Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = 'services.exe'
- [<HKLM>\SOFTWARE\Classes\XSEFile\Shell\Open\Command] '' = ''
- %TEMP%\7a.exe
- %TEMP%\hmen.exe
- %TEMP%\browser.exe
- %TEMP%\is-JTPA7.tmp\browser.tmp /SL5="$200DE,932318,67072,%TEMP%\browser.exe"
- %TEMP%\is-O0KR6.tmp\7a.tmp /SL5="$200E8,65238,54272,%TEMP%\7a.exe"
- C:\8009.exe
- C:\xiaohudui.exe
- C:\8009.exe sj.c
- %TEMP%\xiaohudui.exe
- %TEMP%\yingzi.exe
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\taskkill.exe /f /im ekrn.exe
- <SYSTEM32>\taskkill.exe /f /im egui.exe
- <SYSTEM32>\rundll32.exe
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\wscript.exe "%HOMEPATH%\Templates\Sec360.jse"
- ekrn.exe
- 360tray.exe
- %PROGRAM_FILES%\browser\Skin\Default\is-TDL28.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-OBJLO.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-HPA9C.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-SBKP0.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-IFTEO.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-O5RAK.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-O0241.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-QKQJ5.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-IDP31.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-2FN6R.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-OSB2E.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-MQMLL.tmp
- %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-9NTQH.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-7HRI5.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-4PU6G.tmp
- %PROGRAM_FILES%\browser\Plugin\Translate\is-AOOEH.tmp
- %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-87FPC.tmp
- %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-O8MQS.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-FL1EB.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-BFC1N.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-B5OIN.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-G8P3C.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-0IC82.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-9RJ4N.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-ACE7I.tmp
- %PROGRAM_FILES%\browser\User\is-R6585.tmp
- %PROGRAM_FILES%\browser\User\is-0OTB1.tmp
- %PROGRAM_FILES%\browser\User\is-A9EAH.tmp
- %PROGRAM_FILES%\browser\User\is-58MG8.tmp
- %PROGRAM_FILES%\browser\User\is-ML45K.tmp
- %PROGRAM_FILES%\browser\User\is-FUBAR.tmp
- %PROGRAM_FILES%\browser\unins000.dat
- %TEMP%\~4b3f1.tmp
- %TEMP%\~4b400.tmp
- %PROGRAM_FILES%\browser\User\is-RJ5UB.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\browser\browser.lnk
- %ALLUSERSPROFILE%\Desktop\°ІИ«дЇААЖч.lnk
- %PROGRAM_FILES%\browser\Skin\Default\is-NKAE5.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-7QQ4D.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-05SJ1.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-DCF8F.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-Q0H0A.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-H3GNO.tmp
- %PROGRAM_FILES%\browser\User\is-9OS43.tmp
- %PROGRAM_FILES%\browser\User\is-34N0J.tmp
- %PROGRAM_FILES%\browser\User\is-6LJ8E.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-5PKOB.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-9EH06.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-66N9K.tmp
- %PROGRAM_FILES%\browser\Plugin\Translate\is-SNK6D.tmp
- %TEMP%\is-4PPMR.tmp\tt.ico
- %PROGRAM_FILES%\NetMeeting\tt.ico
- %TEMP%\is-4PPMR.tmp\Sec360.jse
- %TEMP%\is-4PPMR.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-GP29T.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-GP29T.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\browser\is-E1HDG.tmp
