Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
Analysis ID:	1367834
MD5:	aae3eedbdc1b1a99f7c2844f85352692
SHA1:	8025c689f73816e6c275e38002649d91244d6db2
SHA256:	2c1d65f58f07ad391492f0c0b1c335321f7b0d6e9f41218e04404e7b58692ddb
Tags:	exe
Infos:

Detection

Score:	51
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	17
Range:	0 - 100

Signatures

Yara detected AntiVM3

Contains functionality to infect the boot sector

Creates an undocumented autostart registry key

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

DLL planting / hijacking vulnerabilities found

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

EXE planting / hijacking vulnerabilities found

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file contains strange resources

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Registers a DLL

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe (PID: 6116 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe MD5: AAE3EEDBDC1B1A99F7C2844F85352692)

regsvr32.exe (PID: 180 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 3672 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 2660 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

360TopbarASS.exe (PID: 2884 cmdline: "C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe" MD5: DEC58427DAFCCF050DA9AC893E28407C)

regsvr32.exe (PID: 1004 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 6496 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 2972 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 5260 cmdline: /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

GBInst.exe (PID: 1896 cmdline: "C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe" /S MD5: 32DC2FA6DB8B8809B12A8CAD215C69FD)

360wpappInstaller_zhuomian.exe (PID: 6724 cmdline: "C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe" /S /Pzhuomian MD5: 02C91D3BE856789E1711C37649F382CC)

flashApp.exe (PID: 4584 cmdline: "C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe" onlyimport MD5: 28580334E670277D005E38D4C9E65CFD)

360DesktopSwitch64.exe (PID: 3688 cmdline: "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe" /unloaddtswitcher MD5: 476B86E7D05550919702E25541927DA5)

regsvr32.exe (PID: 5348 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 5420 cmdline: /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 4840 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 3148 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

360TopBar.exe (PID: 4940 cmdline: "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun MD5: B70E8845A3DFB674910975E6D0C061EC)

360wpsrv.exe (PID: 4656 cmdline: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe StartByDesktop StartFrom=4 MD5: B8B17E96DFCB39621A7D886528D1FACC)

360wpapp.exe (PID: 5392 cmdline: "C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe" -ReportWallPaper MD5: F9093B9504ABF8EE62BAF4B74D665841)

360wpapp.exe (PID: 1992 cmdline: "C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe" -ReportWallPaper MD5: F9093B9504ABF8EE62BAF4B74D665841)

explorer.exe (PID: 4084 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

WerFault.exe (PID: 3608 cmdline: C:\Windows\system32\WerFault.exe -u -p 4084 -s 10344 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

explorer.exe (PID: 3748 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

WerFault.exe (PID: 6844 cmdline: C:\Windows\system32\WerFault.exe -u -p 3748 -s 5128 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

explorer.exe (PID: 4632 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360seNotify.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe PID: 6116	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F23230 CreateFileW,LocalAlloc,LocalAlloc,LocalFree,CryptCATAdminCalcHashFromFileHandle,GetLastError,LocalFree,LocalAlloc,CloseHandle,	17_2_02F23230
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F23210 CryptCATAdminReleaseContext,	17_2_02F23210
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F237D0 CryptCATAdminAcquireContext,CryptCATAdminEnumCatalogFromHash,CryptCATAdminReleaseCatalogContext,LocalFree,	17_2_02F237D0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F23560 lstrlenA,MultiByteToWideChar,WinVerifyTrust,WTHelperProvDataFromStateData,WTHelperGetProvSignerFromChain,WTHelperGetProvCertFromChain,CertGetNameStringA,WinVerifyTrust,lstrlenA,MultiByteToWideChar,CryptCATAdminEnumCatalogFromHash,CryptCATAdminReleaseCatalogContext,LocalFree,	17_2_02F23560
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8BE990 CryptBinaryToStringA,	19_2_6C8BE990
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8CA440 CryptDestroyKey,	19_2_6C8CA440
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8CA460 CryptDestroyHash,	19_2_6C8CA460
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8BE6C0 CryptBinaryToStringA,_memmove_s,_memcpy_s,	19_2_6C8BE6C0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C90A7A4 _LocaleUpdate::_LocaleUpdate,_strlen,CryptBinaryToStringA,_strlen,	19_2_6C90A7A4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8CE090 CryptGetHashParam,	19_2_6C8CE090
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8CA030 CryptReleaseContext,	19_2_6C8CA030
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8CA120 CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,_memset,lstrcpynA,CryptImportKey,CryptCreateHash,CryptSetHashParam,CryptHashData,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	19_2_6C8CA120
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8CA320 CryptGetHashParam,CryptGetHashParam,CryptGetHashParam,	19_2_6C8CA320
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C923420 CertOpenStore,CryptMsgOpenToDecode,CryptMsgUpdate,CertCloseStore,CryptMsgClose,	19_2_6C923420
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8E3560 CryptUnprotectData,	19_2_6C8E3560
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8E32A0 CryptProtectData,LocalFree,	19_2_6C8E32A0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8BB380 CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,	19_2_6C8BB380
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C9413E0 CryptDestroyKey,	19_2_6C9413E0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8E3360 CryptUnprotectData,	19_2_6C8E3360

Privilege Escalation

DLL planting / hijacking vulnerabilities found

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	DLL: C:\Users\user\AppData\Roaming\360bizhi\NotifyDown.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: LINKINFO.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: MSIMG32.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeature360Control.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: SSPICLI.DLL
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: profapi.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: MSASN1.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\safelive.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\360NetUL.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: srvcli.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: VERSION.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: dbgcore.DLL
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\360Login.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\AppcenterDataGb.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: NETAPI32.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: Cabinet.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\GameBoxCore.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeatureKernel.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\PDown.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360verify.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	DLL: C:\Users\user\AppData\Roaming\360bizhi\360verify.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: DEVRTL.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: netutils.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360P2SP.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: IPHLPAPI.DLL
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: edputil.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: iertutil.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\img_reader.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\7z.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: urlmon.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\GameBox.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\LiveUpd360.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\somcoredt.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360net.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: WindowsCodecs.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: dbghelp.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\somkernldt.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\NotifyDown.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: Wldp.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: TextShaping.dll	Jump to behavior

EXE planting / hijacking vulnerabilities found

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\DTCrashReport.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Uninstall.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	EXE: regsvr32.exe	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\oauthlogin.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\SetupUtilDT.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\360GameBox.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpup.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\Uninstall.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\360GbApp.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\DTCrashReport.exe

Compliance

DLL planting / hijacking vulnerabilities found

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	DLL: C:\Users\user\AppData\Roaming\360bizhi\NotifyDown.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: LINKINFO.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: MSIMG32.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeature360Control.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: SSPICLI.DLL
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: profapi.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: MSASN1.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\safelive.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\360NetUL.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: srvcli.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: VERSION.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: dbgcore.DLL
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\360Login.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\AppcenterDataGb.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: NETAPI32.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: Cabinet.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\GameBoxCore.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeatureKernel.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\PDown.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360verify.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	DLL: C:\Users\user\AppData\Roaming\360bizhi\360verify.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: DEVRTL.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: netutils.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360P2SP.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: IPHLPAPI.DLL
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: edputil.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: iertutil.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\img_reader.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\7z.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: urlmon.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\GameBox.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\LiveUpd360.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\somcoredt.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360net.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: WindowsCodecs.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	DLL: dbghelp.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\somkernldt.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\NotifyDown.dll
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	DLL: Wldp.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: TextShaping.dll	Jump to behavior

EXE planting / hijacking vulnerabilities found

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\DTCrashReport.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Uninstall.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	EXE: regsvr32.exe	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\oauthlogin.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\SetupUtilDT.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\360GameBox.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpup.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\Uninstall.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\360GbApp.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\DTCrashReport.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: D:\360se3\trunk\extension\AppBase\wxsqlite3.7.2\bin\sqlite3.pdbNB10k source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb`` source: GBInst.exe, 00000010.00000002.2190406494.000000000040B000.00000004.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\360se3\trunk\extension\AppBase\wxsqlite3.7.2\bin\sqlite3.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\UiFeatureControlSrc\UiFeature\Src\Pdb\UiFeature360Control.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007750000.00000004.00001000.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2155392643.000000000358C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\shell360dt64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2311300071.00007FFBC1A7B000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\build\360browser\src\DreamWork\TheWorld\TheWorld\TheWorld___Win32_Release_Unicode\360mwapp.pdbNB10K source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtwebframe.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\Bin\360DeskTop\Release\BizPluginCake.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb8pJ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\shell360ext.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360NetUL\bin\360NetUL.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D47D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360DesktopUi.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_2.6.0.1080_20130226\bin\360DeskTop\Release\360DesktopAssistant.pdbt source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DTNotify.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBox.pdb5 source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\SML_Shutdown_for_DT\Output\Bin\Release\RegularShutdown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360MsgPushCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopSwitch64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\7z_%209.20.0.1020_20120420_A\bin\Release\7z.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1623928497.00000000013F8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\7z_%209.20.0.1020_20120420_A\bin\Release\7z.pdbx source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1623928497.00000000013F8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Work\360se\extension2010\ExtNetIncrement\Output\ExtNetIncrement.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360DTSwitchBar.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000002.2316212434.000000006C76F000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\desktoptool.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb\ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360ZMUDetail.pdb0` source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SetupUtilDT.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2158601528.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\DownDll\Release\LiveUpd360.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DC48000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2136893687.000000000052B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\bin\360DeskTop\Release\AppcenterDataGb.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopSwitch.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360Wapp.pdbXp\ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlproc_1.2.8\CheckedBuildWithPDB\urlproc.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtwebbrowser.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Net_2\Release\360net.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D47D000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119766154.0000000000530000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopMenu.pdbh source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se\360se3\trunk\extension_store\Down360seNotify\Release\NotifyDown.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360DeskTop\src\Release\360TopBar.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000000.2171585841.0000000000579000.00000002.00000001.01000000.0000001A.sdmp, 360TopBar.exe, 00000015.00000002.2278081397.0000000000579000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBoxCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\release\360wallpaper\version\360wpup.pdb source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtswitcher64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb``z source: GBInst.exe, 00000010.00000002.2193061223.00000000037A2000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360Wapp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\dtappcore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtswitcher.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA44000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\CloudTaskCenter_naive.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpapp.pdb source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360AppCenter.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B2EE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\BoxUI.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_1.4.0.1085_20110902\bin\360DeskTop\Release\RegSMWebProxy.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\release\360wallpaper\version\360wpup.pdbL source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360DeskTop\src\Release\UiPluginCake.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E225000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007787000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\build\onlineinstaller\Release\360Inst.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\AppUpdate.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360Apns.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360weibo.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpsrv.pdbxQJ source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\360Down\Release\LiveUpdate360.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_2.6.0.1080_20130226\bin\360DeskTop\Release\360DesktopAssistant.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360Ver.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2137479601.000000000326A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2269351092.0000000003A44000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D58F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360ZMUDetail.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\SML_Shutdown_for_DT\Output\Bin\Release\RegularShutdown.pdbP source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\DTCrashReport.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2147481812.0000000003583000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\somcore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlprocnet_1.2.4\CheckedBuildWithPDB\urlprocnet.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2054843186.0000000004250000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtfilm.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SomSoftMgrdt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\somQuickInstdt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpsrv.pdb source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360Desktop.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\svn\360desktop\branches\2.0.0.1120_201207016_B\Output\Bin\Release\SoftMgrLiteBase.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SMWebProxydt.pdbp source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DTFence.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\Release\360wallpaper\version\DTCrashReport.pdb source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb`` source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\onlineinstaller\Release\360Inst.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360Desktop_20120814_2.3Release_appcore\bin\360DeskTop\Release\360AppCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\flashApp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CAEA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2105505074.0000000003269000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000000.2133758601.0000000000CC4000.00000002.00000001.01000000.00000014.sdmp, flashApp.exe, 00000013.00000002.2139496463.0000000000CC4000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: E:\build\360browser\src\DreamWork\TheWorld\TheWorld\TheWorld___Win32_Release_Unicode\360mwapp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\code_svn\360SoftMgr\branches\GameMaster_1125_for_360dt\Output\Bin\Release\AppCenterCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se\360se3\trunk\extension_store\Down360seNotify\Release\NotifyDown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360FeedBack\Release\360FeedBack.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360Login\Release\oauthlogin.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\bin\360DeskTop\Release\360GbApp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\DTQuickInstProxy.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpapp.pdbH source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopMenu.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\PDown\Release\PDown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2137640564.000000000052B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb8p source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: E:\repos\urlproc_1.2.8\CheckedBuildWithPDB\urlproc.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\Safelive\ReleaseUMinDependency\Safelive.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DDF4000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2139079044.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\bin\Release\MiniUI.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628181945.0000000004088000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628668213.00000000046A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1629220837.0000000001459000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2223371539.000000000B059000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\DTShutdown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA44000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SMWebProxydt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\somkernldt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360DesktopSetup\360TopbarASS\Release\360TopbarASS.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 0000000A.00000002.2081373618.0000000000B88000.00000002.00000001.01000000.0000000A.sdmp, 360TopbarASS.exe, 0000000A.00000000.2072888648.0000000000B88000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\UpdateTool.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb source: GBInst.exe, 00000010.00000002.2193061223.00000000037A2000.00000002.00000001.01000000.0000001C.sdmp, GBInst.exe, 00000010.00000002.2190406494.000000000040B000.00000004.00000001.01000000.0000000E.sdmp
Source:	Binary string: e:\360DeskTop_2.2.0.1070_20120618\bin\360DeskTop\Release\MsgBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DCD0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlprocnet_1.2.4\CheckedBuildWithPDB\urlprocnet.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2054843186.0000000004250000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\AppcenterData.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\360GameBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\MusicIEFrame.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\02.WINDOWS\01.MyWork\01.UiFeature\01.SvnKing\trunk\KernelVersionCompany\Bin\Release\UiFeatureKernel.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E225000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007787000.00000004.00001000.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2156205576.0000000003581000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	16_2_00405368
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_00405D3A FindFirstFileA,FindClose,	16_2_00405D3A
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_00402630 FindFirstFileA,	16_2_00402630
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	17_2_00405368
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_00405D3A FindFirstFileA,FindClose,	17_2_00405D3A
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_00402630 FindFirstFileA,	17_2_00402630
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C89EF80 _memset,_memset,PathAddBackslashW,FindFirstFileW,_memset,PathAddBackslashW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,	19_2_6C89EF80

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

Code function: 21_2_6C74BF00 PathFindFileNameW,OpenProcess,_memset,GetModuleFileNameExW,K32GetModuleFileNameExW,GetProcessImageFileNameW,_memset,GetLogicalDriveStringsW,QueryDosDeviceW,_memset,_memset,_wcschr,GetLongPathNameW,_wcsncpy,FindCloseChangeNotification,

21_2_6C74BF00

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 171.8.167.89 171.8.167.89

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=10047 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=2179 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=28509 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=6291 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=28540 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16080 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=24600&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=43609&r2=8823 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=9946 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa&w=6.2&t=6658734&active=1 HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: res.qhupdate.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/guajian.html HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: static.apc.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /index.php?c=WallPaper&a=getAppsByDigest&start=0&count=100 HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: wallpaper.apc.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bdm/1280_1024_85/t01755cc43f58bff4ee.jpg HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: p1.qhimg.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=10437 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bdm/1280_1024_85/t01cedee08e9b9d07f7.jpg HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: p8.qhimg.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa&w=6.2&t=6671437&active=0 HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: res.qhupdate.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=1547 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32263 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=22406 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32713&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=122367&r2=3671 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=5251 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18212 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=6873 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=29683 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=24722 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 10_2_00B68060 InternetReadFile,

10_2_00B68060

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Dec 2023 23:21:05 GMTContent-Type: text/htmlContent-Length: 21Connection: keep-aliveExpires: Thu, 28 Dec 2023 14:12:01 GMTServer: ApacheLast-Modified: Tue, 19 May 2020 09:34:07 GMTETag: "1-5a5fcfb2905a3"Accept-Ranges: bytesCache-Control: max-age=600Content-Encoding: gzipAge: 33544X-Cache: HIT from cache.51cdn.comX-Via: 1.1 PSrbJP1ty77:3 (Cdn Cache Server V2.0), 1.1 PS-DFW-04Eay52:9 (Cdn Cache Server V2.0)X-Ws-Request-Id: 658e02e1_PS-DFW-04xVs53_13627-23937Data Raw: 1f 8b 08 00 00 00 00 00 00 03 33 04 00 b7 ef dc 83 01 00 00 00 Data Ascii: 3

Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=10047 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=2179 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=28509 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=6291 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=28540 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=1&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16080 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=24600&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=43609&r2=8823 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=9946 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa&w=6.2&t=6658734&active=1 HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: res.qhupdate.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cms/guajian.html HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: static.apc.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /index.php?c=WallPaper&a=getAppsByDigest&start=0&count=100 HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: wallpaper.apc.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bdm/1280_1024_85/t01755cc43f58bff4ee.jpg HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: p1.qhimg.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=10437 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bdm/1280_1024_85/t01cedee08e9b9d07f7.jpg HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: p8.qhimg.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa&w=6.2&t=6671437&active=0 HTTP/1.1Accept: /Accept-Language: zh-CNAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: res.qhupdate.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=1547 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32263 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=22406 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32713&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=122367&r2=3671 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=5251 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18212 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=6873 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=29683 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=24722 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: s.360.cn

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ftp://https://.org.net.com.net.cn.com.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%s.trt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%u%u.html
Source: flashApp.exe	String found in binary or memory: http://%s/api.php?
Source: flashApp.exe	String found in binary or memory: http://%s/checkpwc.php
Source: flashApp.exe	String found in binary or memory: http://%s/intf.php
Source: flashApp.exe	String found in binary or memory: http://%s/intf.php?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s?https://%s?&from=parad=login.360.cnhttp://%s/intf.php?https://%s/intf.php?method=UserIntf.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1/%s;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1/%sfilename=resourcesfilesmetalink:/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://agd.p.360.cnSOFTWARE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.go108.cn/360zm/json/astro_everyday/day/Horoscope:%dlovecareer
Source: flashApp.exe	String found in binary or memory: http://api.qcloud.360.cn/intf.php
Source: flashApp.exe	String found in binary or memory: http://api.renren.com/restserver.do
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://api.renren.com/restserver.do%utinyurlWWW-Authenticate
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.renren.com/restserver.doSV
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.renren.com/restserver.doSVW
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.renren.com/restserver.doU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/account/verify_credentials.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/account/verify_credentials.json?U
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/oauth/access_token
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/oauth/access_token?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/statuses/update.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/statuses/upload.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/%s/%s/members.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/%s/lists/%s/statuses.xmlper_pagehttp://api.t.sina.com.cn/statuses/user_time
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/account/verify_credentials.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/account/verify_credentials.xml?source=U
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/favorites.xmlhttps://api.weibo.com/2/favorites.jsonfavorites
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/friendships/create.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/friendships/create/%s.json?source=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/friendships/show.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/oauth/access_token
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/oauth/access_tokenhttp://api.t.sina.com.cn/users/show/%s.json?source=%shttp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/shortUrl.xmlurl_shorttypeurl_longhttp://api.t.sina.com.cn/friendships/creat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/counts.xmlhttps://api.weibo.com/2/statuses/count.jsoncountrtrepost
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/followers.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/friends.xmlhttps://api.weibo.com/2/friendships/friends.jsonnext_cu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/friends_timeline.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/mentions.xmlhttps://api.weibo.com/2/statuses/mentions.jsonhttps://
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/repost.xmlhttps://api.weibo.com/2/statuses/repost.jsonid=&status=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/update.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/update.xmlU
Source: flashApp.exe	String found in binary or memory: http://api.t.sina.com.cn/statuses/upload.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/upload.xmlU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/upload.xmlhttp://api.t.sina.com.cn/statuses/update.xmlhttps://api.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/upload.xmlstatus&oauth_signatureOAuth
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/users/show.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/users/show.xmlhttps://api.weibo.com/2/users/show.jsoncmttypemention_status2
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/users/show/%s.json?source=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auto.search.msn.comGIF89a
Source: 360TopBar.exe	String found in binary or memory: http://bbs.360.cn/5473920.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.360.cn/5473920.htmlCPictureGridPicker::ScrollTo:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.360safe.com/forum-883-1.htmlhttp://weibo.com/360gamebox%s?action=mgbosskey&state=%d&from=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B8F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.360safe.com/forum.php?mod=forumdisplay&fid=118&tj=pczhuomian360FeedBack.xmlSoftware
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.ioage.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.ioage.com/cn/forum-33-1.html
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bdmbdr//dr/%d_%d_%d.jpg%d_%d_%d_%dmuti_desc%d_%dspecial_%d_%d/bdm/%d_%d_%dclass_idurl_thumb31
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bizhi.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CAEA000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000000.2133758601.0000000000CC4000.00000002.00000001.01000000.00000014.sdmp, flashApp.exe, 00000013.00000002.2139496463.0000000000CC4000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://bizhi.360.cn/
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bizhi.360.cn/#360
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bizhi.360.cn/uploadwallpaper.html360
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C177000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bsalsa.com/
Source: explorer.exe, 00000018.00000000.2202592501.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.0000000009255000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B8F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://care.help.360.cn/care/uploadverifytagsys
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdata.browser.360.cn/api.php?a=switch&m=set&stamp=%s&sign=%s&qt=%s&app=%s&status=%sExt-Data;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=Ad&a=show&appid=%lu&m=%s&modulever=%s&appver=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=AppRelate&a=showList&appid=%lu&mid=%s&modulever=%s&appver=%s&bd=%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getAppStatus&dtver=%s&mid=%sversion%lu%%3A%s%%2Capps=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getInfoByAppid&appid=%s&display_column=utag
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getListByTag&cid=%lu&page=%lu&sort=%s&tag=%s&ver=v2htt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getPresetUpdateApps%shttp://cdn.apc.360.cn/index.php?c
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getRecommendApps2&appid=%d&mid=%s&dtver=%s&mode=%dhttp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientClass&a=getList&ver=v2http://cdn.apc.360.cn/index.php?c=Clie
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=detailV2&appid=%dGameDownloadResultLaunchGame
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=detailV2&appid=%dopenMobileMgrisMobileMgrExistis360SafeE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=detailV2&appid=%dyingyongdianjihttp://stat.apc.360safe.c
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=getEvent&qid=%s&event=%s84D988A6-79F3-3360-01CN-BE29SDES
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=getTimeTamptimefix/w
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBoxClient&a=championNotice&qid=%sapp_namerival_name
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=VideoScreen&a=getPlayInfo&appid=%utitlesrc_allplay_titles
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=WallPaper&a=getAppsByTagsFromCategory&from=360desktop&cids=%d&tags
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=WallPaper&a=getAppsInfoByIds&ids=%sDownloadFavoriteProcess
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=WebApp&a=show&appid=%lu&from=360dtclosesuccrawUrlloginedUrl%st
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=WebApp&a=show&appid=%lu&from=360dtsuccrawUrlloginedUrlweb
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.weather.hao.360.cn/sed_api_weather_info.php?app=desktop&fmt=json&code=%darea(%
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.weather.hao.360.cn/sed_api_weather_info.php?app=safeDestop&fmt=json&code=%shttp://weather
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://chrome.360.cn/pdown://h3=60
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://client.apc.360.cn/cms/360dtconf.inid
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cloud.openapi.360.cncookie_qcookie_t/app/add_list?uid=%s&ver=1.0Content-Type:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cmsg.browser.360.cn/api.php?qt=Get
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.geotrust.com/crls/gtglobal.crl04
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2172820667.00000000037D6000.00000004.00001000.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteCodeSigningCA.crl0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2268138626.0000000003A50000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2172820667.00000000037D6000.00000004.00001000.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: explorer.exe, 00000018.00000000.2202592501.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.0000000009255000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000018.00000000.2202592501.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2259478320.0000000009237000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dapp.wan.360.cn/360desk/mhxx?scrol=no&height=&r=1328833800D
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://data.weibo.com/top/topic?t=hourU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://desk.score.svc.1360.com/get?qid=%s&sign=%sLoginBallShowCountLoginGuideShowLLoginGuideShowHGui
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://desk.score.svc.1360.com/incr?event=%s&qid=%s&value=%d&sign=%s%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://desktop.360.cn/update/update.nxdbupdate.nxdb.newupdate.xdb.new
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.360safe.com/softmupdate/onekeyinstall.cabpdown://http://dlleak.360safe.com/leak/ty/hcphotf
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dlleak6.360safe.com/leak/winxp/123456.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/gamebox/android/360gamebox.apkDlg.ConnectPopuphttp://stat.apc.360safe.com/ms
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://down.360safe.com/safesetup_2000.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dll
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2137640564.000000000052B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllPath
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DC48000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2136893687.000000000052B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllPathopen
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllSOFTWARE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DDF4000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2139079044.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllopen
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeSOFTWARE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeentry
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628181945.0000000004088000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CAEA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628668213.00000000046A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2137640564.000000000052B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exe8
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000003.2270017193.0000000003C41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeH
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DC48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621866746.0000000000C77000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DDF4000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2139079044.0000000003581000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2136893687.000000000052B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeN
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeP
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B8F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exehttp://down.360safe.com/setup.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/zhuomian/downchrome.inichromeconfigurl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/zhuomian/downchrome.inichromeconfigurl360webapp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/zhuomian/mini_installer.exedownloadpdown://h3=60
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/zhuomian/setup.exeUpdateApplicationsAppDownloadCloseUpdateNewUpdateApplicati
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://errsug.se.360.cn/ch.html?m=%s&v=%s&qt=%s&qid=%s&n=%s&mn=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fastmm.sourceforge.net).
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gamebox.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gamebox.360.cn360yxhezi13a22fc0a
Source: flashApp.exe	String found in binary or memory: http://graph.renren.com/oauth/token
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://graph.renren.com/oauth/tokenhttps://graph.renren.com/oauth/tokenrenren
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://graph.renren.com/renren_api/session_key?oauth_token=%sU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hd.360.cn/angrybirds/http://static.apc.360.cn/cms/olympics/game_winner.html/page=%d
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hd.360.cn/baobei&ids
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B90D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.360.cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://https://DecodePNGimg_reader.dll%s.uiz~mytmpimage_file_%srb
Source: flashApp.exe	String found in binary or memory: http://i.360.cn/findpwd/?src=%s&mid=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://i.360.cn/profile/index2927http://i.360.cn/profile/chusername
Source: flashApp.exe	String found in binary or memory: http://i.360.cn/reg?src=%s&mid=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.360.cn/reg?src=%s&mid=%shttp://i.360.cn/findpwd/?src=%s&mid=%sEDITLISTBOXD
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://i3.feixin.10086.cn/%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/appmenugouwu.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menubagua.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menulicai.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menushenghuo.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menushipin.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menutupian.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuxitong.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuyinyue.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuyo
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuyouxi.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuyuedu.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/05/shame_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/0c/sw_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/0c/ws_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/13/sweat.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/17/ldln_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/19/hate.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/1b/gz_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/1b/m_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/29/bz_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/33/camera_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/40/come_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/40/cool_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/41/zz2_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/46/zxc_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/48/sx_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/4b/paoxiao_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/4d/crazy.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/57/angry.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/58/mb_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/58/pig.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/5c/yw_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/60/horse2_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/64/cafe_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/64/hs_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6a/cake.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6a/laugh.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6d/heart.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6d/zhh_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6e/panda_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/70/vw_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/71/bs2_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/73/wq_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7d/sleep_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7e/hei_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7e/love.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/81/rabbit_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/88/zgl_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/89/nm_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/8b/sleepy.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/8f/qq_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/90/money_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/91/d_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/98/yhh_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/9c/tz_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/9e/t_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/a4/dizzy.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/a6/x_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/af/cry.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/af/kl_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b6/kbs_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b6/sb_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b8/cz_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b8/green_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b9/moon.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/bc/fuyun_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/bc/otm_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/bd/cheer.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c2/tooth.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c7/no_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c9/geili_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/ca/chunnuanhuakai_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d0/z2_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d3/clock_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d6/ok_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d8/good_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d8/sad.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d8/sad_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d9/ye_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/e5/sun.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/e9/sk_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/ea/unheart.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/eb/smile.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/f2/wg_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/f3/k_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/f4/cj_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://intf.soft.360.cn/index.php?c=Search&a=getSoftList&cver=v1&kw=%S&soft_ids=%s&%s%d-baoku%d-%sCS
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://intf.zsall.mobilem.360.cn/intf/checkMobile?para=%s%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://intf.zsall.mobilem.360.cn/zsintf/getDownloadUrl?soft_ids=%s&market_id=&appver=%s&uid=%s&pid=%
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jquery.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jquery.org/license
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/cgi/pin.php?r=%d&p=%sSV
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/member/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/member/getpwd/getpwd0.php?entry=ssoS
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/sso/getalt.php?entry=weibo360plugin&service=weibo360plugin&tgt=%sU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/sso/login.php?entry=weibo360plugin&alt=%s&url=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/sso/prelogin.php?entry=weibo360plugin
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://m.openapi.360.cn/msg/check?session=%s&msgid=%s3A6539ADE038ACD6DBFA8A4D130E34A5
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://m.openapi.360.cn/usr/login
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://m.openapi.360.cn/usr/loginnickname:cookie:??unp=%s&un=%s&unp=%s&un=%shttp://profile.openapi.3
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://m.soft.360.cn/index.php?controller=Intf&action=get.Down.Url&soft_id=%d&no_view=1&ofmt=xml&%sh
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C177000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mail.163.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mail.S
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://monitoring.openapi.360.cn/desktop/nopen/id/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://my.360.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://news.baike.360.cn/fw/zt1/heixiazi.htmlhttp://bbs.360safe.com/forum-162-1.html
Source: explorer.exe, 00000018.00000002.2255320125.0000000004405000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2197724368.0000000004405000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobeS
Source: explorer.exe, 00000018.00000000.2202592501.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.0000000009255000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000018.00000002.2259478320.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.00000000090DA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.geotrust.com0K
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2172820667.00000000037D6000.00000004.00001000.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: 360TopBar.exe	String found in binary or memory: http://open.app.360.cn/?from=360desktop_tray
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://open.app.360.cn/?from=360desktop_tray%stype=open&action=appcenter&from=youxiajiaotray&TrayMen
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://open.app.360.cn/?from=360desktop_trayhttp://bbs.360.cn/5473920.htmlTaskbarCreatedhW
Source: 360TopBar.exe, 00000015.00000002.2316212434.000000006C76F000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: http://open.app.360.cn/?from=360desktop_trayhttp://bbs.360.cn/5473920.htmlTaskbarCreatedhWwl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p1.qhimg.com/t01300a29501effb80d.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p17.qhimg.com/t01786e375a7830d753.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p17.qhimg.com/t01f55a00a83c723f3d.png)
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p19.qhimg.com/t01008d7e105188efac.png)
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p2.qhimg.com/t016ca463057d8d4362.png)
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p2s.f.360.cn/urlquery
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p5.qhimg.com/t019530ea43ea4d8d90.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p7.qhimg.com/t0187051ceab8c8d55c.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p8.qhimg.com/t011dbc6e088968ddd8.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p9.qhimg.com/t013736ff668d0555d4.png)
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pdown.stat.360safe.com/dimana.htm&usetime=%d&downrate=%d&downlen=%I64u=&?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pinst.360.cn/360haohua/safe_chaoqiang.cab
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pinst.360.cn/gamebox/GBUpdateConfig_Manual.ini?tick=%lu..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pinst.360.cn/zhuomian/DtUpdateConfig_Manual.ini?tick=%dUpdateContentAttributeDownloadMainVers
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pinst.360.cn/zhuomian/DtUpdateConfig_Manual.ini?tick=%dhttp://pinst.360.cn/zhuomian/DtUpdateC
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://pinst.360.cn/zhuomian/reinst_beta.cab/URL:http://pinst.360.cn/zhuomian/reinst_final.cabmodule
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://player.56.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://player.ku6.com/refer/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://player.pptv.com/v/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://player.youku.com/player.php/sid/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.openapi.360.cn/degree.html#tab=2#uhp=%s#un=%shttp://profile.openapi.360.cn/user/info.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.openapi.360.cn/degree.html#uhp=%s#un=%shttp://profile.openapi.360.cn/msg/info.html?ve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.openapi.360.cn/user/info.html?un=dockbar
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.openapi.360.cn/user/popup.htmlGS
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.se.360.cn/proxyerr.php
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pstat.p.360.cn/uplog.php0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pstat.p.360.cn/uplog.phpinfo0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://q.soft.360.cn/get_download_url.php?type=download_url&soft_ids=%s&%sOptions
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://q.soft.360.cn/get_polls.php?mid=%Shttp://q.soft.360.cn/get_polls.php?ofmt=json&mid=%Shttp://q
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://q.soft.360.cn/get_update_info.php?type=update_info&soft_ids=%s&lrtime=0&%snameubrief2vdisppti
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://q.soft.360.cn/get_update_info.php?type=update_info&soft_ids=%s&lrtime=0&%subrief2vdispptimesu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.163.com/getpasswd/RetakePassword.jsp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.163.com/reg/reg.jsp
Source: 360TopbarASS.exe	String found in binary or memory: http://relate.apc.360.cn/index.php?c=Relate&a=getRelateCate&mid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 0000000A.00000002.2081373618.0000000000B88000.00000002.00000001.01000000.0000000A.sdmp, 360TopbarASS.exe, 0000000A.00000000.2072888648.0000000000B88000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://relate.apc.360.cn/index.php?c=Relate&a=getRelateCate&mid=&count=16&show=1&version=catecidrela
Source: 360TopbarASS.exe, 0000000A.00000002.2080970323.000000000083E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://relate.apc.360.cn/index.php?c=Relate&a=getRelateCate&mid=08bcc5cf9e3fc589107741a5e999ecfa&cou
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://res.qhupdate.com/wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini%d.%dB:A:downloadpat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://rm.api.weibo.com/statuses/unread.xml
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhibox&from=2
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhiexit&from=4startfrom=4http://s.360.cn/bizhi/s.html?action=b
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=0&fangshi=2http://s.360.cn/bizhi/s.html?acti
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=0http://static.apc.360.cn/cms/guajian.htmlHi
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=7http://s.360.cn/bizhi/s.html?action=bizhiri
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=8
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=9dataimg_%d_%dtotal0errnogoodwallpaper.jsonh
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhiset&from=0&appver=2.1.0.1026&pid=zhuomian&m=
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhiset&from=1&appver=2.1.0.1026&pid=zhuomian&m=
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=wpinst&from=1&appver=2.1.0.1026&pid=zhuomian&m=
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?%sfun=lifecycle&act=updatedownload&res=app
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?%sfun=lifecycle&act=updateopen&res=app
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?%sfun=link&act=%s&res=%s&r1=%s&r2=%s&r3=%s&wjj
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=%s&fun=%s&act=%d&res=%d&mid=%s&ver=%s&r1=%d&r2=%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1923918855.000000000140C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2224935394.0000000003F2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=08bcc5cf9e3fc589107741a5e999ecfa&ve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2224032969.0000000003E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2160058813.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=08bcc5cf9e3fc589107741a5e999ecfa&ve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2273079673.0000000003E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=08bcc5cf9e3fc589107741a5e999ecfa&ve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1718550227.0000000003E8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1874170082.0000000003EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/tray.htm?m=%s&uid=%s&pid=%s&appver=%s&modulever=%s%u.%u.%u.%uName
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/tray.htm?m=%s&uid=%s&pid=%s&appver=%s&modulever=%shttp://m.openapi.360.cn/status.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/xiaoguanjia/xgj.html%s?action=shutdown&from=%d&appver=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s0.qhimg.com/lib/jquery/171.js
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s0.qhimg.com/st.360.cn/;bk_up;style/7e995a0e.css
Source: explorer.exe, 00000018.00000000.2200750468.0000000007720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000000.2196430865.0000000002C80000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000018.00000002.2258173693.0000000007710000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sd.p.360.cn/%s.trt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sd.p.360.cn/BB53D19C9D32290AC8A94E902D7CB0C86A7E01E1.trt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://se.360.cnU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seapp.stat.360safe.com/q.html?name=%s&appver=%s&mid=%s&c=%sU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seapp.stat.360safe.com/ver.html?name=%s&p=%s&mid=%s&fa=%s&fb=%s&fc=%sU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://setpass.app.se.360.cn/forget?type=mail
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seupdate.360safe.com/360webmail_ver2.ini%s%d.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seupdate.360safe.com/360webmail_ver2.ini?%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seupdate.360safe.com/360webmail_ver2.ini?%dSV
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sizzlejs.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soft.360.cn/static/ess/class_lenovo.xml?t=%d&%shttp://soft.360.cn/static/ess/class_6_0.xml?t=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=onekeyinstall&softid=%u&succ=%d&update=%d&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=onekeyinstall&softid=%u&succ=%d&update=%d&0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=open&action=%s&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=web&action=time&htime=%d&etime=%d&u=%s&ie=%s&bug=%lu&%%%about:bl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=web&action=time&htime=%d&etime=%d&u=%s&ie=%s&bug=%lu&%%%mshtml.d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?xml=err&m=~DF
