Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = 'services.exe'
- [<HKLM>\SOFTWARE\Classes\XSEFile\Shell\Open\Command] '' = ''
- %TEMP%\is-GA4PD.tmp\7a.tmp /SL5="$100E4,65238,54272,%TEMP%\7a.exe"
- %TEMP%\is-BBD87.tmp\browser.tmp /SL5="$100E6,932318,67072,%TEMP%\browser.exe"
- %TEMP%\browser.exe
- %TEMP%\hmen.exe
- %TEMP%\7a.exe
- <SYSTEM32>\wscript.exe "%HOMEPATH%\Templates\Sec360.jse"
- <SYSTEM32>\rundll32.exe
- 360tray.exe
- %PROGRAM_FILES%\browser\Skin\Default\is-2NAJK.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-LDC60.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-CEIV0.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-VR8HN.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-PGM1N.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-E2KQ7.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-8MDM3.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-2J3IU.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-CP4HC.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-EGBOF.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-371E3.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-05KK5.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-AV2J9.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-SUKFB.tmp
- %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-QHJ8N.tmp
- %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-FCF3P.tmp
- %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-SUG32.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-MOFVS.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-N0GCR.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-RLS7M.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-5MU7N.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-1IC7R.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-4BUPV.tmp
- %PROGRAM_FILES%\browser\User\is-VAVQM.tmp
- %PROGRAM_FILES%\browser\User\is-R2F3L.tmp
- %PROGRAM_FILES%\browser\User\is-CH0OU.tmp
- %PROGRAM_FILES%\browser\User\is-G1L55.tmp
- %PROGRAM_FILES%\browser\User\is-PE598.tmp
- %PROGRAM_FILES%\browser\User\is-IC7HN.tmp
- %ALLUSERSPROFILE%\Desktop\°ІИ«дЇААЖч.lnk
- %PROGRAM_FILES%\browser\unins000.dat
- %ALLUSERSPROFILE%\Start Menu\Programs\browser\browser.lnk
- %PROGRAM_FILES%\browser\User\is-7C5U9.tmp
- %PROGRAM_FILES%\browser\User\is-15QS9.tmp
- %PROGRAM_FILES%\browser\User\is-QHD7G.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-R2F13.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-FGAV3.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-H2CP4.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-D31TB.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-TNLKJ.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-CNI4C.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-DQ19G.tmp
- %PROGRAM_FILES%\browser\User\is-8APNK.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-E9VL4.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-GS7B2.tmp
- %PROGRAM_FILES%\browser\Skin\Default\is-1AG9M.tmp
- %PROGRAM_FILES%\browser\Plugin\Translate\is-3I5IC.tmp
- %PROGRAM_FILES%\browser\is-0B732.tmp
- %PROGRAM_FILES%\browser\is-TKP7G.tmp
- %TEMP%\~351df.t
- %TEMP%\is-1TOU7.tmp\Sec360.jse
- %HOMEPATH%\Templates\Sec360.jse
- %PROGRAM_FILES%\browser\is-INN6U.tmp
- %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-2NMJF.tmp
- %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-PPDRV.tmp
- %PROGRAM_FILES%\browser\Language\is-M4KQ7.tmp
- %PROGRAM_FILES%\browser\is-9N5ID.tmp
- %PROGRAM_FILES%\browser\is-AUFJ0.tmp
- %PROGRAM_FILES%\NetMeeting\tt.ico
