Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\IEMaoSvc] 'Start' = '00000002'
- %PROGRAM_FILES%\IEMao\IEMaoSvc.exe /regserver
- %PROGRAM_FILES%\IEMao\IEMaoSvc.exe INS %TEMP%\SE205.exe
- %PROGRAM_FILES%\IEMao\IEMaoSvc.exe
- %TEMP%\SE205.exe /VERYSILENT /SP-
- %TEMP%\is-NL7KH.tmp\SE205.tmp /SL5="$100EE,1954047,54272,%TEMP%\SE205.exe" /VERYSILENT /SP-
- %TEMP%\is-R68LH.tmp\IEMaoSvc.exe U
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\IEMao\IEMaoBar.dll"
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\midas.dll"
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\IEMao\iemao.dll"
- %PROGRAM_FILES%\IEMao\Search\is-HBSGC.tmp
- %PROGRAM_FILES%\IEMao\Search\is-7AP99.tmp
- %PROGRAM_FILES%\IEMao\Search\is-1FLQ3.tmp
- %PROGRAM_FILES%\IEMao\Search\is-GM5OE.tmp
- %PROGRAM_FILES%\IEMao\Search\is-UG0MV.tmp
- %PROGRAM_FILES%\IEMao\Search\is-PH0PA.tmp
- %PROGRAM_FILES%\IEMao\Search\is-IA8C1.tmp
- %PROGRAM_FILES%\IEMao\Search\is-4ENP5.tmp
- %PROGRAM_FILES%\IEMao\Search\is-MPL4M.tmp
- %PROGRAM_FILES%\IEMao\Search\is-J9I2V.tmp
- %PROGRAM_FILES%\IEMao\Search\is-5TLF2.tmp
- %PROGRAM_FILES%\IEMao\Search\is-VOLMS.tmp
- %PROGRAM_FILES%\IEMao\Search\is-BVOF0.tmp
- %PROGRAM_FILES%\IEMao\Search\is-H99T9.tmp
- %PROGRAM_FILES%\IEMao\Search\is-V29LL.tmp
- %PROGRAM_FILES%\IEMao\Search\is-P1UKP.tmp
- %PROGRAM_FILES%\IEMao\Search\is-S7DVL.tmp
- %HOMEPATH%\Favorites\IEГЁµјєЅ.url
- %PROGRAM_FILES%\IEMao\unins000.dat
- %PROGRAM_FILES%\IEMao\Search\is-MVPO9.tmp
- %PROGRAM_FILES%\IEMao\is-ID7RL.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gg[1].asp
- <SYSTEM32>\5B5B5A5A.fn
- %PROGRAM_FILES%\IEMao\iemao.cg
- %PROGRAM_FILES%\IEMao\Site.ini
- %PROGRAM_FILES%\IEMao\Search\is-43UKF.tmp
- %PROGRAM_FILES%\IEMao\Search\is-R4O57.tmp
- %PROGRAM_FILES%\IEMao\Search\is-EECVI.tmp
- %PROGRAM_FILES%\IEMao\Search\is-HGA78.tmp
- %PROGRAM_FILES%\IEMao\Search\is-CQEO7.tmp
- %PROGRAM_FILES%\IEMao\Search\is-2NHQS.tmp
- %PROGRAM_FILES%\IEMao\Search\is-PU0QO.tmp
- %PROGRAM_FILES%\IEMao\Search\is-SEQ1F.tmp
- %PROGRAM_FILES%\IEMao\Search\is-D7S2B.tmp
- %PROGRAM_FILES%\IEMao\is-LCFE3.tmp
- %PROGRAM_FILES%\IEMao\is-1UE4F.tmp
- %PROGRAM_FILES%\IEMao\is-7CVHV.tmp
- <SYSTEM32>\is-NPKQ9.tmp
- %PROGRAM_FILES%\IEMao\Search\is-CBL4U.tmp
- %PROGRAM_FILES%\IEMao\Search\is-QERTI.tmp
- %PROGRAM_FILES%\IEMao\Search\is-SMFKI.tmp
- %PROGRAM_FILES%\IEMao\Search\is-QE768.tmp
- %PROGRAM_FILES%\IEMao\is-JGEQV.tmp
- %TEMP%\is-NL7KH.tmp\SE205.tmp
- %TEMP%\is-R68LH.tmp\_isetup\_RegDLL.tmp
- %TEMP%\SE205.exe
- %PROGRAM_FILES%\IEMao\is-45KT1.tmp
- %PROGRAM_FILES%\IEMao\is-LTCGQ.tmp
- %TEMP%\is-R68LH.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-R68LH.tmp\IEMaoSvc.exe
- %PROGRAM_FILES%\IEMao\Search\is-R1H1R.tmp
- %PROGRAM_FILES%\IEMao\Search\is-04LJB.tmp
- %PROGRAM_FILES%\IEMao\Search\is-U1K9R.tmp
- %PROGRAM_FILES%\IEMao\Search\is-CSB7V.tmp
- %PROGRAM_FILES%\IEMao\Search\is-U82OO.tmp
- %PROGRAM_FILES%\IEMao\Search\is-JAU8S.tmp
- %PROGRAM_FILES%\IEMao\Search\is-CQPS4.tmp
- %PROGRAM_FILES%\IEMao\Search\is-V2QUC.tmp
- %PROGRAM_FILES%\IEMao\Search\is-5N22M.tmp
- %PROGRAM_FILES%\IEMao\Search\is-P1970.tmp
- %PROGRAM_FILES%\IEMao\Search\is-DB9V0.tmp