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?xml=err&m=~DFP.ScriptTypeScript..
Source: 360TopBar.exe	String found in binary or memory: http://softm.update.360safe.com/360deskup2m.cab
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.update.360safe.com/360deskup2m.cab10222201102021020621221110210213208218206204209203205
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000002.2316212434.000000006C76F000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: http://softm.update.360safe.com/360deskup2m.cab360AppCore%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.update.360safe.com/360gamebox/v3update.cab?src=%S&t=%d&%Supdate.ini360safe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.update.360safe.com/360gamebox/v3update.cab?src=360DtMgr&t=%d&%shttp://softm.update.360s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.360safe.com/360/?stype=changeskin&ver=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2054843186.0000000004250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stat.360safe.com/360safeurl/?type=upnet&mid=%sFloating
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stat.360safe.com/login.html?type=login&from=%s&action=%s&style=%s&uid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stat.360safe.com/login.html?type=login_checksumfail&q_send=%s&vt_send=%d&q_recv=%s&vt_recv=%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/ad.html?action=slidetimeout&appid=%lu&%stype=new&action=webapp-cpu&from=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/ad.html?action=slidetimeout&appid=%lu&UiFeature360CtrlAnimationBalloonWndClsA
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=dakaizhuce&%stype=new&action=zhuce&from=%s&r1=%s&ap
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=msgbox&from=%d&detail=%d&m=%s&modulever=%s&appver=%
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=msgboxweibo&from=%s&detail=%s&uid=%s&pid=%s&m=%s&mo
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=runmsg&from=full&detail=run&m=%s&modulever=%s&appve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=runmsg&from=full&detail=run&open_msgbox360ID
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=zhucechenggong&360DesktopRegisterVerifyCodeDlg
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html%s?type=open&action=%s&mod=%d&appid=%lu&fenleiid=%d&from=%d&style=fu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%dx%d%stype=new&action=newdtmusic&from=%d&appid=&0http://stat.apc.3
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=moviefunction&from=%d&fangshi=&sort=&r1=&%stype=n
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=newdtmusic&from=%d&appid=&bad
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=openfiles&from=%d&r1=fences&r2=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=performanceindex_button&from=%u&fangshi=%u&safeve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=tipsclick&from=%d&fangshi=%d&sort=&r1=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B2EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=open&action=appcenter&style=fullscreen&from=%d&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=open&action=yingyongdianji&mod=1&fangshi=%d&appid=%d&fenleii
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=SetAppwallpaper&from=1&fangshi=&appid=&r1=&r2=&r3=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=SetSyswallpaper&from=0&fangshi=&appid=&r1=&r2=&r3=&
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=bizhibubble&from=1LastCloudIdSoftware
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=bizhibubble&from=4http://stat.apc.360.cn/stat.html?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=bizhilunbo&from=%d&fangshi=%d&appid=%s&r1=&r2=&r3=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B90D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=feedback&from=%d&fangshi=%d&uid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendar&from=1&fangshi=1&r1=fences&r2=particu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendar&from=1&fangshi=2&r1=fences&r2=particu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendar&from=6&r1=fences&r2=particular&http:/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendarstate&from=2&fangshi=1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendarstate&from=2&fangshi=2
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=genghuanbizhishezhi&from=1&fangshi=&http://stat.apc
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=genghuanbizhishezhi&from=2&fangshi=&CCapDeviceChang
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=gerenzhongxin&from=%d&mid=%s&uid=%sA3B6B07CF749024E
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=guanbiruanjian&from=&fangshi=&sort=&r1=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=msgremind&from=%d&appid=%s&http://stat.apc.360.cn/s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newbuttonclick&from=1&uid=1&pid=h_home&m=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newbuttonclick&from=3&uid=1&pid=h_home&m=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=1&uid=1&pid=h_home&m=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=startinstall&appver=%s&r1=%s&uid=1&pid=%s&m=%shttp:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1923918855.000000000140C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1874170082.0000000003EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=startinstall&appver=2.6.0.1110&r1=2.6.0.1110&uid=1&
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=wpcommon&from=00
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CAEA000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000000.2133758601.0000000000CC4000.00000002.00000001.01000000.00000014.sdmp, flashApp.exe, 00000013.00000002.2139496463.0000000000CC4000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=zidaiyingyong&from=7&fangshi=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newbuttonclick&from=2&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newbuttonclick&from=4&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=1000&uid=1&pid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=2&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=3&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=4&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=anzhuanganquanzhuomian&from=3&mod=%d&appver=%s&pac
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2271423008.0000000003EF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=anzhuanganquanzhuomian&from=3&mod=1&appver=2.6.0.1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=anzhuangyunxing&from=%d&appver=%s&packagever=%s&ui
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=bengkuilesorry&deskbanben=%s&deakbanhao=%s&t=%dMoz
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2147481812.0000000003583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=bengkuilesorry&deskbanben=%s&deakbanhao=%s&t=%dfee
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=guanbicomputer&-reboothttp://stat.apc.360.cn/stat.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=guanbisuoyouruanjian&%shttp://stat.apc.360.cn/stat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=qieping&from=1&style=%d&PageMyAppFS.xml%windir%
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=sequence&from=%d&r1=fences&%stype=new&action=xinji
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=shengjichengxu&from=1&http://stat.apc.360.cn/stat.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2224705306.000000000AFEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=tiyanjihua&from=1&appver=2.6.0.1110&packagever=2.6
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=update&360DTNotifyF3C85C74-71B1-4ac8-9C89-B9BE4DC4
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=detailclick&from=1&uid=1&pid=h_hom
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/tmp.html%s?action=gj_appcore&from=1%s?action=gj_appcore&from=2&fangshi=%u&sor
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/webapp.html?%stype=webapp&action=error&appID=%d&host=%s&errorcode=%d&errortyp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html%s?action=%s&sid=%u&moduledownokmoduleinstallokmodulenoninstallT
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html%s?action=%s&sid=%u&moduledownokmoduleinstallokmodulenoninstalld
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html%s?action=mgpopup&from=4&detail=1003&state=1&x
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?360Gbapp..
Source: GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?action=mginst&state=
Source: GBInst.exe, 00000010.00000002.2190699098.0000000000555000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?action=mginst&state=1&pid=ZMSilent&m=08bcc5cf9e3fc589107741a5e9
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?action=mgpopup&from=4&detail=2001&state=%d&x
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?http://stat.apc.360.cn/stat.html?%stype=open&action=somxmlLoadR
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.ioage.com/web/theworld2up.ini?2.4.1.9needfileSUBVER_%slanguages
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B2EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/apphotweb.htmlsysMaxtooltips_class32dcGP
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/ertong/ertongleyuan.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/ertong/ertongleyuan.htmlhttp://static.apc.360.cn/cms/music/tingyinyue.h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/gamecomment.html?appid=%d&from=%dwebapp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/education.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/fashion.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/female.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/game.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/investment.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/life.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/magzine.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/music.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/news.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/novel.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/picture.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/shopping.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/social.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/tools.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/video.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/minivideo/index.htmlAnimImage
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/minivideo/noplayer.html360Desktop
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/minivideo/player.html?playUrl=%sspliter1spliter2
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/music/tingyinyue.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007750000.00000004.00001000.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2155392643.000000000358C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/novels/gcy.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007750000.00000004.00001000.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2155392643.000000000358C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/novels/gcy.htmliBookMenu.Yahei.NormaliBookMenu.Yahei.Hover
Source: GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/recommend_game_new.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/selected.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/selected.htmlhttp://client.apc.360.cn/cms/360dtconf.ini7
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/skin_uploadwebapp.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/theme/index.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/theme/index.htmlMusicIEFrame7
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/video/shipinhezi1.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/video/shipinhezi1.html%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/video/videoNew.html?context=%s&num=%s&count=%d
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/bztuijian.htmlhttp://s.360.cn/bizhi/s.html?action=bizhirightl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/show.php
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/show.phpTextSinaWeibo_CJPicLD_BeginTimeLD_EndTimebutton
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/weibo-share.html
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/weiboshare.html#
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper_feedback.htmlloopwallpaper.xml&r1=1&action=bizhiEntrance&from
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/xiaoxihezi/tankuang.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/feedback/index.html?appid=%d&name=%s360WebappLead2ArenaTipsClass360WebappGa
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/feedback/index.html?appid=%d&name=%swebgamecontrolpanel.xml360Desktop
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/other/app_center/app_poll_1_0.htmlSoftMgr_Notify
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/360GameBoxConf.xmlGameBox_ConnectingMobilePopup
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/popup/pop_bg.pngmap/set
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/rules.htmhttp://swf.baoku.360.cn/gamebox/exaward.htmhttp://swf.baoku
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/sorryjump.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/sorryjump.htmI360AppCenterDataClientTypeTabVisible
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/sorryjump.htmSettingCenter
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/sorryjump.htmpdown://h3=30
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/hzx/Sound.zipStartDownload()
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/hzx/flashActiveX.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/hzx/flashActiveX.exe&..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/hzx/flashActiveX.exehttp://swf.baoku.360.cn/hzx/Flash32_11_3_win8_360.ocx..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/zhuomian/player/v2/douban.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/zhuomian/player/v2/jingfm.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/zhuomian/player/v2/kugou0329.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/zhuomian/player/v2/kuwoo.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t.163.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t.cn/Swi4kM
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t.cn/htzkKX
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://theworld.cn/http://ioage.com/http://www.ioage.com/Update
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tp3.sinaimg.cn/1751401422/50/5611920854/1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tuan.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tuan.360.cn/api/se2.php?rc=%d&fromid=%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://uninstall.feedback.360.cn/360desktopuninstall.html?ver=%s&mid=%s&safever=%s&sysver=%s&is64=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://up.soft.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://up.soft.360.cnQuickInstLog0.0.0.0/index.php?c=Upload&a=upload&pjt=quickinst&ver=%s&mid=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/instcomp.htm?soft=1101&status=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/instcomp.htm?soft=1101&status=25&change=local&mid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/instcomp.htm?soft=1101&status=25&change=self&mid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B8F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/instcomp.htm?soft=2300&status=%d%02xshell32.dllPrivateExtractIconsWuser32.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DC48000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2136893687.000000000052B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/v3/safeup_lib64.cabhttp://update.360safe.com/v3/safeup_lib.cab360trayHandl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/zhuomian/music/SelectMusicConfig.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v.ifeng.com/include/exterior.swf?guid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.cnzz.com/c.php?id=30000496
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/Shopping.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/bagua.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/licai.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/shenghuo3.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/shipin.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/tupian.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/xitonggongju.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/yinyue.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/youxi3.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/yuedu.png
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAllCategoriesV2http://cdn.apc.360.cn/index.ph
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsByCategory&cid=%s&start=%d&count=%dhttp:/
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsByTagsFromCategory&cids=%s&start=%d&count
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsInfoByIds&ids=%s-995OpenSettingCenterDoOp
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsV3&cids=%s&start=%d&count=%dhttp://wallpa
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaperAloneRelease&a=qrcodeshow&url=%shttp://wallpaper.ap
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaperAloneRelease&a=srvhoverUpdateFinish
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cnjson_err/index.php?c=WallPaper&a=apiCrashReportbizhi.dump.360.cndump/uplo
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn/bbs.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn/bbs.htmlgame.360.cn&name=http://wan.360.cn/bbs/second.html?g=%shttp://wan.360.cnn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn/cs
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn/csgame.360.cn&name=http://wan.360.cn/bbs/second.html?g=%shttps://KeFuhttp://wan.36
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/fans
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profile
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profileS
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profileSVW
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profileSf
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profileU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/atme
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/comments
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/messages?source=toptray
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/signup/signup.php?entry=360se
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/signup/signup.php?ps=u3&lang=zh
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/signup/signup.php?ps=u3&lang=zhU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/zt/s?k=
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://whttp://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsInfoByIds
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wpad.%s/wpad.dathttp://%s/wpad.datwpad
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2137479601.000000000326A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CAEA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628181945.0000000004190000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628668213.00000000046A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628549546.000000000320E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DCD0000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2137640564.000000000052B000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2143562136.000000000358E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.00000000035AF000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2145548368.0000000003598000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2141532731.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000003.2135145181.000000000272E000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000013.00000003.2137062080.00000000026F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn//index.html127.0.0.1--
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/ConnectedState:%dCreateFile
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/custom/xukexieyi.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/privacy/index.htmlJoinExperiencePlan%stype=setting&action=tiyanshezhi&shezhi=%d&SO
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/shoujizhushou/index.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/sinaweibo.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/ucenter/faq.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/userexperienceimprovement.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/weishi/index.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/weishi/index.htmlres://%d/%s/%dDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayT
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/xukexieyi.html#zhuomianJ
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CAEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/yinsichengnuo.html#xiangqing23
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn4
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn;color=rgb(60
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cnMAINFRAME
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2152287783.00000000004CE000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cnPublisher360
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360safe.com360o
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/baidu?word=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/baidu?word=%us&tn=ichuner_4_pg&ie=utf-8:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/index.php?tn=ichuner_2_pg
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/s?tn=ichuner_4_pg
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/s?wd=%shttp://www.google.com.hk/search?q=%s&client=aff-os-prius&hl=zh-CN&ie=gb2
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.geotrust.com/resources/cps0(
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.go108.com.cn/openapp/360app/astrofate/result.php?iAstro=%dA3B6B07CF749024E2DB5A6DF0DF37D1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.cn/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=javascri
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.cn/search?client=aff-worldbrowser&channel=errorpage&forid=1&ie=utf-8&oe=UTF-8&hl=z
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%s&i
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%us:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.hk/search?q=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.hk/webhp?client=aff-worldbrowser&ie=utf-8&oe=UTF-8&hl=zh-CN
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ifeng.com&fromweb=other&AutoPlay=false
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/help-appendix-04.htmhttp://www.theworld.cn/http://www.ioage.com/cn/help.htmT
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/help-shortcut.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/help.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/index.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/plugins.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/skin.htmPA
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/thanks.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/hl/cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/hl/cn/browsemode.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/hl/cn/dailytips.ini$http://www.ioage.com/web/navierr.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/hl/cn/rendermode.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/frame_naverror.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/inst.htmhttp://www.ioage.com/web/uninst.htmUpgrade
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/navierrres:about:blank%s/Software
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/web_search_cn.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/welcome_cn.htm?ver=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.com/go/getflashplayer
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.meilishuo.com/users/register
Source: explorer.exe, 00000018.00000000.2202592501.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2259478320.0000000009237000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.c
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mogujie.com/register
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.planeart.cn/?p=1121
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.renren.com/md5LoginU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sogou.com/sogou?query=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.theworld.cn/client/downhttp://www.theworld.cn/client/up
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.theworld.cn/client/syncfavsorder.db%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tudou.com/v/
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll-1.2.3rbr
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllP
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DC48000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2151662607.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllincompatible
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DCD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllrbr
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.yinyuetai.com/video/player/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://you.video.sina.com.cn/api/sinawebApi/outplayrefer.php/vid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhifu.openapi.360.cnMode
Source: explorer.exe, 00000018.00000002.2269233438.000000000C114000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/00C91DA8863D472fB1873585577810F1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/360chromeinstalltips.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/360chromeinstalltips.html$
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ShowAppPermitDlg
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/f&TCopyright
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe	String found in binary or memory: http://zhuomian.360.cn/ver2.0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000000.2171585841.0000000000579000.00000002.00000001.01000000.0000001A.sdmp, 360TopBar.exe, 00000015.00000002.2278081397.0000000000579000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0/reboot360DTSwitchBar.dllRunDLL
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0C:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0L
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0SetUnhandledExceptionFilterkernel32.dllGIF89a
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E225000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007787000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0Shell_TrayWnd
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0kernel32.dll360BoxCtrlCScrollMutliAppbox360DockBarCtrl360Desktop_CNBSug
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0kernel32.dllSetUnhandledExceptionFilteropenDTCrashReport.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0processinfo.dat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B2EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0somkernldt.dll..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0widthheightcallbackoncloseHWND=%lu;content=%sHWND=;content=T
Source: explorer.exe, 00000018.00000000.2210890196.000000000C00A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2268204766.000000000C00A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnReferertokenautologinerrno=vector
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://zhuomian.360.cnSwitchBar.xmlupdatecfg.inimodules
Source: explorer.exe, 00000018.00000000.2210890196.000000000C00A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2268204766.000000000C00A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnapni
Source: explorer.exe, 00000018.00000000.2196504693.0000000002CD0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: http://zhuomian.360.cnhttp://zhuomian.360.cnhttp://zhuomian.360.cn360
Source: explorer.exe, 00000018.00000000.2210890196.000000000C00A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2268204766.000000000C00A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnrer
Source: explorer.exe, 00000018.00000000.2210890196.000000000C00A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2268204766.000000000C00A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnridm8
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnsomkernldt.dll..
Source: flashApp.exe	String found in binary or memory: https://%s/intf.php?
Source: explorer.exe, 00000018.00000002.2266357108.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2208854440.000000000BC80000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000018.00000002.2266357108.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2208854440.000000000BC80000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000018.00000002.2266357108.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2208854440.000000000BC80000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSA4
Source: explorer.exe, 00000018.00000002.2266357108.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2208854440.000000000BC80000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSd
Source: explorer.exe, 00000018.00000000.2198948294.000000000702D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.000000000702D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000018.00000002.2259478320.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.00000000090DA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0E948A694F8C48079B908C8EA9DDF9EA&timeOut=5000&oc
Source: explorer.exe, 00000018.00000000.2202592501.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/friendships/create.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/friendships/followers.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/friendships/show.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/statuses/friends_timeline.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/statuses/update.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/statuses/upload.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/statuses/upload.jsonaccess_token1.jpgpic
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/users/show.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/users/show.json?access_token=%s&uid=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/oauth2/U
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/oauth2/authorize?client_id=3977697501&redirect_uri=https%3A%2F%2Fconnect.360.c
Source: explorer.exe, 00000018.00000000.2202592501.00000000091FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdata.browser.360.cn/api.php?https://cdata.browser.360.cn/api.phpvtversiontype
Source: explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.que
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-dark
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://connect.360.cn/index.php?U
Source: explorer.exe, 00000018.00000002.2266357108.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://feixin.10086.cn/account/register/CC_DelAccountResult
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe	String found in binary or memory: https://graph.renren.com/oauth/token
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://graph.renren.com/transfer?%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://graph.renren.com/transfer?%slogout
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.feixin.10086.cn/https://i2.feixin.10086.cn/https://i3.feixin.10086.cn/https://i5.feixin.10
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://i2.feixin.10086.cn/api/user.json?access_token=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://i2.feixin.10086.cn/api/user.json?access_token=%shttp://api.qcloud.360.cn/intf.phperror_descr
Source: explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.ak
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1b2aMG.img
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hGNsX.img
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAT0qC2.img
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBYTL1i.img
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.sina.com.cn/sso/login.php
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openapi.360.cn/internal/get_is_user_paid.json?q=%s&t=%spaynotify.xmlpaynotify_del.xmlheadima
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openapi.360.cn/internal/get_user_by_q_t.json?%sapp_key=%s&q=%s&t=%s&type=%d&name=%sD
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openapi.360.cn/internal/get_user_by_q_t.json?%sapp_key=%s&q=%s&t=%s&type=%d&name=%shttp://cd
Source: explorer.exe, 00000018.00000002.2266357108.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passport.360.cn/api.php?parad=http://passport.360.cn/api.php?parad=&from=360deskmethod=UserI
Source: explorer.exe, 00000018.00000002.2266357108.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comer
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rm.api.weibo.com/2/remind/unread_count.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spreadsheets.google.com/http://spreadsheets.google.com/https://docs.google.com/http://docs.g
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000018.00000000.2208854440.000000000BDF5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/EM0
Source: explorer.exe, 00000018.00000002.2266357108.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com48
Source: explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-big-3-mistakes-financial-advisors-say-that-the-1
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/sports/other/predicting-what-the-pac-12-would-look-like-after-expansion-wi
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/sports/other/washington-state-ad-asks-ncaa-for-compassion-and-understandin
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
Source: explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwhttp://wwwTW.2.10%d:

