Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360safe' = '%ALLUSERSPROFILE%\svchost.exe'
- C:\list.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bang[1].txt
- %ALLUSERSPROFILE%\svchost.exe
- C:\list.txt
- 'www.kc##2.com':80
- www.kc##2.com/wm/feng/bang.txt
- www.kc##2.com/wm/feng/tj/Count.asp?ve####################################
- DNS ASK www.kc##2.com
- '<Private IP address>':1035
- ClassName: 'SysListView32' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: '#32770' WindowName: 'Windows ??????????'