Troj/DwnLd-O

Category: Viruses and Spyware Protection available since:20 Sep 2010 11:06:11 (GMT)
Type: Trojan Last Updated:20 Sep 2010 11:06:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DwnLd-O include:

Example 1

File Information

Size
66K
SHA-1
76810f3e90bc1dacd9a427028c92796632d23685
MD5
ad4bd72396eee97c52daa1dc68039f77
CRC-32
0e92077d
File type
application/x-ms-dos-executable
First seen
2010-09-19

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\WPS7750.EXE
  • c:\Documents and Settings\test user\Local Settings\Temp\nsv4.tmp\inetc.dll
DNS Requests
  • online.gou50.cn

Example 2

File Information

Size
616K
SHA-1
b583f5d34df35e1528efee134824d7345753f452
MD5
461369c0e6a49906a5adb1fcdb8157b8
CRC-32
fe133b03
File type
application/x-ms-dos-executable
First seen
2010-09-19

Example 3

File Information

Size
5.2M
SHA-1
c2c0b7eeca25adaac7ee0604acdfc4bddd03ca8e
MD5
ffed044c99c13d02e9d829b666c2c6ba
CRC-32
65d39723
File type
application/x-ms-dos-executable
First seen
2010-09-19

Other vendor detection

Trend
Cryp_Upack

Runtime Analysis

Dropped Files
  • C:\Program Files\KWMUSIC\swf\MvMiniComplete.swf
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnFeedback.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnSkin.png
  • C:\Program Files\KWMUSIC\res\search\11.sng
  • C:\Program Files\KWMUSIC\res\SayHello\SayHelloFrame.png
  • c:\Documents and Settings\test user\Start Menu\Programs\□□□□□□□□□ 2010\□□□□□□□□□ 2010.lnk
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnSetting.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\right.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\33\TopPanelBKRight.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\panel.xml
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnMini.png
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Theme5.png
  • C:\Program Files\KWMUSIC\ex_dll.dll
  • C:\Program Files\KWMUSIC\res\oumei_singer.xml
  • C:\Program Files\KWMUSIC\html\nomv.htm
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginBtnCloseNormal.bmp
  • C:\Program Files\KWMUSIC\face\m4a.ico
  • C:\Program Files\KWMUSIC\res\hot_singer.xml
  • C:\Program Files\KWMUSIC\face\defaultbak\bk4_r1_c1.jpg
  • C:\Program Files\KWMUSIC\face\default.jpg
  • C:\Program Files\KWMUSIC\res\ranks\□□□□□□□□.xml
  • C:\Program Files\KWMUSIC\Skin\SuperRap\skin.ini
  • C:\Program Files\KWMUSIC\loading\ad\ad.ini
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginEditBorderNormal.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\33\small.jpg
  • C:\Program Files\KWMUSIC\Skin\□□□□\small.jpg
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\4\TopPanelBKMid.bmp
  • C:\Program Files\KWMUSIC\font-bk\paw.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnNowPlayNormal.png
  • C:\Program Files\KWMUSIC\KwArd.ax
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\SayHello\SayHelloBK.bmp
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\_2LoginBtnAccept.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\vis.cfg
  • C:\Program Files\KWMUSIC\face\GameIcon.ico
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\3\TopPanelBKLeft.bmp
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Lock.png
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\SayHello\SayHelloCloseOver.bmp
  • C:\Program Files\KWMUSIC\readme.txt
  • C:\Program Files\KWMUSIC\kuwo-bk\blue-crystal.jpg
  • C:\Program Files\KWMUSIC\res\coverflow\1.JPG
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Theme2.png
  • C:\Program Files\KWMUSIC\face\pub.img
  • C:\Program Files\KWMUSIC\swf\neterror.swf
  • C:\Program Files\KWMUSIC\msvcr71.dll
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\1\small.jpg
  • C:\Program Files\KWMUSIC\swf\directx.swf
  • C:\Program Files\KWMUSIC\face\KuwoPngSkinMaker.ico
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnRestore.png
  • C:\Program Files\KWMUSIC\face\ape.ico