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe

Code function: 16_2_00404F1F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

16_2_00404F1F

Contains functionality to record screenshots

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

Code function: 21_2_6C733960 CreateDCW,CreateCompatibleDC,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,SelectObject,SelectObject,DeleteObject,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,DeleteDC,DeleteDC,BitBlt,PatBlt,DeleteDC,

21_2_6C733960

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 19_2_6C8CA120 CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,_memset,lstrcpynA,CryptImportKey,CryptCreateHash,CryptSetHashParam,CryptHashData,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,

19_2_6C8CA120

System Summary

Contains functionality to communicate with device drivers

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 10_2_00B6F080: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle,

10_2_00B6F080

Contains functionality to shutdown / reboot the system

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,		16_2_00403225
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,		17_2_00403225

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03D9E82F	0_3_03D9E82F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03D9E93F	0_3_03D9E93F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03D9E4A1	0_3_03D9E4A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03D9E521	0_3_03D9E521
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B84083	10_2_00B84083
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B63070	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B70190	10_2_00B70190
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B82A8E	10_2_00B82A8E
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B76A32	10_2_00B76A32
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7EB27	10_2_00B7EB27
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7E347	10_2_00B7E347
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B856E8	10_2_00B856E8
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7DE72	10_2_00B7DE72
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7B7AE	10_2_00B7B7AE
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B70FE0	10_2_00B70FE0
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B82FD2	10_2_00B82FD2
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7E71B	10_2_00B7E71B
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7EF47	10_2_00B7EF47
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_3_037C6B48	16_3_037C6B48
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_3_037C14F0	16_3_037C14F0
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_3_037CB0B0	16_3_037CB0B0
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_0040600A	16_2_0040600A
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_00404730	16_2_00404730
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_0379FF5F	16_2_0379FF5F
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_037A0B9B	16_2_037A0B9B
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_0379FA1B	16_2_0379FA1B
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_03791680	16_2_03791680
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_0379A845	16_2_0379A845
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_037A18FC	16_2_037A18FC
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_037A04A3	16_2_037A04A3
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_0040600A	17_2_0040600A
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_00404730	17_2_00404730
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F214F0	17_2_02F214F0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F2B0B0	17_2_02F2B0B0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F26B48	17_2_02F26B48
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CAE6D0	19_2_00CAE6D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CB1190	19_2_00CB1190
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CC1992	19_2_00CC1992
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CAE150	19_2_00CAE150
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CC1389	19_2_00CC1389
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CC1CB0	19_2_00CC1CB0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CA16A0	19_2_00CA16A0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CC0E45	19_2_00CC0E45
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CA8E70	19_2_00CA8E70
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CB6741	19_2_00CB6741
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CBD738	19_2_00CBD738
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8C1480	19_2_6C8C1480
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C934C18	19_2_6C934C18
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C92EDD9	19_2_6C92EDD9
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C92EDC0	19_2_6C92EDC0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8FEDF0	19_2_6C8FEDF0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C902EF0	19_2_6C902EF0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C908F30	19_2_6C908F30
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C906A80	19_2_6C906A80
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8D0B80	19_2_6C8D0B80
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C9365B5	19_2_6C9365B5
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C9346D4	19_2_6C9346D4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8A8610	19_2_6C8A8610
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C920630	19_2_6C920630
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C91C714	19_2_6C91C714
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8B60D0	19_2_6C8B60D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C91C2F4	19_2_6C91C2F4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8A4250	19_2_6C8A4250
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8D2390	19_2_6C8D2390
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8B63E0	19_2_6C8B63E0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8C3D80	19_2_6C8C3D80
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C931EC3	19_2_6C931EC3
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C91BEE8	19_2_6C91BEE8
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C935854	19_2_6C935854
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C929900	19_2_6C929900
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C911A50	19_2_6C911A50
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8A7BC0	19_2_6C8A7BC0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8B3BD0	19_2_6C8B3BD0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C91BB14	19_2_6C91BB14
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8D3500	19_2_6C8D3500
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C91B63F	19_2_6C91B63F
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C907080	19_2_6C907080
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C93515C	19_2_6C93515C
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C907290	19_2_6C907290
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C9173F2	19_2_6C9173F2
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_00566AA0	21_2_00566AA0
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_00575BF5	21_2_00575BF5
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_0056F7FB	21_2_0056F7FB
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C74BF00	21_2_6C74BF00
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C755E40	21_2_6C755E40
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C76BE4C	21_2_6C76BE4C
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C769F6B	21_2_6C769F6B
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C76A9F3	21_2_6C76A9F3
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C75CB92	21_2_6C75CB92
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C76A4AF	21_2_6C76A4AF
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C76B0EB	21_2_6C76B0EB
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C7672ED	21_2_6C7672ED

Found potential string decryption / allocating functions

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: String function: 03799F4C appears 34 times
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: String function: 00B76FF8 appears 42 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 00CB4094 appears 48 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C908655 appears 37 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C901210 appears 146 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C921A70 appears 50 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C921B90 appears 39 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C897530 appears 37 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C899710 appears 31 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C8A4240 appears 124 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C921B50 appears 83 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C90C28C appears 58 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: String function: 6C75A97C appears 47 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: String function: 0056A0AC appears 37 times

One or more processes crash

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4084 -s 10344

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: DLL type: 7-zip archive data, version 0.4
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: DLL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 213427 bytes, 1 file, at 0x2c +A "7z.dll", number 1, 12 datablocks, 0x1 compression
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: OEMDATA type: 7-zip archive data, version 0.3
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: SETUPCONFIG type: 7-zip archive data, version 0.4
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: SKIN type: 7-zip archive data, version 0.4
Source: 360mwapp.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 separate I&D executable not stripped
Source: 360weibo.exe.0.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: Uninstall.exe.0.dr	Static PE information: Resource name: OEMDATA type: 7-zip archive data, version 0.3
Source: Uninstall.exe.0.dr	Static PE information: Resource name: SKIN type: 7-zip archive data, version 0.4