- %TEMP%\~34470.t
- %TEMP%\is-GA4PD.tmp\7a.tmp
- %TEMP%\7a.exe
- %TEMP%\hmen.exe
- %TEMP%\browser.exe
- %TEMP%\is-BBD87.tmp\browser.tmp
- %TEMP%\is-B9DGK.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-1TOU7.tmp\tt.ico
- %TEMP%\is-B9DGK.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-1TOU7.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-1TOU7.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\browser\Plugin\TipPassword\is-H97UR.tmp
- %PROGRAM_FILES%\browser\Plugin\TipPassword\is-ICC44.tmp
- %PROGRAM_FILES%\browser\Plugin\TipPassword\is-EELO1.tmp
- %PROGRAM_FILES%\browser\Plugin\SnapShot\is-P4FAH.tmp
- %PROGRAM_FILES%\browser\Plugin\SnapShot\is-T1GRT.tmp
- %PROGRAM_FILES%\browser\Plugin\Tools\is-MUMEQ.tmp
- %PROGRAM_FILES%\browser\Plugin\Translate\is-P9T2K.tmp
- %PROGRAM_FILES%\browser\Plugin\Translate\is-HSN7H.tmp
- %PROGRAM_FILES%\browser\Plugin\Tools\is-DD8K9.tmp
- %PROGRAM_FILES%\browser\Plugin\Tools\is-IVTLI.tmp
- %PROGRAM_FILES%\browser\Plugin\Tools\is-HRBDF.tmp
- %PROGRAM_FILES%\browser\Plugin\SnapShot\is-8PH4N.tmp
- %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-7HNR1.tmp
- %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-SUSS4.tmp
- %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-EN1QL.tmp
- %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-20HPP.tmp
- %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-ANRF1.tmp
- %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-GEGTP.tmp
- %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-0KO25.tmp
- %PROGRAM_FILES%\browser\Plugin\SnapShot\is-LL287.tmp
- %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-75CIP.tmp
- %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-N63JB.tmp
- %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-30H1C.tmp
- %TEMP%\~34470.t
- %TEMP%\~351df.t
- %TEMP%\is-B9DGK.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-BBD87.tmp\browser.tmp
- %TEMP%\is-B9DGK.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-GA4PD.tmp\7a.tmp
- %TEMP%\is-1TOU7.tmp\tt.ico
- %TEMP%\is-1TOU7.tmp\Sec360.jse
- %TEMP%\is-1TOU7.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\browser\JJBrowser.exe
- %TEMP%\is-1TOU7.tmp\_isetup\_shfoldr.dll
- from %PROGRAM_FILES%\browser\Skin\Default\is-E2KQ7.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainTool16.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-EGBOF.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainTool24.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-2NAJK.tmp to %PROGRAM_FILES%\browser\Skin\Default\left.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-LDC60.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainMenu.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-371E3.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainToolGray16.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-2J3IU.tmp to %PROGRAM_FILES%\browser\Skin\Default\SearchBar.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-D31TB.tmp to %PROGRAM_FILES%\browser\Skin\Default\Skin.ini
- from %PROGRAM_FILES%\browser\Skin\Default\is-CP4HC.tmp to %PROGRAM_FILES%\browser\Skin\Default\MainToolGray24.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-8MDM3.tmp to %PROGRAM_FILES%\browser\Skin\Default\right.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-5MU7N.tmp to %PROGRAM_FILES%\browser\Skin\Default\biaoti.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-N0GCR.tmp to %PROGRAM_FILES%\browser\Skin\Default\Border.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-1IC7R.tmp to %PROGRAM_FILES%\browser\Skin\Default\BackGround.