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\1\TopPanelBKMid.bmp
  • c:\Documents and Settings\test user\Desktop\□□□□□□□□□ 2010.lnk
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Theme3.png
  • C:\Program Files\KWMUSIC\swf\serverbusy.swf
  • C:\Program Files\KWMUSIC\loading\default\default_xjytualasfd001212123441lsfaoe.htm
  • C:\Program Files\KWMUSIC\swf\mvstop.swf
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\LoadingGif.gif
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Pre.png
  • C:\Program Files\KWMUSIC\msvcp71.dll
  • C:\Program Files\KWMUSIC\face\flac.ico
  • C:\Program Files\KWMUSIC\face\cue.ico
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\2\conf.ini
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\skinpack.pkg
  • C:\Program Files\KWMUSIC\Skin\□□□□\skin.ini
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\VoteWait.gif
  • C:\Program Files\KWMUSIC\KwInfos.exe
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\blank.png
  • C:\Program Files\KWMUSIC\lidx.dll
  • C:\Program Files\KWMUSIC\res\coverflow\001.jpg
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\KaraOpen.png
  • C:\Program Files\KWMUSIC\plugin\in_dshow.dll
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\4\TopPanelBKLeft.bmp
  • C:\Program Files\KWMUSIC\font-bk\theme3.jpg
  • C:\Program Files\KWMUSIC\swf\MvComplete.swf
  • C:\Program Files\KWMUSIC\swf\no.swf
  • C:\Program Files\KWMUSIC\swf\nomv.swf
  • C:\Program Files\KWMUSIC\Local\NotSearchPath
  • C:\Program Files\KWMUSIC\kuwo-bk\green-crystal.jpg
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnMin.png
  • C:\Program Files\KWMUSIC\Local\FirstSearchPath
  • C:\Program Files\KWMUSIC\face\KwDownloadLnk.ico
  • C:\Program Files\KWMUSIC\face\kwplog.img
  • C:\Program Files\KWMUSIC\setup.xml
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnMusicSearchNormal.png
  • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\mbox038.exe
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginBK.bmp
  • C:\Program Files\KWMUSIC\res\coverflow\4.JPG
  • C:\Program Files\KWMUSIC\swf\coverflow.swf
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\FindLyric.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnWebCommendNormal-b.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\4\small.jpg
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginEditRegBorderNormal.bmp
  • C:\Program Files\KWMUSIC\swf\picexception.swf
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\skin.ini
  • C:\Program Files\KWMUSIC\face\rigt.bmp
  • C:\Program Files\KWMUSIC\KwMusic.exe
    Size
    4.1M
    SHA-1
    d4ba806306b75d3fb8a6b33e4d35f710d8299d73
    MD5
    a3d1784cb9c1c498cfa5805de512ae08
    CRC-32
    a7845e1a
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-02
  • C:\Program Files\KWMUSIC\config.ini
  • C:\Program Files\KWMUSIC\player.dll
  • C:\Program Files\KWMUSIC\res\WikiEntryDefault.html
  • C:\Program Files\KWMUSIC\plugin\EQ_KWEQ.dll
  • C:\Program Files\KWMUSIC\res\coverflow\3.JPG
  • C:\Program Files\KWMUSIC\html\404.gif
  • C:\Program Files\KWMUSIC\Reco.dll
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\SmallNormal_mask.png
  • C:\Program Files\KWMUSIC\face\kwc.img
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\2\small.jpg
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginEditBorderGlow.png
  • C:\Program Files\KWMUSIC\face\tta.ico
  • C:\Program Files\KWMUSIC\tag.dll
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\down-icon.gif
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnDownloadNormal-b.png
  • c:\Documents and Settings\test user\Local Settings\Temp\config.ini
  • C:\Program Files\KWMUSIC\res\coverflow\7.JPG
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\PhotoTipHover.png
  • C:\Program Files\KWMUSIC\face\lrcx.ico
  • C:\Program Files\KWMUSIC\res\msg\bt2.gif
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\yes.png
