Technical Information
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%ALLUSERSPROFILE%\svchost.exe'
- '%ProgramFiles%\internet explorer\iexplore.exe' "ml xmlns="http://www.w3.org/1999/xhtml"><head><title>???????????????????</title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script>(function(){ var bp = document....
- %ALLUSERSPROFILE%\svchost.exe
- 'tt##0.com':80
- http://www.tt##0.com/dongtai.php
- http://www.tt##0.com/rurlone.php
- DNS ASK tt##0.com
- ClassName: 'Progman' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'Static' WindowName: ''
- '%ALLUSERSPROFILE%\svchost.exe' <Full path to file>
- '%ALLUSERSPROFILE%\svchost.exe' <Full path to file>' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe'