Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\kangle] 'ImagePath' = '%ProgramFiles%\Bangteng\Kangle\bin\kangle.exe --ntsrv'
- [<HKLM>\SYSTEM\ControlSet001\Services\kangle] 'Start' = '00000002'
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-steady2.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-steady3.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-steady1.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-rise3.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-rise4.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\background_new.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\cart128.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\background_game.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-steady4.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\animation_default.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-drop4.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-lowest1.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-drop3.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-drop1.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-drop2.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-rise1.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-rise2.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-lowest4.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-lowest2.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\30\30-lowest3.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\cart16.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\include.preload.js
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\manifest.json
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\include.postload.js
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\popup.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\pop_background.png
- C:\llq\cj\AppData\Roaming\SogouExplorer\commcfg.xml
- C:\llq\cj\AppData\Roaming\SogouExplorer\Extension\com.aifenhui\1.0.0\default-big.png
- C:\llq\cj\AppData\Roaming\Mozilla\Firefox\Profiles\cert8.db
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\popup_new.html
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Preferences
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\goto_icon.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\message.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\category.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\cart32.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\cart48.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\option_icon.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\pleasewait.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\open_background.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\newimage.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\null.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-steady4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\icon-48.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\taoChong64x64.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\icon-32.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\icon-16.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\icon-19.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\options.html
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\popup.html
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\manifest.json
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\include.postload.js
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\include.preload.js
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-steady3.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-steady4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-steady2.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-rise4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-steady1.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\cart48.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\icon-128.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\cart32.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\cart128.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\cart16.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\popup_new.html
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-rise1.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-rise2.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-lowest4.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-lowest2.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-lowest3.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-steady2.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-steady3.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-steady1.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-rise3.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-rise4.png