PE file contains more sections than normal

Source: 360seNotify.exe.0.dr

Static PE information: Number of sections : 12 > 10

PE file contains strange resources

Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\017TCWeiBoEditForm\016CWeiBoEditForm\013BorderStyle\007\006bsNone\007Caption\022\005'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\030TCWeiboPuzzlePicEditForm\027CWeiboPuzzlePicEditForm\013BorderStyle\007\006bsNone\007Caption\006\027CWeiboPuzzlePicEditForm\014ClientHeight\003"\001\013ClientWi'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\030TCWeiboPuzzlePicItemForm\027CWeiboPuzzlePicItemForm\013BorderStyle\007\006bsNone\007Caption\006\027CWeiboPuzzlePicItemForm\014ClientHeight\003\014\001\013ClientWi'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\027TMsgBoxClientAnchorForm\026MsgBoxClientAnchorForm\013BorderStyle\007\006bsNone\007Caption\022'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TRemindItemBasicForm\023RemindItemBasicForm\013BorderStyle\007\006bsNone\007Caption\006\023RemindItemBasicForm\014ClientHeight\003\027\001\013ClientWidth\003\346\001\005Color'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TShareImgPreviewForm\023ShareImgPreviewForm\013BorderStyle\007\006bsNone\013BorderWidth\002\001\007Caption\022\004'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TShareLoginBasicForm\023ShareLoginBasicForm\013BorderStyle\007\006bsNone\007Caption\006\023ShareLoginBasicForm\014ClientHeight\003\320'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\032TShareSendResultAnchorForm\031ShareSendResultAnchorForm\013BorderStyle\007\006bsNone\007Caption\006\031ShareSendResultAnchorForm\014ClientHeight\003\320'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TSinaSsoLoginingForm\023SinaSsoLoginingForm\013BorderStyle\007\006bsNone\007Caption\024\011'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\022TUfClientBasicForm\021UfClientBasicForm\013BorderStyle\007\006bsNone\007Caption\006\021UfClientBasicForm\014ClientHeight\003\027\001\013ClientWidth\003\262\001\005Color\004\361\366\371'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\021TUfTodayTopicForm\020UfTodayTopicForm\013BorderStyle\007\006bsNone\007Caption\022\004'

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe

Section loaded: dtunloader64.dll

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 360seNotify.exe.0.dr

Static PE information: Section: .reloc IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: classification engine

Classification label: mal51.evad.winEXE@36/924@30/7

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 19_2_6C921230 SetLastError,GetLastError,SetLastError,GetLastError,_wcsrchr,_wcsncpy,_strerror,MultiByteToWideChar,_wcsncpy,LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,FormatMessageW,_wcstok,_vswprintf_s,_wcsncpy,GetSystemTime,LocalFree,FreeLibrary,

19_2_6C921230

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe

Code function: 16_2_00404275 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

16_2_00404275

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

Code function: 21_2_00561160 lstrlenW,_memset,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,__wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle,CloseHandle,

21_2_00561160

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe

Code function: 16_2_00402012 CoCreateInstance,MultiByteToWideChar,

16_2_00402012

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 19_2_00CAC1E0 LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,

19_2_00CAC1E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File created: C:\Program Files (x86)\360

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\s[1].htm

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Mutant created: \Sessions\1\BaseNamedObjects\360DtUnInstaller
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 4584
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\360_login_account_config_lock2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 6116
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4084
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 5392
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 4656
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 3688
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 4940
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 1992
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\360Login_mapping_lock
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Mutant created: \Sessions\1\BaseNamedObjects\DT_TOPBAR_{8AB1E186-A11B-476f-B8EB-83D0A6E5009E}
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3748
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Mutant created: \Sessions\1\BaseNamedObjects\360WallPaper_By_Zhangtao
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Mutant created: \Sessions\1\BaseNamedObjects\360DtInstaller
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Mutant created: \Sessions\1\BaseNamedObjects\360desktop_appcore

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File created: C:\Users\user\AppData\Local\Temp\{40FDEBEB-AB66-4601-98EB-C4DE74916AE9}.tmp

Jump to behavior

Source: Yara match

File source: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360seNotify.exe, type: DROPPED

Source: unknown	Process created: C:\Windows\explorer.exe
Source: unknown	Process created: C:\Windows\explorer.exe

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: cate	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: count	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: count	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: cate	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: cid	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: relate_type	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: cid	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: relate_type	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: zm_d	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: 10004	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: version	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: 1.0	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: encoding	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: UTF-8	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: standalone	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: child	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: book	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: \360Desktop	10_2_00B63070
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Command line argument: RunDLL	21_2_00561DF0

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM ' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT aid , cid FROM customcategoryappmap;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT aid , cid FROM customcategoryappmap_cm;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT info FROM tempappinfos WHERE aid IN %s ;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT info FROM appinfos WHERE aid IN %s ;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM ' \|\| quote(name) \|\| ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT aid , cid FROM customcategoryappmap_disneymode;

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe "C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe "C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe" /S
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe "C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe" /S /Pzhuomian
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe "C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe" onlyimport
Source: unknown	Process created: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4084 -s 10344
Source: unknown	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Process created: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe StartByDesktop StartFrom=4
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe "C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe" -ReportWallPaper
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3748 -s 5128
Source: unknown	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe" /unloaddtswitcher
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe "C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe" -ReportWallPaper
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Process created: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe StartByDesktop StartFrom=4
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe "C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe" -ReportWallPaper
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe "C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe" -ReportWallPaper
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File written: C:\Program Files (x86)\360\360Desktop\updatecfg.ini

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static file information: File size 22004296 > 1048576

PE file contains a mix of data directories often seen in goodware

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains a debug data directory

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Binary contains paths to debug symbols

Source:	Binary string: D:\360se3\trunk\extension\AppBase\wxsqlite3.7.2\bin\sqlite3.pdbNB10k source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb`` source: GBInst.exe, 00000010.00000002.2190406494.000000000040B000.00000004.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\360se3\trunk\extension\AppBase\wxsqlite3.7.2\bin\sqlite3.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\UiFeatureControlSrc\UiFeature\Src\Pdb\UiFeature360Control.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007750000.00000004.00001000.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2155392643.000000000358C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\shell360dt64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2311300071.00007FFBC1A7B000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\build\360browser\src\DreamWork\TheWorld\TheWorld\TheWorld___Win32_Release_Unicode\360mwapp.pdbNB10K source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtwebframe.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\Bin\360DeskTop\Release\BizPluginCake.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb8pJ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\shell360ext.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360NetUL\bin\360NetUL.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D47D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360DesktopUi.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_2.6.0.1080_20130226\bin\360DeskTop\Release\360DesktopAssistant.pdbt source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DTNotify.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBox.pdb5 source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\SML_Shutdown_for_DT\Output\Bin\Release\RegularShutdown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360MsgPushCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopSwitch64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\7z_%209.20.0.1020_20120420_A\bin\Release\7z.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1623928497.00000000013F8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\7z_%209.20.0.1020_20120420_A\bin\Release\7z.pdbx source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1623928497.00000000013F8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Work\360se\extension2010\ExtNetIncrement\Output\ExtNetIncrement.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360DTSwitchBar.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000002.2316212434.000000006C76F000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\desktoptool.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb\ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360ZMUDetail.pdb0` source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SetupUtilDT.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2158601528.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\DownDll\Release\LiveUpd360.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DC48000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2136893687.000000000052B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\bin\360DeskTop\Release\AppcenterDataGb.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2148345936.000000000359B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopSwitch.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360Wapp.pdbXp\ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlproc_1.2.8\CheckedBuildWithPDB\urlproc.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtwebbrowser.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Net_2\Release\360net.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D47D000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119766154.0000000000530000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopMenu.pdbh source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se\360se3\trunk\extension_store\Down360seNotify\Release\NotifyDown.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360DeskTop\src\Release\360TopBar.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000000.2171585841.0000000000579000.00000002.00000001.01000000.0000001A.sdmp, 360TopBar.exe, 00000015.00000002.2278081397.0000000000579000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBoxCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2150114064.0000000003590000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\release\360wallpaper\version\360wpup.pdb source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtswitcher64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb``z source: GBInst.exe, 00000010.00000002.2193061223.00000000037A2000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360Wapp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\dtappcore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtswitcher.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA44000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\CloudTaskCenter_naive.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpapp.pdb source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360AppCenter.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B2EE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\BoxUI.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_1.4.0.1085_20110902\bin\360DeskTop\Release\RegSMWebProxy.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\release\360wallpaper\version\360wpup.pdbL source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360DeskTop\src\Release\UiPluginCake.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E225000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007787000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\build\onlineinstaller\Release\360Inst.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\AppUpdate.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360Apns.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360weibo.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpsrv.pdbxQJ source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\360Down\Release\LiveUpdate360.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_2.6.0.1080_20130226\bin\360DeskTop\Release\360DesktopAssistant.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360Ver.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2137479601.000000000326A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2269351092.0000000003A44000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D58F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360ZMUDetail.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\SML_Shutdown_for_DT\Output\Bin\Release\RegularShutdown.pdbP source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\DTCrashReport.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2147481812.0000000003583000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\somcore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlprocnet_1.2.4\CheckedBuildWithPDB\urlprocnet.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2054843186.0000000004250000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtfilm.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C939000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SomSoftMgrdt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\somQuickInstdt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpsrv.pdb source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360Desktop.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\svn\360desktop\branches\2.0.0.1120_201207016_B\Output\Bin\Release\SoftMgrLiteBase.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEC1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SMWebProxydt.pdbp source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DTFence.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\Release\360wallpaper\version\DTCrashReport.pdb source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb`` source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\onlineinstaller\Release\360Inst.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360Desktop_20120814_2.3Release_appcore\bin\360DeskTop\Release\360AppCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\flashApp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CAEA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2105505074.0000000003269000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000013.00000000.2133758601.0000000000CC4000.00000002.00000001.01000000.00000014.sdmp, flashApp.exe, 00000013.00000002.2139496463.0000000000CC4000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: E:\build\360browser\src\DreamWork\TheWorld\TheWorld\TheWorld___Win32_Release_Unicode\360mwapp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\code_svn\360SoftMgr\branches\GameMaster_1125_for_360dt\Output\Bin\Release\AppCenterCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se\360se3\trunk\extension_store\Down360seNotify\Release\NotifyDown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360FeedBack\Release\360FeedBack.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360Login\Release\oauthlogin.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\bin\360DeskTop\Release\360GbApp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\DTQuickInstProxy.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpapp.pdbH source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopMenu.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\PDown\Release\PDown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2137640564.000000000052B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb8p source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: E:\repos\urlproc_1.2.8\CheckedBuildWithPDB\urlproc.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\Safelive\ReleaseUMinDependency\Safelive.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DDF4000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2139079044.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\bin\Release\MiniUI.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628181945.0000000004088000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628668213.00000000046A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1629220837.0000000001459000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2223371539.000000000B059000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\DTShutdown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA44000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SMWebProxydt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\somkernldt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360DesktopSetup\360TopbarASS\Release\360TopbarASS.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 0000000A.00000002.2081373618.0000000000B88000.00000002.00000001.01000000.0000000A.sdmp, 360TopbarASS.exe, 0000000A.00000000.2072888648.0000000000B88000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\UpdateTool.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D040000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb source: GBInst.exe, 00000010.00000002.2193061223.00000000037A2000.00000002.00000001.01000000.0000001C.sdmp, GBInst.exe, 00000010.00000002.2190406494.000000000040B000.00000004.00000001.01000000.0000000E.sdmp
Source:	Binary string: e:\360DeskTop_2.2.0.1070_20120618\bin\360DeskTop\Release\MsgBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DCD0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlprocnet_1.2.4\CheckedBuildWithPDB\urlprocnet.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2054843186.0000000004250000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\AppcenterData.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\360GameBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\MusicIEFrame.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\02.WINDOWS\01.MyWork\01.UiFeature\01.SvnKing\trunk\KernelVersionCompany\Bin\Release\UiFeatureKernel.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E225000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007787000.00000004.00001000.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2156205576.0000000003581000.00000004.00000020.00020000.00000000.sdmp

PE file contains a valid data directory to section mapping

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 10_2_00B8023C LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,

10_2_00B8023C

PE file contains sections with non-standard names

Source: 360Common.dll.0.dr	Static PE information: section name: history
Source: 360MsgPushCore.dll.0.dr	Static PE information: section name: .share
Source: Safelive.dll.0.dr	Static PE information: section name: .IShareO
Source: Shell360dt.dll.0.dr	Static PE information: section name: .orpc
Source: Shell360dt64.dll.0.dr	Static PE information: section name: .orpc
Source: somkernldt.dll.0.dr	Static PE information: section name: .data1
Source: urlproc.dll.0.dr	Static PE information: section name: .SHARE
Source: 360seNotify.exe.0.dr	Static PE information: section name: .didata
Source: 360seNotify.exe.0.dr	Static PE information: section name: QProtect
Source: 360weibo.exe.0.dr	Static PE information: section name: .share
Source: DTCrashReport.exe.0.dr	Static PE information: section name: .share

Registers a DLL

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03D9BBC0 pushfd ; ret	0_3_03D9BBC1
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7703D push ecx; ret	10_2_00B77050
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B72936 push ecx; ret	10_2_00B72949
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_3_037C3AB0 push eax; ret	16_3_037C3ADE
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_03799F91 push ecx; ret	16_2_03799FA4
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F23AB0 push eax; ret	17_2_02F23ADE
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CB40D9 push ecx; ret	19_2_00CB40EC
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C90C9A6 push ecx; ret	19_2_6C90C9B9
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C90C2D1 push ecx; ret	19_2_6C90C2E4
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_0056A846 push ecx; ret	21_2_0056A859
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_0056A0F1 push ecx; ret	21_2_0056A104
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_005649B0 push ecx; mov dword ptr [esp], 00000000h	21_2_005649B1
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C753DA0 push ecx; mov dword ptr [esp], 00000000h	21_2_6C753DA1
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C75A9C1 push ecx; ret	21_2_6C75A9D4

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	10_2_00B6F080
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	10_2_00B6F440
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	10_2_00B6F5D0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	17_2_02F22480
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d	17_2_02F21F40
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	17_2_02F22300
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	19_2_6C91F8D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	19_2_6C91FA60
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	19_2_6C91F510
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	21_2_00566360
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	21_2_005663C9
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	21_2_6C755769
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	21_2_6C755700

Drops PE files

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360AppCenter.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\safelive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\BoxUI.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\modules\360wpappInstaller_zhuomian.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\PDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\MusicIEFrame.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\Temp\nsy5A2C.tmp\NSISdl.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\360Login.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360verify.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeatureKernel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\UpdateTool.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360wapp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\7z.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\ImportFavHelper.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\Temp\nsy5A2C.tmp\SetupHelperGB.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\DTShutdown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360Login.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\Shell360dt64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\360seNotify.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtswitcher.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtwebframe.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DesktopAssistant.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\360net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DesktopUi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DTSwitchBar.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\modules\GBInst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtfilm.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360seNotify.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\PDown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\LiveUpdate360.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\AppcenterDataGb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360NetUL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\LiveUpdate360.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360AppCenter.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\360P2SP.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Local\Temp\nsj5B55.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\oauthlogin.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\ExtNetIncrement.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\360weibo.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\desktoptool.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360dtpreview.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\somcoredt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\NotifyDown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\360GameBox.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtwebbrowser.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\GameBox.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\SoftMgrLiteBase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopAssistant.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtswitcher64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DTFence.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\CatchScreenTray.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\360NetUL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\360GbApp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360Desktop.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\AppcenterDataGb.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\DumpReport.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\BoxUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DTNotify.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360mwapp\360mwapp.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtappcore.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\GameBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\sqlite3.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\LiveUpd360.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\360GbApp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtwebframe.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtswitcher64.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\SetupUtilDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360dtpreview.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Local\Temp\nsj5B55.tmp\NSISdl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Local\Temp\{01A5D3C5-BC2A-47d0-BECF-4CB678821F9E}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360MsgPushCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360Login.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360NetUL.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360seNotify.rs	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\GameBoxCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\CloudTaskCenter_naive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\AppcenterData.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtappcore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360AppCore.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\somkernldt.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\360verify.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\360verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DesktopSwitch64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\UpdateTool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\360GameBox.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\img_reader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\AppCenterCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360FeedBack.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\AppUpdate.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\GameBoxCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\GameBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\DTCrashReport.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DesktopMenu.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\CloudTaskCenter_naive.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Local\Temp\nsj5B55.tmp\Registry.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\SMWebProxydt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\RegSMWebProxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360mwapp\360mwapp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Local\Temp\{FFB457B7-D39B-4777-A970-75B9F9B81322}.tmp\MiniUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360Desktop.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\RegSMWebProxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360verify.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\PDown.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\LiveUpd360.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\BizPluginCake.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\flashApp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\DTShutdown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\ImportFavHelper.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\MiniUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360ZMUDetail.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\AppcenterData.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\safemon\urlproc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\MsgBox.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtswitcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DTFence.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\oauthlogin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\DTCrashReport.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\modules\360TopbarASS.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeature360Control.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Local\Temp\{32DE70BA-1395-4dff-A45D-DE76DE00B289}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\DumpReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\SomSoftMgrdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtwebbrowser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360ZMUDetail.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\UiFeatureKernel.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Local\Temp\nsj5B55.tmp\360verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DTSwitchBar.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\AppcenterDataGb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\UiFeature360Control.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\GameBoxCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtfilm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\AppCenterCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360MsgPushCore.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\360wpup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360TopBar.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360weibo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360wapp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Local\Temp\{786DF1B6-83F7-43fe-8CAF-75FCED58443B}.tmp\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\AppUpdate.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\DTQuickInstProxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\MsgBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\DTQuickInstProxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\somcoredt.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\Temp\nsy5A2C.tmp\registry.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\360GameBox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopUi.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\safemon\urlprocnet.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\LiveUpd360.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\SetupUtilDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DesktopSwitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DTNotify.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\Shell360dt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\modules\360Inst.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\somQuickInstdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\ExtNetIncrement.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\RegularShutdown.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\360GbApp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360P2SP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360net.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360Ver.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\oauthlogin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\MusicIEFrame.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360FeedBack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\desktoptool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\SetupUtilDT.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\BizPluginCake.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\img_reader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360Apns.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Safelive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\CatchScreenTray.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\Temp\nsy5A2C.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\img_reader.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\modules\360Inst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\UiPluginCake.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\360seNotify.rs (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360Ver.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\somkernldt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360Apns.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File created: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360seNotify.rs

