QQ20131029170431.exe'
'%WINDIR%\Temp\QQ20131029170549.exe'
'%WINDIR%\Temp\QQ20131029170552.exe'
'%WINDIR%\Temp\QQ20131029170543.exe'
'%WINDIR%\Temp\QQ20131029170545.exe'
'%WINDIR%\Temp\QQ20131029170555.exe'
'%WINDIR%\Temp\QQ20131029170602.exe'
'%WINDIR%\Temp\QQ20131029170604.exe'
'%WINDIR%\Temp\QQ20131029170557.exe'
'%WINDIR%\Temp\QQ20131029170600.exe'
'%WINDIR%\Temp\QQ20131029170540.exe'
'%WINDIR%\Temp\QQ20131029170518.exe'
'%WINDIR%\Temp\QQ20131029170521.exe'
'%WINDIR%\Temp\QQ20131029170502.exe'
'%WINDIR%\Temp\QQ20131029170507.exe'
'%WINDIR%\Temp\QQ20131029170524.exe'
'%WINDIR%\Temp\QQ20131029170531.exe'
'%WINDIR%\Temp\QQ20131029170537.exe'
'%WINDIR%\Temp\QQ20131029170526.exe'
'%WINDIR%\Temp\QQ20131029170528.exe'
'%WINDIR%\Temp\QQ20131029170248.exe'
'%WINDIR%\Temp\QQ20131029170250.exe'
'%WINDIR%\Temp\QQ20131029170243.exe'
'%WINDIR%\Temp\QQ20131029170246.exe'
'%WINDIR%\Temp\QQ20131029170253.exe'
'%WINDIR%\Temp\QQ20131029170300.exe'
'%WINDIR%\Temp\QQ20131029170302.exe'
'%WINDIR%\Temp\QQ20131029170255.exe'
'%WINDIR%\Temp\QQ20131029170257.exe'
'%WINDIR%\Temp\QQ20131029170241.exe'
'%WINDIR%\Temp\QQ20131029170220.exe'
'%WINDIR%\Temp\QQ20131029170227.exe'
'%WINDIR%\Temp\QQ20131029170211.exe'
'%WINDIR%\Temp\QQ20131029170215.exe'
'%WINDIR%\Temp\QQ20131029170229.exe'
'%WINDIR%\Temp\QQ20131029170236.exe'
'%WINDIR%\Temp\QQ20131029170238.exe'
'%WINDIR%\Temp\QQ20131029170231.exe'
'%WINDIR%\Temp\QQ20131029170234.exe'
'%WINDIR%\Temp\QQ20131029170347.exe'
'%WINDIR%\Temp\QQ20131029170349.exe'
'%WINDIR%\Temp\QQ20131029170342.exe'
'%WINDIR%\Temp\QQ20131029170345.exe'
'%WINDIR%\Temp\QQ20131029170352.exe'
'%WINDIR%\Temp\QQ20131029170412.exe'
'%WINDIR%\Temp\QQ20131029170414.exe'
'%WINDIR%\Temp\QQ20131029170358.exe'
'%WINDIR%\Temp\QQ20131029170407.exe'
'%WINDIR%\Temp\QQ20131029170340.exe'
'%WINDIR%\Temp\QQ20131029170309.exe'
'%WINDIR%\Temp\QQ20131029170313.exe'
'%WINDIR%\Temp\QQ20131029170305.exe'
'%WINDIR%\Temp\QQ20131029170307.exe'
'%WINDIR%\Temp\QQ20131029170321.exe'
'%WINDIR%\Temp\QQ20131029170335.exe'
'%WINDIR%\Temp\QQ20131029170338.exe'
'%WINDIR%\Temp\QQ20131029170324.exe'
'%WINDIR%\Temp\QQ20131029170333.exe'

Sets a new unauthorized home page for Windows Internet Explorer.

