Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SVCH0ST' = ''
- %PROGRAM_FILES%\Internet Explorer\17.exe
- %PROGRAM_FILES%\Internet Explorer\9.exe
- %PROGRAM_FILES%\Internet Explorer\8.exe
- %PROGRAM_FILES%\Internet Explorer\7.exe
- %PROGRAM_FILES%\Internet Explorer\14.exe
- %PROGRAM_FILES%\Internet Explorer\10.exe
- %PROGRAM_FILES%\Internet Explorer\15.exe
- %PROGRAM_FILES%\Internet Explorer\13.exe
- %PROGRAM_FILES%\Internet Explorer\12.exe
- %PROGRAM_FILES%\Internet Explorer\16.exe
- %PROGRAM_FILES%\Internet Explorer\11.exe
- %PROGRAM_FILES%\Internet Explorer\18.exe
- %PROGRAM_FILES%\Internet Explorer\20.exe
- %PROGRAM_FILES%\Internet Explorer\3.exe
- %PROGRAM_FILES%\Internet Explorer\1.exe
- %PROGRAM_FILES%\Internet Explorer\2.exe
- %PROGRAM_FILES%\Internet Explorer\4.exe
- %PROGRAM_FILES%\Internet Explorer\6.exe
- %PROGRAM_FILES%\Internet Explorer\5.exe
- %PROGRAM_FILES%\Internet Explorer\19.exe
- %PROGRAM_FILES%\Internet Explorer\20.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\14.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\17.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\19.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\16.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\18.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\15.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\4.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\5.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\6.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\1.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\2.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\3.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\7.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\11.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\12.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\13.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\8.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\9.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Internet Explorer\10.exe (downloaded from the Internet)
- <SYSTEM32>\taskkill.exe /im 360safe.exe /f
- <SYSTEM32>\cmd.exe /c <Current directory>\_deleteme.bat
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\15[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\14[1].exe
- %PROGRAM_FILES%\Internet Explorer\14.exe
- %PROGRAM_FILES%\Internet Explorer\15.exe
- %PROGRAM_FILES%\Internet Explorer\16.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\16[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\15[2].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\14[1].exe
- %PROGRAM_FILES%\Internet Explorer\12.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\12[1].exe
- %PROGRAM_FILES%\Internet Explorer\11.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\12[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\13[1].exe
- %PROGRAM_FILES%\Internet Explorer\13.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\13[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\16[1].exe
- %PROGRAM_FILES%\Internet Explorer\20.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\20[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\19[2].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\20[1].exe
- <Current directory>\_deleteme.bat
- %PROGRAM_FILES%\Internet Explorer\down.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\down[1].exe
- %PROGRAM_FILES%\Internet Explorer\19.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\17[1].exe
- %PROGRAM_FILES%\Internet Explorer\17.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\17[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\18[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\19[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\18[1].exe
- %PROGRAM_FILES%\Internet Explorer\18.exe
- %PROGRAM_FILES%\Internet Explorer\4.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\4[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\3[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\4[2].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\5[1].exe
- %PROGRAM_FILES%\Internet Explorer\5.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\5[1].exe
- %PROGRAM_FILES%\Internet Explorer\3.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\1[1].exe
- %PROGRAM_FILES%\Internet Explorer\1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\2[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\3[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\2[1].exe
- %PROGRAM_FILES%\Internet Explorer\2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\6[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\9[1].exe
- %PROGRAM_FILES%\Internet Explorer\9.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\9[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\10[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\11[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\10[1].exe
- %PROGRAM_FILES%\Internet Explorer\10.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\8[2].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\7[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\6[1].exe
- %PROGRAM_FILES%\Internet Explorer\6.exe
- %PROGRAM_FILES%\Internet Explorer\7.exe
- %PROGRAM_FILES%\Internet Explorer\8.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\8[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\7[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\14[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\15[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\12[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\13[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\16[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\19[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\20[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\17[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\18[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\10[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\3[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\4[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\2[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\5[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\8[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\9[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\6[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\7[1].exe
- 'www.dx##20.cn':80
- 'localhost':1039
- 'localhost':1038
- www.dx##20.cn/down/15.exe
- www.dx##20.cn/down/16.exe
- www.dx##20.cn/down/14.exe
- www.dx##20.cn/down/12.exe
- www.dx##20.cn/down/13.exe
- www.dx##20.cn/down/20.exe
- www.dx##20.cn/down.exe
- www.dx##20.cn/down/19.exe
- www.dx##20.cn/down/17.exe
- www.dx##20.cn/down/18.exe
- www.dx##20.cn/down/11.exe
- www.dx##20.cn/down/4.exe
- www.dx##20.cn/down/5.exe
- www.dx##20.cn/down/3.exe
- www.dx##20.cn/down/1.exe
- www.dx##20.cn/down/2.exe
- www.dx##20.cn/down/9.exe
- www.dx##20.cn/down/10.exe
- www.dx##20.cn/down/8.exe
- www.dx##20.cn/down/6.exe
- www.dx##20.cn/down/7.exe
- DNS ASK www.dx##20.cn
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''