Jump to dropped file

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

Code function: 21_2_6C747820 _memset,SHGetFolderPathW,PathAppendW,PathAppendW,PathAppendW,PathFileExistsW,PathFileExistsW,_memset,GetPrivateProfileStringW,PathFileExistsW,DeleteFileW,ShellExecuteW,

21_2_6C747820

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	10_2_00B6F080
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	10_2_00B6F440
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	10_2_00B6F5D0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	17_2_02F22480
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d	17_2_02F21F40
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	17_2_02F22300
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	19_2_6C91F8D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	19_2_6C91FA60
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	19_2_6C91F510
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	21_2_00566360
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	21_2_005663C9
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	21_2_6C755769
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	21_2_6C755700

Creates an undocumented autostart registry key

Source: C:\Windows\System32\regsvr32.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\360DesktopExt NULL
Source: C:\Windows\System32\regsvr32.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\360DesktopExt NULL

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe

Window searched: window name: Progman

Hooking and other Techniques for Hiding and Protection

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8EC240 InvalidateRect,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,	19_2_6C8EC240
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8EC240 InvalidateRect,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,	19_2_6C8EC240
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8EB0D0 InvalidateRect,SetWindowPos,SetWindowPos,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,	19_2_6C8EB0D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8EB0D0 InvalidateRect,SetWindowPos,SetWindowPos,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,	19_2_6C8EB0D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C8EB320 IsWindow,IsWindowVisible,IsWindow,IsWindowVisible,IsWindow,IsWindowVisible,IsWindow,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,	19_2_6C8EB320

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 19_2_6C924040 LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetLastError,

19_2_6C924040

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe PID: 6116, type: MEMORYSTR

Query firmware table information (likely to detect VMs)

Source: C:\Windows\explorer.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\explorer.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SBIECTRL.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MSNIFFER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\SBIECTRL.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WINDBG.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EHSNIFFER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\WIRESHARK.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\FIDDLER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VSNIFFER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE

Contains capabilities to detect virtual machines

Source: C:\Windows\explorer.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\explorer.exe

Window / User API: foregroundWindowGot 388

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\DTCrashReport.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360AppCenter.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\CloudTaskCenter_naive.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\safelive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\RegSMWebProxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\BoxUI.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\MusicIEFrame.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\PDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360mwapp\360mwapp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{FFB457B7-D39B-4777-A970-75B9F9B81322}.tmp\MiniUI.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeatureKernel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\UpdateTool.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360wapp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360Desktop.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\RegSMWebProxy.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\PDown.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\Uninstall.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\ImportFavHelper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\LiveUpd360.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\DTShutdown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\BizPluginCake.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\DTShutdown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\360seNotify.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\ImportFavHelper.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\MiniUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360ZMUDetail.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\safemon\urlproc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtwebframe.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtswitcher.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\AppcenterData.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\MsgBox.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DesktopAssistant.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\360net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtswitcher.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\oauthlogin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DTFence.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\DTCrashReport.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DesktopUi.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeature360Control.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{32DE70BA-1395-4dff-A45D-DE76DE00B289}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\DumpReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\SomSoftMgrdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtwebbrowser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360ZMUDetail.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\UiFeatureKernel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360seNotify.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtfilm.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\PDown.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\AppcenterDataGb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\LiveUpdate360.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\AppcenterDataGb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360AppCenter.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\LiveUpdate360.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\GameBoxCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\UiFeature360Control.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtfilm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\AppCenterCore.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\360wpup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\360P2SP.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360weibo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360wapp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\ExtNetIncrement.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\oauthlogin.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{786DF1B6-83F7-43fe-8CAF-75FCED58443B}.tmp\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\AppUpdate.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\desktoptool.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\360weibo.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360dtpreview.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\DTQuickInstProxy.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\somcoredt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\NotifyDown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\DTQuickInstProxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\MsgBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\somcoredt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\360GameBox.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\360GameBox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtwebbrowser.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\GameBox.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\SoftMgrLiteBase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopAssistant.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtswitcher64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\CatchScreenTray.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DTFence.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopUi.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\360GbApp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\safemon\urlprocnet.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360Desktop.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\AppcenterDataGb.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\LiveUpd360.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\DumpReport.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\BoxUI.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\SetupUtilDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DesktopSwitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DTNotify.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\Shell360dt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\modules\360Inst.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360DTNotify.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\somQuickInstdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360mwapp\360mwapp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\ExtNetIncrement.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtappcore.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\GameBox.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\LiveUpd360.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\RegularShutdown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\360GbApp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtwebframe.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtswitcher64.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\360GbApp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\SetupUtilDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360P2SP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360Ver.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360net.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360dtpreview.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\oauthlogin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\MusicIEFrame.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360FeedBack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\desktoptool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\SetupUtilDT.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\BizPluginCake.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\img_reader.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\_appdata_\360Notify\Bin\360seNotify.rs	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360Apns.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\GameBoxCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Safelive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\CloudTaskCenter_naive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\AppcenterData.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\dtappcore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360AppCore.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\CatchScreenTray.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\img_reader.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\somkernldt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\modules\360Inst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\UiPluginCake.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\UpdateTool.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\img_reader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\360GameBox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\AppCenterCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360FeedBack.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\360seNotify.rs (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\360Ver.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\AppUpdate.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\somkernldt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\GameBoxCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\gamebox\GameBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{9B58E929-A6F0-4dc9-BD76-266767E35DAA}.tmp\Bin\360Apns.dll	Jump to dropped file

Found evaded block containing many API calls

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Evaded block: after key decision

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep	graph_10-17268
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess	graph_16-11671
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep	graph_16-11286

Found large amount of non-executed APIs

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

API coverage: 4.0 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe TID: 1304

Thread sleep count: 40 > 30

Queries disk information (often used to detect virtual machines)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	16_2_00405368
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_00405D3A FindFirstFileA,FindClose,	16_2_00405D3A
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_00402630 FindFirstFileA,	16_2_00402630
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	17_2_00405368
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_00405D3A FindFirstFileA,FindClose,	17_2_00405D3A
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_00402630 FindFirstFileA,	17_2_00402630
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C89EF80 _memset,_memset,PathAddBackslashW,FindFirstFileW,_memset,PathAddBackslashW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,	19_2_6C89EF80

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

21_2_6C74BF00

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QemuManager.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "Qemu Manager 6.0\Qemu Manager.lnk
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1923918855.0000000001474000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: explorer.exe, 00000018.00000000.2202592501.0000000009330000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}F
Source: GBInst.exe, 00000010.00000003.2137176515.0000000000513000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmware.exe
Source: GBInst.exe, 00000010.00000003.2138893350.0000000000513000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1M735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000018.00000002.2251608857.0000000000A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00=
Source: explorer.exe, 00000018.00000000.2202592501.0000000009255000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000018.00000000.2202592501.00000000091FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Qemu Manager 6.0\Qemu Manager.lnk
Source: explorer.exe, 00000018.00000002.2259478320.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.00000000090DA000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: GSoftware\Microsoft\Windows\CurrentVersion\Uninstall\VMware_Workstation
Source: GBInst.exe, 00000010.00000002.2190699098.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000003.2149470826.000000000051E000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000003.2141250973.000000000051A000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000003.2149513732.000000000051F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 0000001A.00000003.2280017915.0000000004201000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: E#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 360TopbarASS.exe, 0000000A.00000002.2080970323.000000000083E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllyy
Source: explorer.exe, 00000018.00000000.2202592501.000000000928B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: explorer.exe, 00000018.00000002.2259478320.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.00000000090DA000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWystem32\DriverStore\en\volume.inf_loc
Source: 360TopBar.exe, 00000015.00000002.2280681135.00000000013EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk>Ui
Source: explorer.exe, 00000018.00000002.2251608857.0000000000A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BSoftware\Microsoft\Windows\CurrentVersion\Uninstall\VMware_Player
Source: explorer.exe, 00000018.00000000.2202592501.000000000928B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTcaVMWare
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware\VMware Workstation.lnk
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware\VMware Player.lnk
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Software\Microsoft\Windows\CurrentVersion\Uninstall\VMware_Workstation
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Software\Microsoft\Windows\CurrentVersion\Uninstall\VMware_Player
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QEMU Manager
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Player
Source: explorer.exe, 00000018.00000002.2251608857.0000000000A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Workstation
Source: explorer.exe, 00000018.00000000.2202592501.0000000009330000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000018.00000002.2251608857.0000000000A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	API call chain: ExitProcess graph end node	graph_16-10916
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	API call chain: ExitProcess graph end node	graph_16-11673
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	API call chain: ExitProcess graph end node	graph_17-10397
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	API call chain: ExitProcess graph end node	graph_17-11200
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks if the current process is being debugged

Source: C:\Windows\explorer.exe	Process queried: DebugPort
Source: C:\Windows\explorer.exe	Process queried: DebugPort

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 10_2_00B711FB _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

10_2_00B711FB

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 19_2_6C926530 GetCurrentThreadId,OpenThread,GetProcessHeap,OpenThread,GetLastError,GetProcessHeap,HeapFree,OutputDebugStringW,CloseHandle,

19_2_6C926530

Contains functionality to dynamically determine API calls

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

10_2_00B8023C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 10_2_00B84593 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

10_2_00B84593

Enables debug privileges

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B711FB _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00B711FB
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7294A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00B7294A
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B6EBA1 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00B6EBA1
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B70D52 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00B70D52
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 10_2_00B7BEE8 SetUnhandledExceptionFilter,	10_2_00B7BEE8
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_0379579A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_0379579A
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_037965B2 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_037965B2
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 16_2_0379CD95 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_0379CD95
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F2965D SetUnhandledExceptionFilter,	17_2_02F2965D
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 17_2_02F2964B SetUnhandledExceptionFilter,	17_2_02F2964B
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CB1970 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_00CB1970
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CBC2F2 SetUnhandledExceptionFilter,	19_2_00CBC2F2
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CB1318 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_00CB1318
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_00CB46DB __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_00CB46DB
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C90CC8B __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_6C90CC8B
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C908D36 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_6C908D36
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 19_2_6C908660 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_6C908660
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_00561C00 lstrlenW,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,Sleep,CreateMutexW,GetLastError,SetUnhandledExceptionFilter,__set_invalid_parameter_handler,	21_2_00561C00
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_0056997E _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_0056997E
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_00569241 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_00569241
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_00573F44 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_00573F44
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_0056E715 SetUnhandledExceptionFilter,	21_2_0056E715
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C762B5A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_6C762B5A
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C7584BD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_6C7584BD
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 21_2_6C758537 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_6C758537

HIPS / PFW / Operating System Protection Evasion

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: lstrlenW,_memset,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,__wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle,CloseHandle, explorer.exe	21_2_00561160
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: lstrlenW,_memset,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,__wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle,CloseHandle, explorer.exe	21_2_00561160
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: lstrlenW,_memset,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,__wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle,CloseHandle, explorer.exe	21_2_00561160
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: __wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle, explorer.exe	21_2_00561209

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe "C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe" -ReportWallPaper
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe "C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe" -ReportWallPaper
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

Code function: 21_2_00561720 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

21_2_00561720

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /AddApp=%dProgmanWorkerW360DesktopFullScreenWndClass360DockBarCtrl\RegSMWebProxy.exe\360Desktopwait_for_fullscreen_show
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ANtCreateUserProcessntdll.dllNtCreateProcessExAppCenterData.dllCreateAppCenterIPCMgrC:..."%s" %sProgmanSHELLDLL_DefViewWorkerWdt_webapp_browser_.lnkExplorerRunFiles (x86)%s\360gameusers%s\360Desktop%s\360desktop.ini%s\360GBsc.ini%s\360Dtsc.ini%s\Skin%s\MiniAppdata.xdb%s\UpgradeData.xdb%s\Config.ini%s\webapps.ini%s\Config.Xdb%s\Config.nxdb%s\HandlerDelFlag.ini%s\SoftMgr.db%s\SoftMgrCfg.db%s\DtUpdateConfig.ini%s\AppDataStorage.db%s\updateapptips.ini%s\SCDUP%s\import.fg%s\AppSCProc.ini#RELATIVE_PATH#%s\360Desktop\Image\Icon\Common\%s\InnerWeb\%s\clientsoftIDs.tmp%s\pushrecord.ini%s\w360_Weather.ini%s\Temp\%s\AdvMsg.xml%s\DtWebMailHost.nxdb%s\AdvMsgRecord.ini%s\schedule.ini%s\ChildeMode\%s\PswImg%s\DisneyMode\%s\Sound%s\360GameCenter.exe360GameBox.exe360GbApp.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628181945.0000000004088000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628668213.00000000046A8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_traywndP
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E225000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.0000000007787000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: http://zhuomian.360.cn/ver2.0Shell_TrayWnd\Welcome UiFeatureUiFeatureWindowUI_FEATURE_%08X%04X%04X%02X%02X%02X%02X%02X%02X%02X%02Xfeaturewindowparaminvalid map/set<T> iteratormap/set<T> too long
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndXMenuDragREBAR_GRIPStatusBarFFindBarFTabBarFPlugInBarFMiniBarFFavoriteBarFMenuBarFSearchBarFTabBarPlugInBarMiniBarMenuBarSearchBarStyleSideBarCurSelComboBoxBG_ADDRESSAdressLeftPadAdressRightPadBG_ADDRESSEDITAddressCYAddressBarMainCYBottomCornerMultiTabBrowser-Embedding%s:%sGlobalUserOfflineSoftware\Microsoft\Windows\CurrentVersion\Internet Settingshttp://www.ioage.com/cn/help-appendix-04.htmhttp://www.theworld.cn/http://www.ioage.com/cn/help.htmTWFORM.HTMStatusPluginKeyhttp://www.ioage.com/cn/guide/guide_start.htmhttp://www.ioage.com/wzhttp://bbs.ioage.comhtm400%200%150%130%50%70%30%%s&guid=%s&lastver=%s2.1.2.22.1.2.42.1.0.22.0.5.12.0.3.42.3.0.72.3.0.8Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN2.2.1.02.2.1.22.2.1.4ICON_ADD_FAVORITEStatusCYXFrame_Wnd-setupopenNAVIERR.HTM125%TheWorld.icotw:confhttp://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%s&ie=utf-8http://www.google.com.hk/search?q=&tn=ichunertn=baidu.com/baidu?baidu.com/shttps:http:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2158601528.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ProgmanSHELLDLL_DefViewWorkerWWinsta0\default" AdvApi32CreateProcessWithTokenWexplorer.exe360GameBox.exe360GbApp.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Desktop.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360GameBox.exe..\Uninstall.exe/SopenBin\360Desktop.exe..\360gamebox.exe/INSTALL/UNINSTALL/UNINSTFromSP/LowRunDeskTop/LowRunGameBox/ClearGBAppZip/SetLocalTime_vector<T> too longsomkernldt.dll..\somkernl.dllSomPluginbad allocation~{
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JvR0kFstd::stringSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360GameBox.exeAppcenterData.dllCreateAppCenterDataInterface.fbak\MiniAppdata.xdb-journal%%%ProgMan..\360appcenter.exe-from 360desktop_new -startup 360loopwallpaper.exeWallPaper\wallpaper.swf WallPaper\wallpaper_cm.swf HideSuspWndUtil::APP::RunFlashApp() -enDesktopMode=%d -pszSwfPath=%sright_menu_wallpaper-swf "%s" -new %d -ver %d -from 360desktop_new -startup flashapp.exe%s StartByDesktopGloUtil::GetDownloadMgr()->CallFlashApp() -bRet=%dWALLPAPER\WALLPAPAER_NEW_TOTALCOUNTWALLPAPER\WALLPAPER_NOW_TOTALCOUNT%s%d\360kantu.exe360safe.exe360chrome.exe360se.exeabout:blank\SoftMgr\SoftManager.exehttp://www.360.cnMAINFRAME\HWND360Desktop\first_run_flag
Source: explorer.exe, 00000018.00000000.2195779388.0000000001091000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: 0Program Manager
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ech.txtShell_TrayWndReBarWindow32pastelinkpaste360desktop DropEffectcopycut%s\%s - oR,g%s%s\%s - oR,g (%d)%s360DestopNetDiskClipBoardKeyskin\deskmirror.uizDrawShadowTextLastResulotionycomctl32.dllx
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA9D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ccsUTF-8UTF-16LEUNICODEe+0001#QNAN1#INF1#IND1#SNAN\Fonts\msyh.ttfWorkerWProgmanSHELLDLL_DefView360DesktopFullScreenWndClass360DockBarCtrlFolderViewSysListView32Shell_TrayWndReBarWindow32_360DesktopSwitcherControlWnd_MsgOnly__360DesktopSwitcherControlWnd_MsgOnly_Wnd360DirectUICls_SwitchBar360DirectUICls360Desktop\ExecuteProFile.tmpfilepathexecuteparams
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: IcustomUrl360Desktop\Image\Icon\Common\customUrl.png360Desktop\Image\Icon\Common\customUrl_64.png360Desktop\Image\Icon\Common\customUrl_72.pngdefAppIcon360Desktop\Image\Icon\Common\Default_48.png360Desktop\Image\Icon\Common\Default_64.png360Desktop\Image\Icon\Common\Default_72.pngappMask360Desktop\Image\Icon\Common\DefaultMask_48.png360Desktop\Image\Icon\Common\DefaultMask_64.png360Desktop\Image\Icon\Common\DefaultMask_72.png\UserChoice\ProgidHKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\HKCU\Software\Classes\HKCR\\shell\\command\httpSoftware\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE.lnk..\AppSCProc.iniExplorerRunFilesWorkerWSHELLDLL_DefViewFolderViewProgmanInternet Explorer_ServerGetNativeSystemInfo360DesktopSwitch64.exe360DesktopSwitch.exe"%s" %s360Desktop\ExecuteProFile.tmpfilepathexecuteparamsh
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C873000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Anametext360Desktop\Xml\Tools\DesktopToolAppCenterData.dllCreateAppCenterIPCMgrC:...HibernateEnabledSYSTEM\CurrentControlSet\Control\PowerHeuristicsSYSTEM\CurrentControlSet\Control\Session Manager\Powerpowercfg.exe-h on-h off"%s" %s?dir?RES.exe.ICO.imeProgmanWorkerWHARDWARE\DESCRIPTION\System\CentralProcessor\0~MHzAMD4
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: A..\C:/.dllProgmanWorkerWSeDebugPrivilegeListBkListSelBkDropBtnITEMcmdIdselectedImagesrcColorvalueBG_blockBG_imgBtn_blockBtn_imgBtn_heightTabBtnmsctls_hotkey32t
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BA37000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Fidinfoexec..params.lnk..\AppSCProc.iniExplorerRunFilesWorkerWSHELLDLL_DefViewFolderViewSysListView32ProgmanInternet Explorer_ServerGetNativeSystemInfokernel32.dll360DesktopSwitch64.exe360DesktopSwitch.exe"%s" %s360Desktop\ExecuteProFile.tmpfilepathexecute=at /t %s /w %scid /C %sins /d "%s"acc /id %spa /p %sopent\config.iniimagetextmidJumpToLoginUrl("%s");__login__logout@*Wp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WorkerWProgmanSHELLDLL_DefViewFolderViewSysListView32skin\images\topbar%s %s360Desktop.exe/fromtopbar /entertainment/fromtopbar /fence360DesktopFullScreenWndClassPathSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360wpapp.exe\360wpsrv.exe\360wpapp.exeStartByDesktop StartFrom=4360WallPaperCtrlCls/pid=360zhuomian..\360yunpan\360WangPan.exe360AppCore.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Safe.exeSoftMgr\360AppCore.exe360desktop_appcore"%s"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Desktop.exe\Bin\AppCenterData.dllCreateAppCenterIPCMgr/fromtopbar /opensetting/fromtopbar /checkupdateURL="%s"explorer.exe\..\360Desktop.exe%d.%d.%d.%d/fromtopbar %s360Lhb
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AWorkerWProgman360DesktopFullScreenWndClass360DirectUICls360DirectUICls_SwitchBarSOFTWARE\360Desktop\safemon360Preview840F77CA-2872-4366-B665-ED3F37205588GetMiniUIMiniUI.dllCreate360FireWareStateFunction2GetFireWallStateCreate360FireWareStateFunctionGet360ProductHistoryManagerGet360CommonInstance360Common.dll
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndSV
Source: explorer.exe, 00000018.00000002.2259478320.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256289073.00000000044D0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: 360TopBar.exe, explorer.exe, 00000018.00000000.2195306682.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2251608857.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2195779388.0000000001091000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunCONOUT$SunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecDllRegisterServer360DesktopFullScreenWndClassWorkerWProgmanparam.iniparaminfo/sharewallpaperSMWebProxydt.dll/i /s "%s"Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70425897-213B-4a9a-943B-2EEFB2124E35}\iexploreFlagsSoftware\Microsoft\Windows\CurrentVersion\Ext\Stats\{70425897-213B-4a9a-943B-2EEFB2124E35}\iexplore\AllowedDomainsSoftware\Microsoft\Windows\CurrentVersion\Ext\Stats\{70425897-213B-4a9a-943B-2EEFB2124E35}\iexplore\AllowedDomains\*Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70425897-213B-4a9a-943B-2EEFB2124E35}\360Notify\BinAppPath360seNotify.exeAppNamePolicySoftware\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70425897-213B-4a9a-943B-2EEFB2124E36}360Desktop.exeSoftware\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70425897-213B-4a9a-943B-2EEFB2124E37}RegSMWebProxy.exeShareWallPaper360DockBarCtrl360DesktopMainWndForMsgwait_for_fullscreen_show360
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunGetProcessWindowStationGetUserObjectInformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLLSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$TaskbarCreatedGetNativeSystemInfokernel32.dll360DesktopSwitch64.exe"%s" %sSHELLDLL_DefViewWorkerWProgman360DesktopFullScreenWndClass360DockBarCtrlFolderViewSysListView32Shell_TrayWndReBarWindow32StopInExplorerdtswitcher64.dlldtswitcher.dllStartInExplorer/desktopwnd=/unloaddtswitcherdtunloader64.dlldtunloader.dllUnLoadDtSwitchModule/undock/lockscreen/levelscreenSingle360DesktopSwitchMutex
Source: explorer.exe, 0000001A.00000003.2274913938.0000000004255000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2268532283.0000000004255000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2284366760.0000000004255000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndsOJ
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunGetProcessWindowStationGetUserObjectInformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLLSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$TaskbarCreatedGetNativeSystemInfokernel32.dllSHELLDLL_DefViewWorkerWProgman360DesktopFullScreenWndClass360DockBarCtrlFolderViewSysListView32Shell_TrayWndReBarWindow32StopInExplorerdtswitcher64.dlldtswitcher.dllStartInExplorer/desktopwnd=/unloaddtswitcherdtunloader64.dlldtunloader.dllUnLoadDtSwitchModule/undock/lockscreen/levelscreenSingle360DesktopSwitchMutexx
Source: 360TopBar.exe, 00000015.00000002.2316212434.000000006C76F000.00000002.00000001.01000000.0000001F.sdmp	Binary or memory string: tlWorkerWProgmanSHELLDLL_DefViewFolderViewSysListView32skin\images\topbar%s %s360Desktop.exe/fromtopbar /entertainment/fromtopbar /fence360DesktopFullScreenWndClassPathSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360wpapp.exe\360wpsrv.exe\360wpapp.exeStartByDesktop StartFrom=4360WallPaperCtrlCls/pid=360zhuomian..\360yunpan\360WangPan.exe360AppCore.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Safe.exeSoftMgr\360AppCore.exe360desktop_appcore"%s"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Desktop.exe\Bin\AppCenterData.dllCreateAppCenterIPCMgr/fromtopbar /opensetting/fromtopbar /checkupdateURL="%s"explorer.exe\..\360Desktop.exe%d.%d.%d.%d/fromtopbar %s360Lhb
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Aidinfoopenexec..params.lnk..\AppSCProc.iniExplorerRunFilesWorkerWSHELLDLL_DefViewFolderViewSysListView32ProgmanInternet Explorer_ServerGetNativeSystemInfokernel32.dll360DesktopSwitch64.exe360DesktopSwitch.exe"%s" %s360Desktop\ExecuteProFile.tmpfilepathexecute\|=at /t %s /w %scid /C %sins /d "%s"acc /id %spa /p %st\config.iniSoftMgr\360AppCore.exe360AppCore.exedtappcore.dll360desktop_appcore360dt_ipc_dwmem_name,
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %s\%u_%sNONeedCopySCNOForbidSCShell_TrayWndReBarWindow32360Desktop.exe Push SysListView Window success, %d %d %d %d
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QueryFullProcessImageNameWKernel32.dll.jfif.jpe.jpeg.jpghideSkintrayTipsDISPLAYWorkerWProgman360DirectUICls360DirectUICls_SwitchBarSHELLDLL_DefViewSysListView32FolderViewTipsLastActiveDaybActived360WallpaperMsgWndClass@360DesktopFullScreenWndClasstooltips_class32
Source: explorer.exe, 00000018.00000000.2195779388.0000000001091000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: {:g{21EC2020-3AEA-1069-A2DD-08002B30309D}{208D2C60-3AEA-1069-A2D7-08002B30309D}{450D8FBA-AD25-11D0-98A8-0800361B1103}{871C5380-42A0-1069-A2EA-08002B30309D}{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}{645FF040-5081-101B-9F08-00AA002F954E}{59031a47-3f72-44a7-89c5-5595fe6b30ee}{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}{20D04FE0-3AEA-1069-A2D8-08002B30309D}Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenuSoftware\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanelDefaultIconSoftware\Microsoft\Windows\CurrentVersion\Explorer\CLSID%s\%s\%sSoftware\Microsoft\Windows\CurrentVersion\ThemesSoftware\Microsoft\Windows\CurrentVersion\ThemeManagerProgram Manager
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ProgmanWorkerW360DTFence
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DA44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: GAIsProcessorFeaturePresentKERNEL321#QNAN1#INF1#IND1#SNAN\Fonts\msyh.ttfWorkerWProgmanSHELLDLL_DefView360DesktopFullScreenWndClass360DockBarCtrlFolderViewSysListView32Shell_TrayWndReBarWindow32_360DesktopSwitcherControlWnd_MsgOnly__360DesktopSwitcherControlWnd_MsgOnly_Wnd360DirectUICls_SwitchBar360DirectUICls360Desktop\ExecuteProFile.tmpfilepathexecuteparams
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D3C7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: popupmsgtypesubtypepopuppospopupcontentmsgflagitemidpubtimeapp_idcontent_htmlnotify_typeopen_urlico_urlbutton_textmsgflagrealtimeapp_msg_tips_enableapp_msg_tips_pos_xapp_msg_tips_pos_yWorkerWSHELLDLL_DefViewFolderViewSysListView32Progmandurl=360DesktopChildrenWndClass360DesktopModeWndClass360DesktopDisneyWndClass360DesktopFullScreenWndClasstaskmgr.exeexplorer.exeKernel32.dllQueryFullProcessImageNameW\\.\360SelfProtection360WebIdentify.dllGetWebIdentifyStatePath\netmon360DesktopNewFreshmanWndSingleClass{96FBB367-DA91-4583-B77E-51610A64F02C}true360AppCoreAppCore_IsGameModed
Source: explorer.exe, 00000018.00000002.2259478320.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2202592501.000000000936E000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd]1Q

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 10_2_00B6FBF0 cpuid

10_2_00B6FBF0

Contains functionality to query locales information (e.g. system language)

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	10_2_00B7D8D7
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,	10_2_00B828DE
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	10_2_00B7D83F
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,	10_2_00B7D07C
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,	10_2_00B82912
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	10_2_00B7D94B
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,	10_2_00B7D2D4
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	10_2_00B7CA0E
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	10_2_00B82A51
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	10_2_00B7DBDE
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	10_2_00B7DB1D
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,	10_2_00B754BB
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,	10_2_00B7DC81
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,	10_2_00B8443A
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,	10_2_00B7B425
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	10_2_00B7DC45
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,	10_2_00B7F730
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	10_2_00B73F26
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	10_2_00B7D728
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: GetLocaleInfoA,	16_2_0379C604
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,	19_2_00CBDE87
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,	19_2_6C91CCBF
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	19_2_6C91AEF5
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,	19_2_6C91A84C
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,	19_2_6C91AAA4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,	19_2_6C91EB2B
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	19_2_6C91A1DE
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	19_2_6C90E24A
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,	19_2_6C9103A4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	19_2_6C91B412
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,	19_2_6C91B44E
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	19_2_6C91B0A4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	19_2_6C91B00C
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,	19_2_6C91D1EC
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	19_2_6C91B118
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	19_2_6C91B2EA
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA,	19_2_6C91D220
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	19_2_6C91B3AB
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	19_2_6C91D35F
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: GetLocaleInfoA,	21_2_00574505
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: GetLocaleInfoA,	21_2_6C7666AA

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\switchtab_hover.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\switchtab_press.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\switchtab.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\tab_select.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\focus_rect.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\topbar_shutdown_button.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\topbar_wallpaper_button.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\topbar_fence_button.png VolumeInformation

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 10_2_00B7C676 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

10_2_00B7C676

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe

Code function: 16_2_00405A65 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

16_2_00405A65

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: reanimator.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\avgtray.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\kasmain.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: spideragent.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: http://down.360safe.com/setup.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: 360TopBar.exe	Binary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgui.exe
Source: 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2154054897.0000000003581000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2273591960.0000000001244000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000003.2254540511.0000000001384000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Y\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 123.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bdagent.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\avgui.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DFA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: >`SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe	Binary or memory string: 360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wireshark.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: zlclient.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\wireshark.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kasmain.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: fsb.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Unhackme.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: spf.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgtray.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Desktop.exe%d.%d.%d.%d\5SoftMgr\SoftManager.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bin\ClamWin.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ClamWin.exe