  • C:\Program Files\KWMUSIC\plugin\out_kw_ds.dll
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\new.png
  • C:\Program Files\KWMUSIC\kwmvconf.ini
    Size
    254
    SHA-1
    03db0861a10c333b6c853c7df6db481fcdf54072
    MD5
    e22de1956b01f80a51094febd5c0fdaf
    CRC-32
    245430b3
    File type
    application/octet-stream
    First seen
    2010-09-20
  • C:\Program Files\KWMUSIC\res\mblistcount.xml
  • C:\Program Files\KWMUSIC\kuwo-bk\red-yellow2.jpg
  • C:\Program Files\KWMUSIC\res\coverflow\5.JPG
  • C:\Program Files\KWMUSIC\res\msg\bt1.gif
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\33\TopPanelBKMid.bmp
  • C:\Program Files\KWMUSIC\NowPCfg.ini
  • C:\Program Files\KWMUSIC\kuwo-bk\pink-crystal.jpg
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\PhotoTipNormal.png
  • C:\Program Files\KWMUSIC\res\coverflow\8.jpg
  • C:\Program Files\KWMUSIC\face\mp3.ico
  • C:\Program Files\KWMUSIC\face\ac3.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFE683.tmp
  • C:\Program Files\KWMUSIC\font-bk\theme1.jpg
  • C:\Program Files\KWMUSIC\KwMV.exe
  • C:\Program Files\KWMUSIC\plugin\in_wma.dll
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\3\TopPanelBKRight.bmp
  • C:\Program Files\KWMUSIC\res\rihan_singer.xml
  • C:\Program Files\KWMUSIC\font-bk\dew.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnAppNormal.png
  • C:\Program Files\KWMUSIC\html\skinerror.htm
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\2\TopPanelBKLeft.bmp
  • C:\Program Files\KWMUSIC\res\msg\msg.htm
  • C:\Program Files\KWMUSIC\swf\netload.swf
  • C:\Program Files\KWMUSIC\face\left.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\PhotoTipPress.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\DeleteNormal.png
  • C:\Program Files\KWMUSIC\res\starmenu2.0.xml
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnWangWang.png
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginBanner.bmp
  • C:\Program Files\KWMUSIC\font-bk\theme4.jpg
  • C:\Program Files\KWMUSIC\face\kwpcmd.img
  • C:\Program Files\KWMUSIC\CoreAVC0.ax
  • C:\Program Files\KWMUSIC\res\PanesData.xml
  • C:\Program Files\KWMUSIC\face\hand-close.cur
  • C:\Program Files\KWMUSIC\font-bk\theme2.jpg
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\DeleteOver.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\3\TopPanelBKMid.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\4\TopPanelBKRight.bmp
  • C:\Program Files\KWMUSIC\kuwo-bk\green.jpg
  • C:\Program Files\KWMUSIC\run.exe
  • C:\Program Files\KWMUSIC\face\font.jpg
  • C:\Program Files\KWMUSIC\face\ogg.ico
  • C:\Program Files\KWMUSIC\Win7Trait.dll
  • C:\Program Files\KWMUSIC\swf\load.swf
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\33\TopPanelBKLeft.bmp
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Theme1.png
  • C:\Program Files\KWMUSIC\http.dll
  • C:\Program Files\KWMUSIC\kuwo-bk\black-grey.jpg
  • C:\Program Files\KWMUSIC\loading\ad\default_xjytualasfd001212123441lsfaoe.htm
  • C:\Program Files\KWMUSIC\swf\enjoy.swf
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginPass.bmp
  • C:\Program Files\KWMUSIC\pd.dll
  • C:\Program Files\KWMUSIC\Local\LastSearchPath
  • C:\Program Files\KWMUSIC\res\artists.xml
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Close.png
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Next.png
  • C:\Program Files\KWMUSIC\swf\win7tip.swf
  • C:\Program Files\KWMUSIC\pet.exe
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelLog.png
  • C:\Program Files\KWMUSIC\font-bk\wheat.bmp
  • C:\Program Files\KWMUSIC\font-bk\□□□□.bmp
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Pause.png
  • C:\Program Files\KWMUSIC\html\weberror.htm
  • C:\Program Files\KWMUSIC\face\back.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\4\conf.ini
  • C:\Program Files\KWMUSIC\pet.dll
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\_3LoginBtnLogin.bmp