- C:\llq\cj\AppData\Roaming\360se6\apps\data\users\login.ini
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Bookmarks
- C:\llq\cj\AppData\Roaming\360se6\apps\data\users\default\360sefav.db
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Preferences
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Secure Preferences
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-drop4.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-lowest1.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-drop3.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-drop1.png
- C:\llq\cj\AppData\Roaming\360se6\User Data\Default\Extensions\dobbgecnokkloebjbcnjpgcopegjabpa\43.2.1.1_0\images\16\16-drop2.png
- %WINDIR%\Installer\MSI6.tmp
- C:\Config.Msi\29cb6.rbs
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\29cb5.ipi
- %TEMP%\~DFF7C5.tmp
- %ProgramFiles%\Bangteng\Kangle\bin\autoupdate.exe
- %ProgramFiles%\Bangteng\Kangle\webadmin\kangle.css
- %ProgramFiles%\Bangteng\Kangle\bin\netisapi.dll
- %ProgramFiles%\Bangteng\Kangle\bin\pcre.dll
- %WINDIR%\assembly\tmp\0HLY99G7\netisapi.dll
- C:\sjcmm.php
- C:\y.txt
- C:\index1.html
- C:\hostpd.php
- C:\index.html
- %TEMP%\CFG3.tmp
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\certutil.log
- %WINDIR%\Installer\29cb3.msi
- %ProgramFiles%\Bangteng\Kangle\www\index.html
- %ProgramFiles%\Bangteng\Kangle\bin\extworker.exe
- %ProgramFiles%\Bangteng\Kangle\etc\lang.xml
- %ProgramFiles%\Bangteng\Kangle\bin\ssleay32.dll
- %ProgramFiles%\Bangteng\Kangle\COPYRIGHT.rtf
- %ProgramFiles%\Bangteng\Kangle\webadmin\core.whm
- %TEMP%\~DF9399.tmp
- %ProgramFiles%\Bangteng\Kangle\var\server.log
- %ProgramFiles%\Bangteng\Kangle\var\kangle.pid
- %ProgramFiles%\Bangteng\Kangle\etc\lang_zh.xml
- %WINDIR%\Installer\29cba.msi
- %ProgramFiles%\Bangteng\Kangle\bin\kangle.exe
- %ProgramFiles%\Bangteng\Kangle\bin\zlib1.dll
- %ProgramFiles%\Bangteng\Kangle\bin\sqlite3.dll
- %ProgramFiles%\Bangteng\Kangle\bin\libiconv2.dll
- %ProgramFiles%\Bangteng\Kangle\bin\kasp.dll
- %ProgramFiles%\Bangteng\Kangle\etc\lang_en.xml
- %ProgramFiles%\Bangteng\Kangle\.autoupdate.conf
- %ProgramFiles%\Bangteng\Kangle\bin\webdav.dll
- %ProgramFiles%\Bangteng\Kangle\bin\libeay32.dll
- %ProgramFiles%\Bangteng\Kangle\webadmin\logo.gif
- C:\cai7.php
- C:\llq\cj\Favorites\Links\网址大全.url
- C:\llq\cj\Favorites\一键观看.url
- C:\llq\cj\Favorites\Links\百 度.url
- C:\llq\cj\Favorites\Links\天 猫.url
- C:\llq\cj\Favorites\Links\爱淘宝.url
- C:\llq\cj\Favorites\百 度.url
- C:\llq\cj\Favorites\网址大全.url
- C:\llq\cj\Favorites\爱淘宝.url
- C:\llq\cj\Favorites\京东商城.url
- C:\llq\cj\Favorites\天 猫.url
- C:\llq\cj\AppData\Roaming\SogouExplorer\Extension\com.aifenhui\1.0.0\sgs.js
- C:\llq\cj\AppData\Roaming\SogouExplorer\Extension3.db
- C:\llq\cj\AppData\Roaming\SogouExplorer\Extension\com.aifenhui\1.0.0\sg.js
- C:\llq\cj\AppData\Roaming\SogouExplorer\Extension\com.aifenhui\1.0.0\default.ico
- C:\llq\cj\AppData\Roaming\SogouExplorer\Extension\com.aifenhui\1.0.0\manifest.xml
- C:\llq\cj\Favorites\Links\一键观看.url
- C:\llq\cj\Favorites\Links\京东商城.url
- C:\llq\cj\Favorites\Links\desktop.ini
- C:\llq\cj\AppData\Roaming\SogouExplorer\Extension4.db
- C:\llq\cj\AppData\Roaming\SogouExplorer\favorite3.dat
- C:\llq\cs.htm
- %ProgramFiles% (x86)\Bangteng\Kangle\www\index1.html
- C:\sm\MKD-S61.lnk
- %ProgramFiles% (x86)\Bangteng\Kangle\www\fzkl86.asp
- %ProgramFiles% (x86)\Bangteng\Kangle\ext\tpl_php52\php5ts.dll
- %ProgramFiles% (x86)\Bangteng\Kangle\www\fz.asp
- C:\Youdao\xgb.ico
- C:\cai.php
- C:\Youdao\pf\config.xml
- C:\sm\shuo4.html
- C:\sm\SMD-96.lnk
- %ProgramFiles%\Bangteng\Kangle\www\fz.asp
- %ProgramFiles%\Bangteng\Kangle\www\fzklxp.asp
- %ProgramFiles%\Bangteng\Kangle\etc\config.xml
- C:\llq\server.key
- C:\llq\serverok.crt
- %ProgramFiles% (x86)\Bangteng\Kangle\etc\config.xml
- %ProgramFiles% (x86)\Bangteng\Kangle\ext\tpl_php52\php5isapi.dll
- %ProgramFiles% (x86)\86klepd.php
- %ProgramFiles%\Bangteng\Kangle\www\index1.html
- %ProgramFiles%\klepd.php
- C:\kl\36.txt
- C:\kl\360js.txt
- C:\kj3\xxhos45.bat
- C:\hos\hosts
- C:\kj3\Shortcut.exe
- C:\kl\certutil12.exe
- C:\kl\certutilgl.lnk
- C:\kl\certutil.lnk
- C:\kl\3msistub2.exe
- C:\kl\c2j.bat
- C:\ho\pdssl.asp
- C:\ho\qq78.php
- C:\ho\pdhosts.php
- C:\ho\iexp.php
- C:\ho\llqcj.asp
- C:\ho\tuihst.php
- C:\hos\h357.php
- C:\ho\sgxp.php
- C:\ho\qqxp.php
- C:\ho\sg78.php
- C:\kl\cj.lnk
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\loading.gif