- %PROGRAM_FILES%\IEMao\Search\is-RMAL1.tmp
- %PROGRAM_FILES%\IEMao\Search\is-KKSNL.tmp
- %PROGRAM_FILES%\IEMao\Search\is-I01A4.tmp
- %PROGRAM_FILES%\IEMao\Search\is-IUSLG.tmp
- %PROGRAM_FILES%\IEMao\Search\is-CD1F5.tmp
- %PROGRAM_FILES%\IEMao\Search\is-N41P9.tmp
- %TEMP%\is-R68LH.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-NL7KH.tmp\SE205.tmp
- %TEMP%\is-R68LH.tmp\IEMaoSvc.exe
- %TEMP%\is-R68LH.tmp\_isetup\_RegDLL.tmp
- from %PROGRAM_FILES%\IEMao\Search\is-1FLQ3.tmp to %PROGRAM_FILES%\IEMao\Search\soft.zol.xml
- from %PROGRAM_FILES%\IEMao\Search\is-MPL4M.tmp to %PROGRAM_FILES%\IEMao\Search\soft.xunlei.xml
- from %PROGRAM_FILES%\IEMao\Search\is-V29LL.tmp to %PROGRAM_FILES%\IEMao\Search\soft.skycn.xml
- from %PROGRAM_FILES%\IEMao\Search\is-GM5OE.tmp to %PROGRAM_FILES%\IEMao\Search\tieba.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-IA8C1.tmp to %PROGRAM_FILES%\IEMao\Search\video.gougou.xml
- from %PROGRAM_FILES%\IEMao\Search\is-7AP99.tmp to %PROGRAM_FILES%\IEMao\Search\video.google.xml
- from %PROGRAM_FILES%\IEMao\Search\is-HBSGC.tmp to %PROGRAM_FILES%\IEMao\Search\video.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-J9I2V.tmp to %PROGRAM_FILES%\IEMao\Search\shopping.youdao.xml
- from %PROGRAM_FILES%\IEMao\Search\is-BVOF0.tmp to %PROGRAM_FILES%\IEMao\Search\shopping.langlang.xml
- from %PROGRAM_FILES%\IEMao\Search\is-VOLMS.tmp to %PROGRAM_FILES%\IEMao\Search\shopping.google.xml
- from %PROGRAM_FILES%\IEMao\Search\is-5TLF2.tmp to %PROGRAM_FILES%\IEMao\Search\soft.crsky.xml
- from %PROGRAM_FILES%\IEMao\Search\is-H99T9.tmp to %PROGRAM_FILES%\IEMao\Search\soft.sina.xml
- from %PROGRAM_FILES%\IEMao\Search\is-S7DVL.tmp to %PROGRAM_FILES%\IEMao\Search\soft.newhua.xml
- from %PROGRAM_FILES%\IEMao\Search\is-P1UKP.tmp to %PROGRAM_FILES%\IEMao\Search\soft.mydrivers.xml
- from %PROGRAM_FILES%\IEMao\Search\is-2NHQS.tmp to %PROGRAM_FILES%\IEMao\Search\web.google.xml
- from %PROGRAM_FILES%\IEMao\Search\is-D7S2B.tmp to %PROGRAM_FILES%\IEMao\Search\web.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-SEQ1F.tmp to %PROGRAM_FILES%\IEMao\Search\vssver.scc
- from %PROGRAM_FILES%\IEMao\Search\is-PU0QO.tmp to %PROGRAM_FILES%\IEMao\Search\web.sogou.xml
- from %PROGRAM_FILES%\IEMao\is-ID7RL.tmp to %PROGRAM_FILES%\IEMao\Site.ini
- from %PROGRAM_FILES%\IEMao\Search\is-MVPO9.tmp to %PROGRAM_FILES%\IEMao\Search\zhishu.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-43UKF.tmp to %PROGRAM_FILES%\IEMao\Search\web.soso.xml
- from %PROGRAM_FILES%\IEMao\Search\is-PH0PA.tmp to %PROGRAM_FILES%\IEMao\Search\video.sogou.xml
- from %PROGRAM_FILES%\IEMao\Search\is-UG0MV.tmp to %PROGRAM_FILES%\IEMao\Search\video.sina.xml
- from %PROGRAM_FILES%\IEMao\Search\is-4ENP5.tmp to %PROGRAM_FILES%\IEMao\Search\video.ku6.xml
- from %PROGRAM_FILES%\IEMao\Search\is-HGA78.tmp to %PROGRAM_FILES%\IEMao\Search\video.soso.xml
- from %PROGRAM_FILES%\IEMao\Search\is-EECVI.tmp to %PROGRAM_FILES%\IEMao\Search\video.youku.xml
- from %PROGRAM_FILES%\IEMao\Search\is-R4O57.tmp to %PROGRAM_FILES%\IEMao\Search\video.verycd.xml
- from %PROGRAM_FILES%\IEMao\Search\is-CQEO7.tmp to %PROGRAM_FILES%\IEMao\Search\video.tudou.xml