  • C:\Program Files\KWMUSIC\MFC71.dll
  • C:\Program Files\KWMUSIC\Uninstall.exe
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Play.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnAppNormal-b.png
  • C:\Program Files\KWMUSIC\face\defaultbak\bkground1.jpg
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\logo.png
  • C:\WINDOWS\KwYl.dat
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\2\TopPanelBKRight.bmp
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Setting.png
  • C:\Program Files\KWMUSIC\MatroskaSplitter.ax
  • C:\Program Files\KWMUSIC\face\mid.ico
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginEditBorderGlow.bmp
  • C:\Program Files\KWMUSIC\kuwo-bk\blue-red.jpg
  • C:\Program Files\KWMUSIC\loading\default\default_xjytualasfd001212123441lsfaoe.gif
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\3\conf.ini
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\small.jpg
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnWebCommendNormal.png
  • C:\Program Files\KWMUSIC\zlib.dll
  • C:\Program Files\KWMUSIC\face\defaultbak\bk2_r1_c1.jpg
  • C:\Program Files\KWMUSIC\CM.dll
  • C:\Program Files\KWMUSIC\log\act.log
  • C:\Program Files\KWMUSIC\res\coverflow\2.JPG
  • C:\Program Files\KWMUSIC\nomal.jpg
  • C:\Program Files\KWMUSIC\kuwo-bk\red-yellow.jpg
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\_2LoginBtnRemPassword.bmp
  • C:\Program Files\KWMUSIC\recoEngine.exe
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnClose.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnNowPlayNormal-b.png
  • C:\Program Files\KWMUSIC\KwFlashHolder.exe
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\SmallDown_mask.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\1\TopPanelBKRight.bmp
  • C:\Program Files\KWMUSIC\res\search\12.sng
  • C:\Program Files\KWMUSIC\dump.ax
  • C:\Program Files\KWMUSIC\face\wav.ico
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\33\topright.swf
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginBtnCloseDown.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\skin.jpg
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\localnotice.gif
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\KaraClose.png
  • C:\Program Files\KWMUSIC\loading\ad\index0_loading.htm
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\downnotice.gif
  • C:\Program Files\KWMUSIC\Encode.exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\□□□□□□□□□.exe
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\Theme4.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\3\small.jpg
  • C:\Program Files\KWMUSIC\fzip.dll
  • C:\Program Files\KWMUSIC\face\font.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\33\conf.ini
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\_2LoginBtnAutologin.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\DeleteDown.png
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\SayHello\SayHelloCloseNormal.bmp
  • C:\Program Files\KWMUSIC\swf\nores.swf
  • C:\Program Files\KWMUSIC\appendDL.ini
  • c:\Documents and Settings\test user\Start Menu\□□□□□□□□□ 2010.lnk
  • C:\Program Files\KWMUSIC\KwUpdate.dll
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\defaultRichInfoPic.JPG
  • C:\Program Files\KWMUSIC\font-bk\flower.bmp
  • C:\Program Files\KWMUSIC\swf\initplay.swf
  • C:\Program Files\KWMUSIC\hanzi_pinyin.dict
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\SayHello\SayHelloCloseDown.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\SkinFrame.png
  • C:\Program Files\KWMUSIC\lrcCfg.ini
  • c:\Documents and Settings\test user\Start Menu\Programs\□□□□□□□□□ 2010.lnk
  • C:\Program Files\KWMUSIC\highlight.jpg
  • C:\Program Files\KWMUSIC\loading\ad\default_xjytualasfd001212123441lsfaoe.gif
  • C:\Program Files\KWMUSIC\font-bk\defaultuserdefine.jpg
  • C:\Program Files\KWMUSIC\plugin\vis_classic.dll