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\logo.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\icon48.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\icon16.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\icon19.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\zdm_icon.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\zhidemai.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\low_price_bottom.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\logo3.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\lowprice_top.png
- C:\kl\kl318kj.lnk
- C:\kl\klssl.exe
- C:\kl\kkll3180.msi
- C:\kl\cj2.lnk
- C:\kl\cj20.cmd
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\63_18.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\images\icon128.png
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Bookmarks
- C:\llq\ca12.cer
- C:\llq\certutil.lnk
- C:\ho\ie78.php
- C:\bfq34\zaixian\19.jpg
- C:\bfq34\zaixian\2.jpg
- C:\bfq34\zaixian\18.jpg
- C:\bfq34\zaixian\16.jpg
- C:\bfq34\zaixian\17.jpg
- C:\bfq34\zaixian\4.jpg
- C:\bfq34\zaixian\5.jpg
- C:\bfq34\zaixian\3.jpg
- C:\bfq34\zaixian\20.jpg
- C:\bfq34\zaixian\21.jpg
- C:\bfq34\zaixian\1.jpg
- C:\bfq34\zaixian\10.jpg
- C:\bfq34\x1a23play.html
- C:\bfq34\cs.htm
- C:\bfq34\index.html
- C:\bfq34\zaixian\14.jpg
- C:\bfq34\zaixian\15.jpg
- C:\bfq34\zaixian\13.jpg
- C:\bfq34\zaixian\11.jpg
- C:\bfq34\zaixian\12.jpg
- C:\bfq34\zaixian\6.jpg
- C:\ho\dakai.php
- C:\ho\dakainr.php
- C:\ho\cj.php
- C:\ho\360jsxp.php
- C:\ho\360xp.php
- C:\ho\gg78.php
- C:\ho\ggxp.php
- C:\ho\gai.php
- C:\ho\desktop.ini
- C:\ho\fz.asp
- C:\bfq34\zaixian\9.jpg
- C:\bfq34\zaixian\style.css
- C:\bfq34\zaixian\8.jpg
- C:\bfq34\zaixian\6538378527.gif
- C:\bfq34\zaixian\7.jpg
- C:\ho\36078.php
- C:\ho\360js78.php
- C:\ho\2345xp.php
- C:\bfq34\zaixian\tulogo.gif
- C:\ho\234578.php
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\bg.html
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-drop1.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Bookmarks
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Preferences
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-lowest1.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-lowest2.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-drop4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-drop2.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-drop3.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\more_pic.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\sprite.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\logo.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\icon-huihui.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\icon.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\manifest.json
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\popup.html
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\include.preload.js
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\tips_bg.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\include.postload.js
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-lowest3.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-lowest1.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-lowest2.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-drop4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-drop2.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-drop3.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-rise2.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-rise3.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-rise1.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-lowest3.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-lowest4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-rise3.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-rise4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-rise2.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-lowest4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-rise1.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-steady4.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\30\30-drop1.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-steady3.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-steady1.png
- C:\llq\cj\AppData\Local\Tencent\QQBrowser\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\0_0\images\16\16-steady2.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\icon-32.png
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\images\icon-32.png
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\include.postload.js
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\images\icon-19.png
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\images\icon-128.png