- %PROGRAM_FILES%\browser\is-IN3OS.tmp
- %PROGRAM_FILES%\browser\is-N66G4.tmp
- %HOMEPATH%\Templates\Sec360.jse
- %PROGRAM_FILES%\browser\is-13KA5.tmp
- %PROGRAM_FILES%\browser\is-M2DML.tmp
- %TEMP%\xiaohudui.exe
- %TEMP%\hmen.exe
- %TEMP%\browser.exe
- C:\xiaohudui.exe
- C:\8009.exe
- %TEMP%\yingzi.exe
- %TEMP%\is-O0KR6.tmp\7a.tmp
- %TEMP%\is-JTPA7.tmp\browser.tmp
- %TEMP%\is-4PPMR.tmp\_isetup\_RegDLL.tmp
- %TEMP%\~4159a.t
- %TEMP%\7a.exe
- %TEMP%\~42aab.t
- %PROGRAM_FILES%\browser\Language\is-O7URH.tmp
- %PROGRAM_FILES%\browser\Plugin\SnapShot\is-RG70R.tmp
- %PROGRAM_FILES%\browser\Plugin\TipPassword\is-BDKFB.tmp
- %PROGRAM_FILES%\browser\Plugin\TipPassword\is-K69D5.tmp
- %PROGRAM_FILES%\browser\Plugin\SnapShot\is-TAROT.tmp
- %PROGRAM_FILES%\browser\Plugin\SnapShot\is-RC0DT.tmp
- %PROGRAM_FILES%\browser\Plugin\SnapShot\is-KA256.tmp
- %PROGRAM_FILES%\browser\Plugin\Tools\is-1PRR4.tmp
- %PROGRAM_FILES%\browser\Plugin\Tools\is-8MODA.tmp
- %PROGRAM_FILES%\browser\Plugin\Translate\is-PQO7E.tmp
- %PROGRAM_FILES%\browser\Plugin\TipPassword\is-OQICF.tmp
- %PROGRAM_FILES%\browser\Plugin\Tools\is-QF8SB.tmp
- %PROGRAM_FILES%\browser\Plugin\Tools\is-7UHBU.tmp
- %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-71Q08.tmp
- %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-A5NJD.tmp
- %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-26E4G.tmp
- %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-8VM8S.tmp
- %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-BT7GR.tmp
- %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-S0IIS.tmp
- %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-U85QJ.tmp
- %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-JS89L.tmp
- %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-FATG5.tmp
- %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-C4JG4.tmp
- %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-5UTPH.tmp
- %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-2B6KR.tmp
- %TEMP%\~4159a.t
- %TEMP%\is-O0KR6.tmp\7a.tmp
- %PROGRAM_FILES%\browser\JJBrowser.exe
- %TEMP%\is-JTPA7.tmp\browser.tmp
- %TEMP%\is-GP29T.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-GP29T.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-4PPMR.tmp\tt.ico
- %TEMP%\is-4PPMR.tmp\Sec360.jse
- C:\xiaohudui.exe
- %TEMP%\~42aab.t
- %TEMP%\is-4PPMR.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-4PPMR.tmp\_isetup\_RegDLL.tmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-2FN6R.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainTool16.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-OSB2E.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainTool24.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-OBJLO.tmp to %PROGRAM_FILES%\browser\Skin\Default\left.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-HPA9C.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainMenu.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-MQMLL.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainToolGray16.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-IDP31.tmp to %PROGRAM_FILES%\browser\Skin\Default\SearchBar.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-ACE7I.tmp to %PROGRAM_FILES%\browser\Skin\Default\Skin.ini
