Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '54rk' = ''
- <SYSTEM32>\baiduimhw.exe
- <SYSTEM32>\gamehw.exe
- <SYSTEM32>\Tencenthw.exe
- <SYSTEM32>\baiduimhw.exe (downloaded from the Internet)
- <SYSTEM32>\gamehw.exe (downloaded from the Internet)
- <SYSTEM32>\cmd.exe /c DELETEME.bat
- dnf.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[92]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[91]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[94]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[93]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[90]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[87]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[86]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[89]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[88]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[95]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA45E78D
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAVN2EOL
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA49QNO5
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA2R0DYN
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CACXMR0X
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[97]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[96]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[99]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[98]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[85]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[72]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[71]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[74]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[73]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[70]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[67]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[66]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[69]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[68]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[75]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[82]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[81]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[84]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[83]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[80]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[77]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[76]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[79]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[78]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAP4AFL3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAABYHM5
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAQ9WRM1
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA4X6ZOT
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAHR6F38
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA6VCPG1
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAMZSXMF
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA26YOU9
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA2NSPUB
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA6HM5KP
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAE301IR
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAMP0PU5
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA8EOYHN
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAO5YVKH
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAAMCL8F
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAH0EOUH
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAEW0CEC
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA95AO8W
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAF7G8E3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAES23WO
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA49EPUZ
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA0T2JGT
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAO5JAF1
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA4HUVOD
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA5J3UE5
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA4BZ20P
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA2DY3CO
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CALY6PLS
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAI76TCP
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CADWXTCQ
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAKP8P2P
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CATXUKBX
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA67KPEF
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAWHMZSH
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAYQY3LI
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA83JKOL
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CAE3OHIN
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA1TO94Y
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\CA6BSXQ3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[14]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[13]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[16]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[15]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[12]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[9]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[8]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[11]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[10]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[17]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[24]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[23]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[26]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[25]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[22]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[19]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[18]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[21]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[20]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[7]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip138[1]
- <SYSTEM32>\gamehw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip138[3]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip138[2]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\tplink27[1].exe
- <SYSTEM32>\Tencenthw.exe
- <SYSTEM32>\cfghw.tmp
- <SYSTEM32>\gametohw.exe
- <SYSTEM32>\e0x2.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ip138[4]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[5]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[4]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[6]
- <Current directory>\DELETEME.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[3]
- <SYSTEM32>\baiduimhw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\SLAVE27[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[2]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[53]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[52]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[55]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[54]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[51]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[48]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[47]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[50]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[49]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[56]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[63]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[62]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[65]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[64]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[61]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[58]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[57]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[60]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[59]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[46]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[33]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[32]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[35]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[34]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[31]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[28]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[27]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[30]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[29]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[36]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[43]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[42]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[45]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[44]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[41]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[38]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[37]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[40]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ip138[39]
- 'gu#.#qtlf.com':80
- 'www.ip##8.com':80
- 'ge###.webok.net':3721
- 'localhost':1037
- 'localhost':1040
- gu#.#qtlf.com/SLAVE27.exe
- www.ip##8.com/
- gu#.#qtlf.com/tplink27.exe
- DNS ASK gu#.#qtlf.com
- DNS ASK www.ip##8.com
- DNS ASK ok#.#aonmb.com
- DNS ASK ge###.webok.net