Modifies file system :

Creates the following files:

%WINDIR%\Temp\QQ20131029170445.exe
%WINDIR%\Temp\QQ20131029170448.exe
%WINDIR%\Temp\QQ20131029170440.exe
%WINDIR%\Temp\QQ20131029170442.exe
%WINDIR%\Temp\QQ20131029170450.exe
%WINDIR%\Temp\QQ20131029170458.exe
%WINDIR%\Temp\QQ20131029170500.exe
%WINDIR%\Temp\QQ20131029170452.exe
%WINDIR%\Temp\QQ20131029170455.exe
%WINDIR%\Temp\QQ20131029170438.exe
%WINDIR%\Temp\QQ20131029170421.exe
%WINDIR%\Temp\QQ20131029170424.exe
%WINDIR%\Temp\QQ20131029170416.exe
%WINDIR%\Temp\QQ20131029170419.exe
%WINDIR%\Temp\QQ20131029170426.exe
%WINDIR%\Temp\QQ20131029170433.exe
%WINDIR%\Temp\QQ20131029170435.exe
%WINDIR%\Temp\QQ20131029170428.exe
%WINDIR%\Temp\QQ20131029170431.exe
%WINDIR%\Temp\QQ20131029170502.exe
%WINDIR%\Temp\QQ20131029170552.exe
%WINDIR%\Temp\QQ20131029170555.exe
%WINDIR%\Temp\QQ20131029170545.exe
%WINDIR%\Temp\QQ20131029170549.exe
%WINDIR%\Temp\QQ20131029170557.exe
%WINDIR%\Temp\QQ20131029170604.exe
%WINDIR%\Temp\QQ20131029170607.exe
%WINDIR%\Temp\QQ20131029170600.exe
%WINDIR%\Temp\QQ20131029170602.exe
%WINDIR%\Temp\QQ20131029170543.exe
%WINDIR%\Temp\QQ20131029170521.exe
%WINDIR%\Temp\QQ20131029170524.exe
%WINDIR%\Temp\QQ20131029170507.exe
%WINDIR%\Temp\QQ20131029170518.exe
%WINDIR%\Temp\QQ20131029170526.exe
%WINDIR%\Temp\QQ20131029170537.exe
%WINDIR%\Temp\QQ20131029170540.exe
%WINDIR%\Temp\QQ20131029170528.exe
%WINDIR%\Temp\QQ20131029170531.exe
%WINDIR%\Temp\QQ20131029170414.exe
%WINDIR%\Temp\QQ20131029170243.exe
%WINDIR%\Temp\QQ20131029170246.exe
%WINDIR%\Temp\QQ20131029170238.exe
%WINDIR%\Temp\QQ20131029170241.exe
%WINDIR%\Temp\QQ20131029170248.exe
%WINDIR%\Temp\QQ20131029170255.exe
%WINDIR%\Temp\QQ20131029170257.exe
%WINDIR%\Temp\QQ20131029170250.exe
%WINDIR%\Temp\QQ20131029170253.exe
%WINDIR%\Temp\QQ20131029170236.exe
%WINDIR%\Temp\QQ20131029170211.exe
%WINDIR%\Temp\QQ20131029170215.exe
%WINDIR%\autorun.inf
%WINDIR%\Temp\QQ20131029170220.exe
%WINDIR%\Temp\QQ20131029170231.exe
%WINDIR%\Temp\QQ20131029170234.exe
%WINDIR%\Temp\QQ20131029170227.exe
%WINDIR%\Temp\QQ20131029170229.exe
%WINDIR%\Temp\QQ20131029170300.exe
%WINDIR%\Temp\QQ20131029170345.exe
%WINDIR%\Temp\QQ20131029170347.exe
%WINDIR%\Temp\QQ20131029170340.exe
%WINDIR%\Temp\QQ20131029170342.exe
%WINDIR%\Temp\QQ20131029170349.exe
%WINDIR%\Temp\QQ20131029170407.exe
%WINDIR%\Temp\QQ20131029170412.exe
%WINDIR%\Temp\QQ20131029170352.exe
%WINDIR%\Temp\QQ20131029170358.exe
%WINDIR%\Temp\QQ20131029170338.exe
%WINDIR%\Temp\QQ20131029170307.exe
%WINDIR%\Temp\QQ20131029170309.exe
%WINDIR%\Temp\QQ20131029170302.exe
%WINDIR%\Temp\QQ20131029170305.exe
%WINDIR%\Temp\QQ20131029170313.exe
%WINDIR%\Temp\QQ20131029170333.exe
%WINDIR%\Temp\QQ20131029170335.exe
%WINDIR%\Temp\QQ20131029170321.exe
%WINDIR%\Temp\QQ20131029170324.exe

Sets the 'hidden' attribute to the following files:

<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\sos1645.exe

Deletes the following files:

%WINDIR%\Temp\QQ20131029170445.exe
%TEMP%\~DF4D5F.tmp
%WINDIR%\Temp\QQ20131029170448.exe
%TEMP%\~DF6948.tmp
%WINDIR%\Temp\QQ20131029170442.exe
%TEMP%\~DF15D2.tmp
%WINDIR%\Temp\QQ20131029170438.exe
%TEMP%\~DF3170.tmp
%WINDIR%\Temp\QQ20131029170440.exe
%TEMP%\~DF84FC.tmp
%WINDIR%\Temp\QQ20131029170458.exe
%TEMP%\~DFD869.tmp
%WINDIR%\Temp\QQ20131029170500.exe
%TEMP%\~DFF412.tmp
%WINDIR%\Temp\QQ20131029170455.exe
%TEMP%\~DFA083.tmp
%WINDIR%\Temp\QQ20131029170450.exe
%TEMP%\~DFBC70.tmp
%WINDIR%\Temp\QQ20131029170452.exe
%TEMP%\~DF54D1.tmp
%WINDIR%\Temp\QQ20131029170421.exe
%TEMP%\~DF7063.tmp
%WINDIR%\Temp\QQ20131029170424.exe
%TEMP%\~DF3929.tmp
%WINDIR%\Temp\QQ20131029170416.exe
%TEMP%\~DF20E.tmp
%WINDIR%\Temp\QQ20131029170419.exe
%TEMP%\~DF1DA2.tmp
%WINDIR%\Temp\QQ20131029170426.exe
%TEMP%\~DFDE7B.tmp
%WINDIR%\Temp\QQ20131029170433.exe
%TEMP%\~DFFA60.tmp
%WINDIR%\Temp\QQ20131029170435.exe
%TEMP%\~DFC2F7.tmp
%WINDIR%\Temp\QQ20131029170428.exe
%TEMP%\~DF8BD3.tmp
%WINDIR%\Temp\QQ20131029170431.exe
%TEMP%\~DFA780.tmp
%WINDIR%\Temp\QQ20131029170549.exe
%TEMP%\~DF5E42.tmp
%WINDIR%\Temp\QQ20131029170552.exe
%TEMP%\~DF7A54.tmp
%WINDIR%\Temp\QQ20131029170545.exe
%TEMP%\~DF25DD.tmp
%WINDIR%\Temp\QQ20131029170540.exe
%TEMP%\~DF41BC.tmp
%WINDIR%\Temp\QQ20131029170543.exe
%TEMP%\~DF964E.tmp
%WINDIR%\Temp\QQ20131029170602.exe
%TEMP%\~DFEA98.tmp
%WINDIR%\Temp\QQ20131029170604.exe
%TEMP%\~DF698.tmp
%WINDIR%\Temp\QQ20131029170600.exe
%TEMP%\~DFB26B.tmp
%WINDIR%\Temp\QQ20131029170555.exe
%TEMP%\~DFCE6B.tmp
%WINDIR%\Temp\QQ20131029170557.exe
%TEMP%\~DF61E6.tmp
%WINDIR%\Temp\QQ20131029170518.exe
%TEMP%\~DF7E1F.tmp
%WINDIR%\Temp\QQ20131029170521.exe
%TEMP%\~DF4811.tmp
%WINDIR%\Temp\QQ20131029170502.exe
%TEMP%\~DFFB9.tmp
%WINDIR%\Temp\QQ20131029170507.exe
%TEMP%\~DF2BFD.tmp
%WINDIR%\Temp\QQ20131029170524.exe
%TEMP%\~DFEDEC.tmp
%WINDIR%\Temp\QQ20131029170531.exe
%TEMP%\~DF9B8.tmp
%WINDIR%\Temp\QQ20131029170537.exe
%TEMP%\~DFD198.tmp
%WINDIR%\Temp\QQ20131029170526.exe
%TEMP%\~DF99DF.tmp
%WINDIR%\Temp\QQ20131029170528.exe
%TEMP%\~DFB5AD.tmp
%WINDIR%\Temp\QQ20131029170248.exe