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\images\icon-16.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcajlbggkngndkclhoihkflldkaeeohm\4.2.3_0\include.postload.js
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Preferences
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\include.preload.js
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\manifest.json
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\js\main.js
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\manifest.json
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\js\lib\jquery-1.11.3.min.js
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\js\background.js
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Extensions\nfbikdkjfjcejddbdcpbafnclkfdhijd\851.24.22\js\lib\highcharts.js
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\images\discount.png
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\541.2.9.6_0\images\discount_hover.png
- C:\llq\cj\AppData\Local\360Chrome\Chrome\User Data\Default\Bookmarks
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\PreferencesV2
- C:\llq\cj\AppData\Local\2345Explorer\User Data\Default\Secure Preferences
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcajlbggkngndkclhoihkflldkaeeohm\4.2.3_0\include.preload.js
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\glyphicons-halflings-white.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\help.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\feedback_hover.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\discount_hover.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\feedback.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\icon-16.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\icon-19.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\icon-128.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\help_hover.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\huihuigwzs_sp.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\3.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\4.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\2.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcajlbggkngndkclhoihkflldkaeeohm\4.2.3_0\manifest.json
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\1.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\banner-item.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\discount.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\80-80.jpg
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\5.png
- C:\llq\cj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjkicjidmohhfcjjlahfppkdblibkkb\14.21.0_0\images\6.png
- C:\Config.Msi\29cb8.rbf
- C:\llq\cj\Favorites\Links\desktop.ini
- C:\ho\desktop.ini
- C:\Config.Msi\29cb9.rbf
- C:\Config.Msi\29cb8.rbf
- C:\Config.Msi\29cb6.rbs
- %WINDIR%\Installer\29cb5.ipi
- %WINDIR%\Installer\29cb3.msi
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI5.tmp
- C:\Config.Msi\29cb7.rbf
- %WINDIR%\Installer\MSI6.tmp
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.cat to C:\Config.Msi\29cb9.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375.cat to C:\Config.Msi\29cb7.rbf
- from %ProgramFiles%\Bangteng\Kangle\etc\config.xml to C:\Config.Msi\29cb8.rbf
- %ProgramFiles%\Bangteng\Kangle\etc\config.xml
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- '%ProgramFiles%\Bangteng\Kangle\bin\kangle.exe' --ntsrv
- '%ProgramFiles%\Bangteng\Kangle\bin\kangle.exe' "--shutdown" "12644" "--active" "12640" "--notice" "12636" "--worker_index" "0" "--ppid" "3260"
- 'C:\kl\certutil12.exe' -addstore -enterprise "root" C:\llq\ca12.cer
- '%ProgramFiles%\Bangteng\Kangle\bin\kangle.exe' --install
- '<SYSTEM32>\cmd.exe' /c ""C:\kl\cj20.cmd" "
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""C:\kl\cj20.cmd"" h",0)(window.close)
- '<SYSTEM32>\cacls.exe' <DRIVERS>\etc\hosts /p everyone:f
- '<SYSTEM32>\msiexec.exe' /i C:\kl\kkll3180.msi /qn
- '<SYSTEM32>\ping.exe' -n 2 localhost
- '<SYSTEM32>\msiexec.exe' -Embedding 91ADA4855E0024B2275C5624A5DBDC12
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\cmd.exe' /c ""C:\kl\cj20.cmd" h"
- '<SYSTEM32>\cmd.exe' /c ""C:\kj3\xxhos45.bat" "
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""C:\kj3\xxhos45.bat"" h",0)(window.close)
- '<SYSTEM32>\cmd.exe' /c ""C:\kl\c2j.bat" "
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""C:\kl\c2j.bat"" h",0)(window.close)
- '<SYSTEM32>\attrib.exe' "%ProgramFiles% (x86)\Bangteng\Kangle\etc\config.xml" -h +r
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' C:\bfq34\x1a23play.html
- '<SYSTEM32>\cmd.exe' /c ""C:\kl\c2j.bat" h"
- '<SYSTEM32>\cmd.exe' /c ""C:\kj3\xxhos45.bat" h"