- from %PROGRAM_FILES%\browser\Skin\Default\is-O0241.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainToolGray24.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-QKQJ5.tmp to %PROGRAM_FILES%\browser\Skin\Default\right.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-FL1EB.tmp to %PROGRAM_FILES%\browser\Skin\Default\biaoti.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-BFC1N.tmp to %PROGRAM_FILES%\browser\Skin\Default\Border.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-0IC82.tmp to %PROGRAM_FILES%\browser\Skin\Default\BackGround.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-9RJ4N.tmp to %PROGRAM_FILES%\browser\Skin\Default\biaoqian.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-B5OIN.tmp to %PROGRAM_FILES%\browser\Skin\Default\ce.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-O5RAK.tmp to %PROGRAM_FILES%\browser\Skin\Default\Go.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-TDL28.tmp to %PROGRAM_FILES%\browser\Skin\Default\gongju.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-SBKP0.tmp to %PROGRAM_FILES%\browser\Skin\Default\dibian.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-IFTEO.tmp to %PROGRAM_FILES%\browser\Skin\Default\FavBar.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-DCF8F.tmp to %PROGRAM_FILES%\browser\Skin\Default\StatusTool.bmp
- from %PROGRAM_FILES%\browser\User\is-58MG8.tmp to %PROGRAM_FILES%\browser\User\DownManager.ini
- from %PROGRAM_FILES%\browser\User\is-ML45K.tmp to %PROGRAM_FILES%\browser\User\Filter.ini
- from %PROGRAM_FILES%\browser\User\is-34N0J.tmp to %PROGRAM_FILES%\browser\User\baidu.ico
- from %PROGRAM_FILES%\browser\User\is-6LJ8E.tmp to %PROGRAM_FILES%\browser\User\CollectorOutput.txt
- from %PROGRAM_FILES%\browser\User\is-FUBAR.tmp to %PROGRAM_FILES%\browser\User\JJBrowser.ini
- from %PROGRAM_FILES%\browser\User\is-A9EAH.tmp to %PROGRAM_FILES%\browser\User\SearchEngine.ini
- from %PROGRAM_FILES%\browser\User\is-RJ5UB.tmp to %PROGRAM_FILES%\browser\User\taobao.ico
- from %PROGRAM_FILES%\browser\User\is-R6585.tmp to %PROGRAM_FILES%\browser\User\LastClose.ini
- from %PROGRAM_FILES%\browser\User\is-0OTB1.tmp to %PROGRAM_FILES%\browser\User\LastVisit.ini
- from %PROGRAM_FILES%\browser\Skin\Default\is-NKAE5.tmp to %PROGRAM_FILES%\browser\Skin\Default\TabNew.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-7QQ4D.tmp to %PROGRAM_FILES%\browser\Skin\Default\TabNewActive.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-Q0H0A.tmp to %PROGRAM_FILES%\browser\Skin\Default\SysBtn.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-H3GNO.tmp to %PROGRAM_FILES%\browser\Skin\Default\TabActive.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-05SJ1.tmp to %PROGRAM_FILES%\browser\Skin\Default\TabNormal.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-66N9K.tmp to %PROGRAM_FILES%\browser\Skin\Default\zhuangtai.bmp
- from %PROGRAM_FILES%\browser\User\is-9OS43.tmp to %PROGRAM_FILES%\browser\User\ad.html
- from %PROGRAM_FILES%\browser\Skin\Default\is-5PKOB.tmp to %PROGRAM_FILES%\browser\Skin\Default\TaskBar.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-9EH06.tmp to %PROGRAM_FILES%\browser\Skin\Default\top.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-G8P3C.tmp to %PROGRAM_FILES%\browser\Skin\Default\AddressRight.bmp
- from %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-26E4G.tmp to %PROGRAM_FILES%\browser\Plugin\MouseUnlock\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-C4JG4.tmp to %PROGRAM_FILES%\browser\Plugin\PageZoomMore\icon.ico
- from %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-71Q08.tmp to %PROGRAM_FILES%\browser\Plugin\MouseUnlock\MouseUnlock.htm
- from %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-A5NJD.tmp to %PROGRAM_FILES%\browser\Plugin\MouseUnlock\MouseUnlock.ico
- from %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-5UTPH.tmp to %PROGRAM_FILES%\browser\Plugin\PageZoomMore\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-JS89L.tmp to %PROGRAM_FILES%\browser\Plugin\ShowPassword\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-FATG5.tmp to %PROGRAM_FILES%\browser\Plugin\ShowPassword\script.htm
- from %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-2B6KR.tmp to %PROGRAM_FILES%\browser\Plugin\PageZoomMore\script.htm