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-4BUPV.tmp to %PROGRAM_FILES%\browser\Skin\Default\biaoqian.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-RLS7M.tmp to %PROGRAM_FILES%\browser\Skin\Default\ce.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-PGM1N.tmp to %PROGRAM_FILES%\browser\Skin\Default\Go.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-CEIV0.tmp to %PROGRAM_FILES%\browser\Skin\Default\gongju.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-05KK5.tmp to %PROGRAM_FILES%\browser\Skin\Default\dibian.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-VR8HN.tmp to %PROGRAM_FILES%\browser\Skin\Default\FavBar.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-TNLKJ.tmp to %PROGRAM_FILES%\browser\Skin\Default\StatusTool.bmp
- from %PROGRAM_FILES%\browser\User\is-PE598.tmp to %PROGRAM_FILES%\browser\User\DownManager.ini
- from %PROGRAM_FILES%\browser\User\is-CH0OU.tmp to %PROGRAM_FILES%\browser\User\Filter.ini
- from %PROGRAM_FILES%\browser\User\is-QHD7G.tmp to %PROGRAM_FILES%\browser\User\baidu.ico
- from %PROGRAM_FILES%\browser\User\is-G1L55.tmp to %PROGRAM_FILES%\browser\User\CollectorOutput.txt
- from %PROGRAM_FILES%\browser\User\is-VAVQM.tmp to %PROGRAM_FILES%\browser\User\JJBrowser.ini
- from %PROGRAM_FILES%\browser\User\is-7C5U9.tmp to %PROGRAM_FILES%\browser\User\SearchEngine.ini
- from %PROGRAM_FILES%\browser\User\is-15QS9.tmp to %PROGRAM_FILES%\browser\User\taobao.ico
- from %PROGRAM_FILES%\browser\User\is-R2F3L.tmp to %PROGRAM_FILES%\browser\User\LastClose.ini
- from %PROGRAM_FILES%\browser\User\is-IC7HN.tmp to %PROGRAM_FILES%\browser\User\LastVisit.ini
- from %PROGRAM_FILES%\browser\Skin\Default\is-FGAV3.tmp to %PROGRAM_FILES%\browser\Skin\Default\TabNew.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-CNI4C.tmp to %PROGRAM_FILES%\browser\Skin\Default\TabNewActive.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-H2CP4.tmp to %PROGRAM_FILES%\browser\Skin\Default\SysBtn.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-R2F13.tmp to %PROGRAM_FILES%\browser\Skin\Default\TabActive.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-GS7B2.tmp to %PROGRAM_FILES%\browser\Skin\Default\TabNormal.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-DQ19G.tmp to %PROGRAM_FILES%\browser\Skin\Default\zhuangtai.bmp
- from %PROGRAM_FILES%\browser\User\is-8APNK.tmp to %PROGRAM_FILES%\browser\User\ad.html
- from %PROGRAM_FILES%\browser\Skin\Default\is-1AG9M.tmp to %PROGRAM_FILES%\browser\Skin\Default\TaskBar.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-E9VL4.tmp to %PROGRAM_FILES%\browser\Skin\Default\top.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-MOFVS.tmp to %PROGRAM_FILES%\browser\Skin\Default\AddressRight.bmp
- from %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-7HNR1.tmp to %PROGRAM_FILES%\browser\Plugin\MouseUnlock\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-SUSS4.tmp to %PROGRAM_FILES%\browser\Plugin\PageZoomMore\icon.ico
- from %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-ANRF1.tmp to %PROGRAM_FILES%\browser\Plugin\MouseUnlock\MouseUnlock.htm
- from %PROGRAM_FILES%\browser\Plugin\MouseUnlock\is-EN1QL.tmp to %PROGRAM_FILES%\browser\Plugin\MouseUnlock\MouseUnlock.ico
- from %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-GEGTP.tmp to %PROGRAM_FILES%\browser\Plugin\PageZoomMore\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-75CIP.tmp to %PROGRAM_FILES%\browser\Plugin\ShowPassword\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-0KO25.tmp to %PROGRAM_FILES%\browser\Plugin\ShowPassword\script.htm