%TEMP%\~DFDFE.tmp
%WINDIR%\Temp\QQ20131029170250.exe
%TEMP%\~DF28F4.tmp
%WINDIR%\Temp\QQ20131029170246.exe
%TEMP%\~DFD7E9.tmp
%WINDIR%\Temp\QQ20131029170241.exe
%TEMP%\~DFF2FC.tmp
%WINDIR%\Temp\QQ20131029170243.exe
%TEMP%\~DF444B.tmp
%WINDIR%\Temp\QQ20131029170300.exe
%TEMP%\~DF9599.tmp
%WINDIR%\Temp\QQ20131029170302.exe
%TEMP%\~DFB0AF.tmp
%WINDIR%\Temp\QQ20131029170257.exe
%TEMP%\~DF5F56.tmp
%WINDIR%\Temp\QQ20131029170253.exe
%TEMP%\~DF7A8A.tmp
%WINDIR%\Temp\QQ20131029170255.exe
%TEMP%\~DF19C3.tmp
%WINDIR%\Temp\QQ20131029170220.exe
%TEMP%\~DF35C7.tmp
%WINDIR%\Temp\QQ20131029170227.exe
%TEMP%\~DFFCD3.tmp
%TEMP%\~DFC4C2.tmp
%WINDIR%\Temp\QQ20131029170211.exe
%WINDIR%\Temp\QQ20131029170215.exe
%TEMP%\~DFDBC0.tmp
%WINDIR%\Temp\QQ20131029170229.exe
%TEMP%\~DFA1F2.tmp
%WINDIR%\Temp\QQ20131029170236.exe
%TEMP%\~DFBCF4.tmp
%WINDIR%\Temp\QQ20131029170238.exe
%TEMP%\~DF86CE.tmp
%WINDIR%\Temp\QQ20131029170231.exe
%TEMP%\~DF50F7.tmp
%WINDIR%\Temp\QQ20131029170234.exe
%TEMP%\~DF6BE0.tmp
%WINDIR%\Temp\QQ20131029170347.exe
%TEMP%\~DF402C.tmp
%WINDIR%\Temp\QQ20131029170349.exe
%TEMP%\~DF5BD3.tmp
%WINDIR%\Temp\QQ20131029170345.exe
%TEMP%\~DF96A.tmp
%WINDIR%\Temp\QQ20131029170340.exe
%TEMP%\~DF24DA.tmp
%WINDIR%\Temp\QQ20131029170342.exe
%TEMP%\~DF7706.tmp
%WINDIR%\Temp\QQ20131029170412.exe
%TEMP%\~DFCB1A.tmp
%WINDIR%\Temp\QQ20131029170414.exe
%TEMP%\~DFE676.tmp
%WINDIR%\Temp\QQ20131029170407.exe
%TEMP%\~DF92EB.tmp
%WINDIR%\Temp\QQ20131029170352.exe
%TEMP%\~DFAF0D.tmp
%WINDIR%\Temp\QQ20131029170358.exe
%TEMP%\~DF4842.tmp
%WINDIR%\Temp\QQ20131029170309.exe
%TEMP%\~DF644F.tmp
%WINDIR%\Temp\QQ20131029170313.exe
%TEMP%\~DF29A6.tmp
%WINDIR%\Temp\QQ20131029170305.exe
%TEMP%\~DFE734.tmp
%WINDIR%\Temp\QQ20131029170307.exe
%TEMP%\~DFE85.tmp
%WINDIR%\Temp\QQ20131029170321.exe
%TEMP%\~DFD2D5.tmp
%WINDIR%\Temp\QQ20131029170335.exe
%TEMP%\~DFEE15.tmp
%WINDIR%\Temp\QQ20131029170338.exe
%TEMP%\~DFB778.tmp
%WINDIR%\Temp\QQ20131029170324.exe
%TEMP%\~DF7FFB.tmp
%WINDIR%\Temp\QQ20131029170333.exe
%TEMP%\~DF9BEB.tmp

Deletes itself.

Miscellaneous:

Searches for the following windows:

ClassName: 'Indicator' WindowName: '(null)'

Technologies

Terminology

Training and education

Myths

Technical Information