- from %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-U85QJ.tmp to %PROGRAM_FILES%\browser\Plugin\ShowPassword\password.ico
- from %PROGRAM_FILES%\browser\is-E1HDG.tmp to %PROGRAM_FILES%\browser\JJBrowser.exe
- from %PROGRAM_FILES%\browser\is-IN3OS.tmp to %PROGRAM_FILES%\browser\update.info
- from %PROGRAM_FILES%\browser\is-13KA5.tmp to %PROGRAM_FILES%\browser\unins000.exe
- from %PROGRAM_FILES%\browser\is-M2DML.tmp to %PROGRAM_FILES%\browser\JJBrowser.exe
- from %PROGRAM_FILES%\browser\is-N66G4.tmp to %PROGRAM_FILES%\browser\Updater.ini
- from %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-BT7GR.tmp to %PROGRAM_FILES%\browser\Plugin\LiquidLayout\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-S0IIS.tmp to %PROGRAM_FILES%\browser\Plugin\LiquidLayout\script.htm
- from %PROGRAM_FILES%\browser\Language\is-O7URH.tmp to %PROGRAM_FILES%\browser\Language\ChineseGB.ini
- from %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-8VM8S.tmp to %PROGRAM_FILES%\browser\Plugin\LiquidLayout\icon.ico
- from %PROGRAM_FILES%\browser\Plugin\SnapShot\is-TAROT.tmp to %PROGRAM_FILES%\browser\Plugin\SnapShot\CameraDll.dll
- from %PROGRAM_FILES%\browser\Plugin\Translate\is-SNK6D.tmp to %PROGRAM_FILES%\browser\Plugin\Translate\translate.htm
- from %PROGRAM_FILES%\browser\Plugin\Translate\is-AOOEH.tmp to %PROGRAM_FILES%\browser\Plugin\Translate\translate.ico
- from %PROGRAM_FILES%\browser\Plugin\Tools\is-8MODA.tmp to %PROGRAM_FILES%\browser\Plugin\Tools\QuickTools.ini
- from %PROGRAM_FILES%\browser\Plugin\Translate\is-PQO7E.tmp to %PROGRAM_FILES%\browser\Plugin\Translate\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-87FPC.tmp to %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\MouseUnlock.htm
- from %PROGRAM_FILES%\browser\Skin\Default\is-7HRI5.tmp to %PROGRAM_FILES%\browser\Skin\Default\AddressLeft.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-4PU6G.tmp to %PROGRAM_FILES%\browser\Skin\Default\AddressMid.bmp
- from %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-O8MQS.tmp to %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\MouseUnlock.ico
- from %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-9NTQH.tmp to %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\SnapShot\is-RG70R.tmp to %PROGRAM_FILES%\browser\Plugin\SnapShot\SnapShot.exe
- from %PROGRAM_FILES%\browser\Plugin\TipPassword\is-BDKFB.tmp to %PROGRAM_FILES%\browser\Plugin\TipPassword\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\SnapShot\is-RC0DT.tmp to %PROGRAM_FILES%\browser\Plugin\SnapShot\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\SnapShot\is-KA256.tmp to %PROGRAM_FILES%\browser\Plugin\SnapShot\setting.ini
- from %PROGRAM_FILES%\browser\Plugin\TipPassword\is-K69D5.tmp to %PROGRAM_FILES%\browser\Plugin\TipPassword\script.htm
- from %PROGRAM_FILES%\browser\Plugin\Tools\is-7UHBU.tmp to %PROGRAM_FILES%\browser\Plugin\Tools\QuickProcess.exe
- from %PROGRAM_FILES%\browser\Plugin\Tools\is-1PRR4.tmp to %PROGRAM_FILES%\browser\Plugin\Tools\QuickTools.exe
- from %PROGRAM_FILES%\browser\Plugin\TipPassword\is-OQICF.tmp to %PROGRAM_FILES%\browser\Plugin\TipPassword\TipPassword.ico
- from %PROGRAM_FILES%\browser\Plugin\Tools\is-QF8SB.tmp to %PROGRAM_FILES%\browser\Plugin\Tools\QuickMute.exe
- 'li##.cuwqh.cn':6668
- 'vi#.#jiai.cn':80
- vi#.#jiai.cn/admin/count.php?id################
- vi#.#jiai.cn/admin/count.php?id##################################################################################################################
- DNS ASK li##.cuwqh.cn
- DNS ASK vi#.#jiai.cn
- ClassName: 'ToolbarWindow32' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'SysPager' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''