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnMusicSearchNormal-b.png
  • C:\Program Files\KWMUSIC\font-bk\flower2.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\1\TopPanelBKLeft.bmp
  • C:\Program Files\KWMUSIC\res\coverflow\6.JPG
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\panel.xml.org
  • C:\Program Files\KWMUSIC\LocalServer.dll
  • C:\Program Files\KWMUSIC\KwLogSvr.dll
  • C:\Program Files\KWMUSIC\face\wma.ico
  • C:\Program Files\KWMUSIC\Skin\SuperRap\small.jpg
  • C:\Program Files\KWMUSIC\face\cda.ico
  • C:\Program Files\KWMUSIC\face\hand-open.cur
  • C:\Program Files\KWMUSIC\instpage.gif
  • C:\Program Files\KWMUSIC\font-bk\sand.bmp
  • c:\Documents and Settings\test user\Start Menu\Programs\□□□□□□□□□ 2010\□□□□□□.lnk
  • C:\Program Files\KWMUSIC\MediaInfo.dll
  • C:\Program Files\KWMUSIC\html\skin404.gif
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnMax.png
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginBtnCloseOver.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\1\conf.ini
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnDownloadNormal.png
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnDownMask.png
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\Login\LoginEditBorderNormal.bmp
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\PNG\TopPanelBtnOverMask.png
  • C:\Program Files\KWMUSIC\plugin\in_mpg123.dll
  • C:\Program Files\KWMUSIC\Skin\CommonSkin\DeskLyricPng\NowPlayingLyric.png
  • C:\Program Files\KWMUSIC\res\msg\bk.gif
  • C:\Program Files\KWMUSIC\Skin\□□□□□□\SbujectSkin\2\TopPanelBKMid.bmp
  • c:\Documents and Settings\test user\Application Data\Microsoft\Internet Explorer\Quick Launch\□□□□□□□□□ 2010.lnk
  • C:\Program Files\KWMUSIC\kuwo-bk\green-yellow.jpg
  • C:\Program Files\KWMUSIC\kuwo-bk\orange-crystal.jpg
  • c:\Documents and Settings\test user\Desktop\□□□□□□□□□□□□□.lnk
  • C:\Program Files\KWMUSIC\Mplayer.dll
Modified Files
  • %PROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    • Changed the file contents
Registry Keys Created
  • HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{1AC0BEBD-4D2B-45AD-BCEB-F2C41C5E3788}
    0
    0,4,,1A45DFA3
  • HKCR\CLSID\{F23B1F18-CB1A-47ED-A1FE-B60494A626D0}\InprocServer32
    ThreadingModel
    Both
  • HKCR\CLSID\{E04A9EB2-3E24-4295-9F6F-621D3F73DC07}
    (Default)
    Koowo ASF Reader
  • HKLM\SOFTWARE\KWMUSIC
    APPEXIT
    1
  • HKCR\PROTOCOLS\Handler\mbox
    CLSID
    {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier
    Guid
    b0278a28-76f1-4e15-b1df-14b209a12613
  • HKCR\CLSID\{E04A9EB2-3E24-4295-9F6F-621D3F73DC07}\InprocServer32
    ThreadingModel
    Both
  • HKCR\Directory\shell\kwplaylist\command
    (Default)
    "C:\Program Files\KWMUSIC\KwMusic.exe" \dirlist "%1"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lrcx
    kwbak
  • HKCR\CLSID\{09571A4B-F1FE-4C60-9760-DE6D310C7C31}\InprocServer32
    (Default)
    C:\Program Files\KWMUSIC\CoreAVC0.ax
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma
    progid
    kwfile_wma
  • HKCR\kwfile_wma\shell\openkw\command
    (Default)
    "C:\Program Files\KWMUSIC\KwMusic.exe" "%1"
  • HKCR\kwfile_wma\shell\playlist\command
    (Default)
    "C:\Program Files\KWMUSIC\KwMusic.exe" \list "%1"
  • HKLM\SOFTWARE\KWMUSIC\UPDATE
    INSTALL_DATE
    0x00003a18
  • HKCR\CLSID\{345CAA15-4F12-4A28-AFE9-383625563A83}\InprocServer32
    ThreadingModel
    Both
  • HKCR\kwfile_mp3\shell\playlist\command
    (Default)
    "C:\Program Files\KWMUSIC\KwMusic.exe" \list "%1"
  • HKCR\mbox
    URL Protocol
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent
    ControlFlags
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KwMusic
    DisplayName
    □□□□□□□□□ 2010
  • HKCR\CLSID\{353D080F-A175-4F86-ADD6-6456673FDB61}\InprocServer32
    ThreadingModel
    Both
  • HKCR\.mp3\OpenWithList\KwMusic.exe
    (Default)
  • HKCR\kwfile_mp3\shell\open\command