- from %PROGRAM_FILES%\IEMao\Search\is-CBL4U.tmp to %PROGRAM_FILES%\IEMao\Search\dict.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-QE768.tmp to %PROGRAM_FILES%\IEMao\Search\blog.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-SMFKI.tmp to %PROGRAM_FILES%\IEMao\Search\baike.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-QERTI.tmp to %PROGRAM_FILES%\IEMao\Search\dict.engkoo.xml
- from %PROGRAM_FILES%\IEMao\Search\is-P1970.tmp to %PROGRAM_FILES%\IEMao\Search\dict.netat.xml
- from %PROGRAM_FILES%\IEMao\Search\is-KKSNL.tmp to %PROGRAM_FILES%\IEMao\Search\dict.iciba.xml
- from %PROGRAM_FILES%\IEMao\Search\is-RMAL1.tmp to %PROGRAM_FILES%\IEMao\Search\dict.google.xml
- from %PROGRAM_FILES%\IEMao\is-JGEQV.tmp to %PROGRAM_FILES%\IEMao\IEMaoSvc.exe
- from %PROGRAM_FILES%\IEMao\is-LTCGQ.tmp to %PROGRAM_FILES%\IEMao\iemao.dll
- from %PROGRAM_FILES%\IEMao\is-45KT1.tmp to %PROGRAM_FILES%\IEMao\unins000.exe
- from %PROGRAM_FILES%\IEMao\is-7CVHV.tmp to %PROGRAM_FILES%\IEMao\Update.dll
- from %PROGRAM_FILES%\IEMao\is-1UE4F.tmp to %PROGRAM_FILES%\IEMao\Search.xml
- from %PROGRAM_FILES%\IEMao\is-LCFE3.tmp to %PROGRAM_FILES%\IEMao\IEMaoBar.dll
- from <SYSTEM32>\is-NPKQ9.tmp to <SYSTEM32>\midas.dll
- from %PROGRAM_FILES%\IEMao\Search\is-04LJB.tmp to %PROGRAM_FILES%\IEMao\Search\shop.redbaby.xml
- from %PROGRAM_FILES%\IEMao\Search\is-R1H1R.tmp to %PROGRAM_FILES%\IEMao\Search\shop.newegg.xml
- from %PROGRAM_FILES%\IEMao\Search\is-CSB7V.tmp to %PROGRAM_FILES%\IEMao\Search\shop.dangdang.xml
- from %PROGRAM_FILES%\IEMao\Search\is-CQPS4.tmp to %PROGRAM_FILES%\IEMao\Search\shop.taobao.xml
- from %PROGRAM_FILES%\IEMao\Search\is-JAU8S.tmp to %PROGRAM_FILES%\IEMao\Search\shopping.beargoo.xml
- from %PROGRAM_FILES%\IEMao\Search\is-U82OO.tmp to %PROGRAM_FILES%\IEMao\Search\shop.zol.xml
- from %PROGRAM_FILES%\IEMao\Search\is-V2QUC.tmp to %PROGRAM_FILES%\IEMao\Search\shop.youdao.xml
- from %PROGRAM_FILES%\IEMao\Search\is-N41P9.tmp to %PROGRAM_FILES%\IEMao\Search\image.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-CD1F5.tmp to %PROGRAM_FILES%\IEMao\Search\faq.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-DB9V0.tmp to %PROGRAM_FILES%\IEMao\Search\dict.youdao.xml
- from %PROGRAM_FILES%\IEMao\Search\is-I01A4.tmp to %PROGRAM_FILES%\IEMao\Search\map.baidu.xml
- from %PROGRAM_FILES%\IEMao\Search\is-U1K9R.tmp to %PROGRAM_FILES%\IEMao\Search\shop.amazon.xml
- from %PROGRAM_FILES%\IEMao\Search\is-5N22M.tmp to %PROGRAM_FILES%\IEMao\Search\shop.360buy.xml
- from %PROGRAM_FILES%\IEMao\Search\is-IUSLG.tmp to %PROGRAM_FILES%\IEMao\Search\music.baidu.xml
- 'co###.iemao.com':80
- 'd.##mao.com':80
- 'localhost':1035
- 'co###.qqkuyou.cn':80
- d.##mao.com/update/iemaover.asp?fa##########
- co###.iemao.com/Count.ashx?ac#####################################################################################################################
- co###.qqkuyou.cn/gg.asp?ke######################################################################################
- DNS ASK je##.wazgr.com
- DNS ASK d.##mao.com
- DNS ASK co###.qqkuyou.cn
- DNS ASK co###.iemao.com
- 'je##.wazgr.com':25345
- ClassName: '' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''