- from %PROGRAM_FILES%\browser\Plugin\PageZoomMore\is-N63JB.tmp to %PROGRAM_FILES%\browser\Plugin\PageZoomMore\script.htm
- from %PROGRAM_FILES%\browser\Plugin\ShowPassword\is-30H1C.tmp to %PROGRAM_FILES%\browser\Plugin\ShowPassword\password.ico
- from %PROGRAM_FILES%\browser\is-INN6U.tmp to %PROGRAM_FILES%\browser\JJBrowser.exe
- from %PROGRAM_FILES%\browser\is-9N5ID.tmp to %PROGRAM_FILES%\browser\update.info
- from %PROGRAM_FILES%\browser\is-0B732.tmp to %PROGRAM_FILES%\browser\unins000.exe
- from %PROGRAM_FILES%\browser\is-TKP7G.tmp to %PROGRAM_FILES%\browser\JJBrowser.exe
- from %PROGRAM_FILES%\browser\is-AUFJ0.tmp to %PROGRAM_FILES%\browser\Updater.ini
- from %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-PPDRV.tmp to %PROGRAM_FILES%\browser\Plugin\LiquidLayout\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-20HPP.tmp to %PROGRAM_FILES%\browser\Plugin\LiquidLayout\script.htm
- from %PROGRAM_FILES%\browser\Language\is-M4KQ7.tmp to %PROGRAM_FILES%\browser\Language\ChineseGB.ini
- from %PROGRAM_FILES%\browser\Plugin\LiquidLayout\is-2NMJF.tmp to %PROGRAM_FILES%\browser\Plugin\LiquidLayout\icon.ico
- from %PROGRAM_FILES%\browser\Plugin\SnapShot\is-LL287.tmp to %PROGRAM_FILES%\browser\Plugin\SnapShot\CameraDll.dll
- from %PROGRAM_FILES%\browser\Plugin\Translate\is-HSN7H.tmp to %PROGRAM_FILES%\browser\Plugin\Translate\translate.htm
- from %PROGRAM_FILES%\browser\Plugin\Translate\is-3I5IC.tmp to %PROGRAM_FILES%\browser\Plugin\Translate\translate.ico
- from %PROGRAM_FILES%\browser\Plugin\Tools\is-DD8K9.tmp to %PROGRAM_FILES%\browser\Plugin\Tools\QuickTools.ini
- from %PROGRAM_FILES%\browser\Plugin\Translate\is-P9T2K.tmp to %PROGRAM_FILES%\browser\Plugin\Translate\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-FCF3P.tmp to %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\MouseUnlock.htm
- from %PROGRAM_FILES%\browser\Skin\Default\is-AV2J9.tmp to %PROGRAM_FILES%\browser\Skin\Default\AddressLeft.bmp
- from %PROGRAM_FILES%\browser\Skin\Default\is-SUKFB.tmp to %PROGRAM_FILES%\browser\Skin\Default\AddressMid.bmp
- from %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-SUG32.tmp to %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\MouseUnlock.ico
- from %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\is-QHJ8N.tmp to %PROGRAM_FILES%\browser\Plugin\ТіГжКу±кЅвЛш\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\SnapShot\is-T1GRT.tmp to %PROGRAM_FILES%\browser\Plugin\SnapShot\SnapShot.exe
- from %PROGRAM_FILES%\browser\Plugin\TipPassword\is-EELO1.tmp to %PROGRAM_FILES%\browser\Plugin\TipPassword\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\SnapShot\is-8PH4N.tmp to %PROGRAM_FILES%\browser\Plugin\SnapShot\plugin.ini
- from %PROGRAM_FILES%\browser\Plugin\SnapShot\is-P4FAH.tmp to %PROGRAM_FILES%\browser\Plugin\SnapShot\setting.ini
- from %PROGRAM_FILES%\browser\Plugin\TipPassword\is-H97UR.tmp to %PROGRAM_FILES%\browser\Plugin\TipPassword\script.htm
- from %PROGRAM_FILES%\browser\Plugin\Tools\is-IVTLI.tmp to %PROGRAM_FILES%\browser\Plugin\Tools\QuickProcess.exe
- from %PROGRAM_FILES%\browser\Plugin\Tools\is-HRBDF.tmp to %PROGRAM_FILES%\browser\Plugin\Tools\QuickTools.exe
- from %PROGRAM_FILES%\browser\Plugin\TipPassword\is-ICC44.tmp to %PROGRAM_FILES%\browser\Plugin\TipPassword\TipPassword.ico
- from %PROGRAM_FILES%\browser\Plugin\Tools\is-MUMEQ.tmp to %PROGRAM_FILES%\browser\Plugin\Tools\QuickMute.exe
- ClassName: 'SysPager' WindowName: ''
- ClassName: 'ToolbarWindow32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''