    (Default)
    "C:\Program Files\KWMUSIC\KwMusic.exe" "%1"
  • HKCR\CLSID\{09571A4B-F1FE-4C60-9760-DE6D310C7C31}
    (Default)
    CoreAVC Video Decoder
  • HKCR\CLSID\{2917157F-342F-47E0-8EC1-F1CDFCC8F472}\InprocServer32
    ThreadingModel
    Both
  • HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{353D080F-A175-4F86-ADD6-6456673FDB61}
    FriendlyName
    Koowo Matroska Source
  • HKCR\.wma
    kwbak
    WMAFile
  • HKCR\PROTOCOLS\Handler\mboxflash
    CLSID
    {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
  • HKCR\mbox\Shell\open
    (Default)
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr
    Guid
    710adbf0-ce88-40b4-a50d-231ada6593f0
  • HKCR\.ksf
    kwbak
  • HKCR\kwfile_ksf\DefaultIcon
    (Default)
    C:\Program Files\KWMUSIC\face\KuwoPngSkinMaker.ico
  • HKLM\SOFTWARE\Microsoft\Tracing\FWCFG
    EnableConsoleTracing
    0x00000000
  • HKCR\.lrcx
    kwbak
  • HKCR\CLSID\{33C5B493-3D88-4C98-997B-807531664D8E}
    (Default)
    Gen_FP
  • HKLM\SOFTWARE\KWMUSIC\LOGMSG
    AppStart_TIMES
    0x00000001
  • HKCR\mboxflash
    (Default)
    URL:mboxflash Protocol
  • HKCR\kwfile_mp3\shell\openkw
    (Default)
    □□ □□□□□□□□□ □□□□
  • HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{09571A4B-F1FE-4C60-9760-DE6D310C7C31}
    FriendlyName
    CoreAVC Video Decoder
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh
    LogSessionName
    stdout
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3
    kwbak
    mp3file
  • HKCR\mboxflash\Shell\open\command
    (Default)
    "C:\Program Files\KWMUSIC\KwFlashHolder.exe" "%1"
  • HKCR\CLSID\{353D080F-A175-4F86-ADD6-6456673FDB61}
    (Default)
    Koowo Matroska Source
  • HKCR\.mp3
    kwbak
    mp3file
Registry Keys Modified
  • HKCR\.mp3
    (Default)
    kwfile_mp3
  • HKCR\.wma
    (Default)
    kwfile_wma
Processes Created
  • c:\docume~1\support\locals~1\temp\rarsfx0\mbox038.exe
  • c:\windows\system32\netsh.exe
HTTP Requests
  • http://down.kuwo.cn/mbox_data/266v_zip/RecommendZip.zip
  • http://down.kuwo.cn/mbox_data/say_hello/sig_music_3.1.0.4_an0_20100920.txt
  • http://gxh.kuwo.cn/psnrcm.pr
  • http://img1.koowo.com/star/starheads/120/4/80a74b254395e7d786fdc3f68703377_0.jpg
  • http://moreinfo.kuwo.cn/get.minfo
  • http://recommend-zip.kuwo.cn/mbox/zipsig_123.txt
  • http://reg.kuwo.cn/regsvr.auth
  • http://webstat.kuwo.cn/pet.web
IP Connections
  • 110.159.208.233:14520
  • 110.194.17.175:17529
  • 111.12.3.93:31992
  • 111.12.69.77:2835
  • 111.15.61.233:14520
  • 111.2.226.54:14520
  • 112.0.185.23:19787
  • 112.0.242.178:33506
  • 112.1.232.18:14520
  • 112.1.88.143:14520
  • 112.171.190.107:14520
  • 112.4.51.48:14520
  • 113.169.32.234:14520
  • 115.132.66.14:10034
  • 115.132.98.75:23268
  • 115.64.45.62:14520
  • 116.68.55.39:14520
  • 118.100.100.121:14520
  • 118.101.225.150:14520
  • 118.247.192.12:14520
  • 118.88.136.125:14520
  • 119.204.89.71:14520
  • 119.233.163.44:14520
  • 119.246.84.66:14520
  • 120.140.218.85:14520
  • 121.76.115.78:51886
  • 123.93.163.143:14520
  • 126.13.10.217:14520
  • 175.137.241.166:13519
  • 175.138.93.213:12101
  • 175.144.216.212:14520
  • 175.156.48.250:14520
  • 175.189.205.2:39464
  • 175.190.207.178:9112
  • 182.233.200.107:14520
  • 203.147.75.104:14520
  • 211.1.219.201:14520
  • 213.47.139.117:14913
  • 219.77.8.123:15931
  • 220.113.241.68:14520
  • 41.218.13.83:14520
  • 59.108.159.51:14182
  • 60.252.211.211:14520
  • 60.253.158.160:5102
  • 61.47.147.181:14520
  • 61.47.161.12:18726
  • 81.137.200.102:62697
  • 82.234.115.192:12151
  • 83.51.137.57:14520
  • 85.116.151.210:10064
DNS Requests
  • client-log.kuwo.cn
  • config.kuwo.cn
  • deliver.kuwo.cn
  • down.kuwo.cn
  • gxh.kuwo.cn
  • img1.koowo.com
  • log.kuwo.cn
  • moreinfo.kuwo.cn
  • recommend-zip.kuwo.cn
  • reg.kuwo.cn
  • uh1.kuwo.cn
  • uh2.kuwo.cn
  • webstat.kuwo.cn

download Try Sophos products for free
Download now