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	3 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	3 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	1 Data Encrypted for Impact	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	2 Command and Scripting Interpreter	2 DLL Search Order Hijacking	2 DLL Search Order Hijacking	2 Obfuscated Files or Information	LSASS Memory	5 File and Directory Discovery	Remote Desktop Protocol	1 Screen Capture	Exfiltration Over Bluetooth	2 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	1 System Shutdown/Reboot	Domains	Credentials
Domain Accounts	At	1 Registry Run Keys / Startup Folder	22 Process Injection	1 DLL Side-Loading	Security Account Manager	45 System Information Discovery	SMB/Windows Admin Shares	1 Clipboard Data	Automated Exfiltration	3 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	1 Bootkit	1 Registry Run Keys / Startup Folder	2 DLL Search Order Hijacking	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	Traffic Duplication	13 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Masquerading	LSA Secrets	371 Security Software Discovery	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	14 Virtualization/Sandbox Evasion	Cached Domain Credentials	14 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Process Injection	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Regsvr32	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Bootkit	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	4%	ReversingLabs
SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	1%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)	1%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\360Ver.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\360dtpreview.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\360dtpreview.exe (copy)	3%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\360net.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\360net.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\360verify.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\360verify.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\7z.dll	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\7z.dll	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360Apns.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360Apns.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360AppCenter.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360AppCenter.exe (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360DTFence.dll (copy)	2%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360DTFence.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360DTNotify.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360DTNotify.exe (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360DTSwitchBar.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360Desktop.exe (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopAssistant.dll (copy)	2%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopAssistant.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch.exe (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe (copy)	3%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe (copy)	1%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopUi.dll (copy)	2%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360DesktopUi.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\360\360Desktop\Bin\360FeedBack.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\Bin\360FeedBack.exe (copy)	1%	Virustotal	Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
res.qhupdate.com	0%	Virustotal	Browse
static.apc.360.cn.lxdns.com	0%	Virustotal	Browse
wallpaper.apc.360.cn.wscdns.com	0%	Virustotal	Browse
p1.qhimg.com	0%	Virustotal	Browse
p8.qhimg.com	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://powerpoint.office.comer	0%	URL Reputation	safe
http://www.indyproject.org/	0%	URL Reputation	safe
http://%s/api.php?	0%	Avira URL Cloud	safe
http://127.0.0.1/%sfilename=resourcesfilesmetalink:/	0%	Avira URL Cloud	safe
http://res.qhupdate.com/wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini%d.%dB:A:downloadpat	0%	Avira URL Cloud	safe
http://w.qhimg.com/images/v2/webapp/class/20110519/tupian.png	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/friendships/show.xml	0%	Avira URL Cloud	safe
http://p17.qhimg.com/t01786e375a7830d753.png	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/	0%	Avira URL Cloud	safe
http://w.qhimg.com/images/v2/webapp/class/20110519/tupian.png	0%	Virustotal		Browse
http://www.meilishuo.com/users/register	0%	Avira URL Cloud	safe
http://%s/intf.php?	0%	Avira URL Cloud	safe
http://127.0.0.1/%sfilename=resourcesfilesmetalink:/	0%	Virustotal		Browse
http://login.sina.com.cn/member/getpwd/getpwd0.php?entry=ssoS	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/	0%	Virustotal		Browse
http://p17.qhimg.com/t01786e375a7830d753.png	0%	Virustotal		Browse
http://api.t.sina.com.cn/friendships/create/%s.json?source=%s	0%	Avira URL Cloud	safe
http://www.meilishuo.com/users/register	0%	Virustotal		Browse
http://api.t.sina.com.cn/friendships/create.xml	0%	Avira URL Cloud	safe
http://desk.score.svc.1360.com/get?qid=%s&sign=%sLoginBallShowCountLoginGuideShowLLoginGuideShowHGui	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/friendships/create/%s.json?source=%s	0%	Virustotal		Browse
http://www.ifeng.com&fromweb=other&AutoPlay=false	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/account/verify_credentials.xml?source=U	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/friendships/create.xml	0%	Virustotal		Browse
http://w.qhimg.com/images/v2/webapp/class/20110519/shipin.png	0%	Avira URL Cloud	safe
http://zhifu.openapi.360.cnMode	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/friendships/show.xml	0%	Virustotal		Browse
http://api.t.sina.com.cn/statuses/update.xml	0%	Avira URL Cloud	safe
http://www.360.cn;color=rgb(60	0%	Avira URL Cloud	safe
http://w.qhimg.com/images/v2/webapp/class/20110519/shipin.png	0%	Virustotal		Browse
http://api.t.sina.com.cn/statuses/update.xml	0%	Virustotal		Browse
http://api.t.sina.com.cn/account/verify_credentials.xml?source=U	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d2aydouiit1aqm.cloudfront.net	18.160.172.19	true	false		high
res.qhupdate.com	1.192.137.108	true	false	0%, Virustotal, Browse	unknown
static.apc.360.cn.lxdns.com	138.113.29.74	true	false	0%, Virustotal, Browse	unknown
wallpaper.apc.360.cn.wscdns.com	138.113.29.74	true	false	0%, Virustotal, Browse	unknown
s.360.cn	171.13.14.66	true	false		high
stat.apc.360safe.com	unknown	unknown	false		high
p1.qhimg.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
static.apc.360.cn	unknown	unknown	false		high
p8.qhimg.com	unknown	unknown	false	1%, Virustotal, Browse	unknown
stat.apc.360.cn	unknown	unknown	false		high
relate.apc.360.cn	unknown	unknown	false		high
wallpaper.apc.360.cn	unknown	unknown	false		high
api.msn.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32713&r3=1280x1024	false	high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=10047	false	high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://powerpoint.office.comer	explorer.exe, 00000018.00000002.2266357108.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tp3.sinaimg.cn/1751401422/50/5611920854/1	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/bizhi/s.html?action=wpinst&from=1&appver=2.1.0.1026&pid=zhuomian&m=	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/msg.html?type=open&action=runmsg&from=full&detail=run&open_msgbox360ID	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/58/mb_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://static.apc.360.cn/cms/wallpaper_feedback.htmlloopwallpaper.xml&r1=1&action=bizhiEntrance&from	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false		high
http://static.apc.360.cn/cms/theme/index.htmlMusicIEFrame7	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.ioage.com/web/frame_naverror.html	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/60/horse2_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://w.qhimg.com/images/v2/webapp/class/20110519/tupian.png	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000018.00000000.2202592501.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://connect.360.cn/index.php?U	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wan.360.cn/bbs.htmlgame.360.cn&name=http://wan.360.cn/bbs/second.html?g=%shttp://wan.360.cnn	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pstat.p.360.cn/uplog.php0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D4ED000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2119564309.0000000003581000.00000004.00000020.00020000.00000000.sdmp	false		high
http://127.0.0.1/%sfilename=resourcesfilesmetalink:/	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://weibo.com	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.indyproject.org/	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://%s/api.php?	flashApp.exe	false	Avira URL Cloud: safe	low
http://api.t.sina.com.cn/friendships/show.xml	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/0c/ws_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://res.qhupdate.com/wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini%d.%dB:A:downloadpat	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1874170082.0000000003EF8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://p17.qhimg.com/t01786e375a7830d753.png	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://api.t.sina.com.cn/	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://stat.apc.360.cn/stat.html?type=new&action=fencecalendarstate&from=2&fangshi=1	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bbs.360.cn/5473920.htmlCPictureGridPicker::ScrollTo:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=new&action=fencecalendarstate&from=2&fangshi=2	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D18C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://dapp.wan.360.cn/360desk/mhxx?scrol=no&height=&r=1328833800D	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D683000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/8b/sleepy.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/33/camera_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d9/ye_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=1000&uid=1&pid=	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.weibo.com/2/friendships/show.json	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://static.apc.360.cn/cms/mini/investment.html	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=open&action=bengkuilesorry&deskbanben=%s&deakbanhao=%s&t=%dMoz	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/bizhi/s.html?action=bizhibox&from=2	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.ioage.com/hl/cn/rendermode.htm	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.360.cn/images/webapp/logo1223/menuyouxi.png	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://android.notify.windows.com/iOSd	explorer.exe, 00000018.00000002.2266357108.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000000.2208854440.000000000BC80000.00000004.00000001.00020000.00000000.sdmp	false		high
http://my.360.com	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://client.apc.360.cn/cms/360dtconf.inid	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/dt/s.htm?pid=%s&fun=%s&act=%d&res=%d&mid=%s&ver=%s&r1=%d&r2=%d	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.meilishuo.com/users/register	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D8A9000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://%s/intf.php?	flashApp.exe	false	Avira URL Cloud: safe	low
http://seapp.stat.360safe.com/ver.html?name=%s&p=%s&mid=%s&fa=%s&fb=%s&fc=%sU	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://login.sina.com.cn/member/getpwd/getpwd0.php?entry=ssoS	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://spreadsheets.google.com/http://spreadsheets.google.com/https://docs.google.com/http://docs.g	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.t.sina.com.cn/friendships/create/%s.json?source=%s	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D27E000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000013.00000002.2142167391.000000006C942000.00000002.00000001.01000000.00000016.sdmp, flashApp.exe, 00000013.00000003.2135145181.0000000002620000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.360.cn/ucenter/faq.html	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D5B1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://intf.zsall.mobilem.360.cn/zsintf/getDownloadUrl?soft_ids=%s&market_id=&appver=%s&uid=%s&pid=%	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/xiaoguanjia/xgj.html%s?action=shutdown&from=%d&appver=	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bbs.ioage.com/cn/forum-33-1.html	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/1b/m_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7e/hei_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.t.sina.com.cn/friendships/create.xml	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=08bcc5cf9e3fc589107741a5e999ecfa&ve	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2273079673.0000000003E94000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=new&action=SetAppwallpaper&from=1&fangshi=&appid=&r1=&r2=&r3=&	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	false		high
http://desk.score.svc.1360.com/get?qid=%s&sign=%sLoginBallShowCountLoginGuideShowLLoginGuideShowHGui	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.theworld.cn/client/syncfavsorder.db%s	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://static.apc.360.cn/cms/video/shipinhezi1.html%s	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/f3/k_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/bizhi/s.html?action=bizhiset&from=0&appver=2.1.0.1026&pid=zhuomian&m=	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false		high
http://swf.baoku.360.cn/zhuomian/player/v2/douban.zip	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007039000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.winimage.com/zLibDll-1.2.3rbr	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wallpaper.apc.360.cn	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002A04000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c7/no_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bizhi.360.cn/#360	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.t.sina.com.cn/account/verify_credentials.xml?source=U	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.ifeng.com&fromweb=other&AutoPlay=false	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://w.qhimg.com/images/v2/webapp/class/20110519/shipin.png	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A23000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007908000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1891511089.0000000007A1F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000002.2191935787.0000000002717000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://relate.apc.360.cn/index.php?c=Relate&a=getRelateCate&mid=&count=16&show=1&version=catecidrela	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 0000000A.00000002.2081373618.0000000000B88000.00000002.00000001.01000000.0000000A.sdmp, 360TopbarASS.exe, 0000000A.00000000.2072888648.0000000000B88000.00000002.00000001.01000000.0000000A.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=open&action=anzhuangyunxing&from=%d&appver=%s&packagever=%s&ui	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621846133.0000000000C5B000.00000002.00000001.01000000.00000003.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA	explorer.exe, 00000018.00000000.2198948294.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2256560379.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000003.2275784860.000000000429F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000002.2348494840.000000000429F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://cdn.apc.360.cn/index.php?c=GameBox&a=detailV2&appid=%dyingyongdianjihttp://stat.apc.360safe.c	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	false		high
http://zhuomian.360.cn/ver2.0	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D0CD000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe	false		high
https://api.weibo.com/2/statuses/upload.json	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.360.cn	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B82E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D81A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DE4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E29D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CA28000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2137479601.000000000326A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D786000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DB2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CAEA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2055027527.00000000077FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C1DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628181945.0000000004190000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000E11C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD43000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.1628668213.00000000046A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DD89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000D9CC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DEF1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://weibo.com/%d/fans	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=new&action=msgremind&from=%d&appid=%s&http://stat.apc.360.cn/s	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6a/cake.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsByCategory&cid=%s&start=%d&count=%dhttp:/	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false		high
http://zhifu.openapi.360.cnMode	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.baidu.com/baidu?word=%us&tn=ichuner_4_pg&ie=utf-8:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://down.360safe.com/setup.exe	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/msg.html?type=open&action=zhucechenggong&360DesktopRegisterVerifyCodeDlg	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B401000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/bc/otm_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d3/clock_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://swf.baoku.360.cn/gamebox/sorryjump.htmI360AppCenterDataClientTypeTabVisible	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000B931000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c2/tooth.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.t.sina.com.cn/statuses/update.xml	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7d/sleep_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000C41E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bizhi.360.cn/uploadwallpaper.html360	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.0000000002700000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pstat.p.360.cn/uplog.phpinfo0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000BBFF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeH	360wpappInstaller_zhuomian.exe, 00000011.00000002.2153042470.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000015.00000003.2270017193.0000000003C41000.00000004.00000020.00020000.00000000.sdmp	false		high
http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeN	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DC48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.1621866746.0000000000C77000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000DDF4000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2139079044.0000000003581000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 00000010.00000003.2136893687.000000000052B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=08bcc5cf9e3fc589107741a5e999ecfa&ve	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2224032969.0000000003E7D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2160058813.0000000003265000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.360.cn;color=rgb(60	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2049058349.000000000CD6F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
101.198.2.147	unknown	China	55992	QIHOOBeijingQihuTechnologyCompanyLimitedCN	false
1.192.137.108	res.qhupdate.com	China	137687	CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePR	false
171.8.167.89	unknown	China	137687	CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePR	false
18.161.170.106	unknown	United States	3	MIT-GATEWAYSUS	false
171.13.14.66	s.360.cn	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
138.113.29.74	static.apc.360.cn.lxdns.com	United States	776	FR-INRIA-SOPHIAINRIASophia-AntipolisEU	false
18.160.172.19	d2aydouiit1aqm.cloudfront.net	United States	3	MIT-GATEWAYSUS	false

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1367834
Start date and time:	2023-12-29 00:18:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
Detection:	MAL
Classification:	mal51.evad.winEXE@36/924@30/7
EGA Information:	Successful, ratio: 71.4%
HCA Information:	Successful, ratio: 99% Number of executed functions: 162 Number of non-executed functions: 278
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, conhost.exe, svchost.exe, StartMenuExperienceHost.exe
Excluded IPs from analysis (whitelisted): 204.79.197.203, 23.198.7.175, 23.198.7.177, 23.198.7.166, 23.198.7.171, 23.198.7.174, 23.198.7.167, 23.198.7.168, 23.198.7.179, 23.198.7.176
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, a-0003.a-msedge.net, ctldl.windowsupdate.com, crl.usertrust.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, r.bing.com, api-msn-com.a-0003.a-msedge.net
Execution Graph export aborted for target SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, PID 6116 because there are no executed function
Execution Graph export aborted for target regsvr32.exe, PID 1004 because there are no executed function
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
00:20:41	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 360Desktop "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun
00:20:49	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 360Desktop "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun
00:20:57	API Interceptor	3x Sleep call for process: 360TopBar.exe modified
00:20:57	API Interceptor	319x Sleep call for process: explorer.exe modified
00:20:58	API Interceptor	5x Sleep call for process: 360wpsrv.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
101.198.2.147	http://china.cn	Get hash	malicious	Unknown	Browse
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse
	7YyaK2cB1s.apk	Get hash	malicious	Unknown	Browse
1.192.137.108	S38G0o4jF9.exe	Get hash	malicious	Unknown	Browse	res.qhsetup.com/drv/inst.htm?type=0&in=1&o=6.2.9200&p=64&i=1547068426&g=0&m=b8a4400180ee20f44982cb4d73d6fcd7&ver=&dm=1
171.8.167.89	http://www.gourmethousemacau.com/	Get hash	malicious	Unknown	Browse	s.360.cn/so/zz.gif?url=http%3A%2F%2Fwww.gourmethousemacau.com%2FIndex.asp&sid=d182b3f28525f2db83acfaaf6e696dba&token=dp1s8a2.bx3efd2n8I5/2m5ofc2.duba
171.8.167.89	instbeta.exe	Get hash	malicious		Browse	s.360.cn/safe/instcomp.htm?soft=1000&status=10&m=4d3b36ce8a9789208f0edb9ce5b72107&from=safebeta_new&vv=10&ver=12.0.0.1061
171.13.14.66	Inst7__9510085.exe	Get hash	malicious	Unknown	Browse
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse
	7YyaK2cB1s.apk	Get hash	malicious	Unknown	Browse
	A1FsbRkm5m.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
res.qhupdate.com	S38G0o4jF9.exe	Get hash	malicious	Unknown	Browse	1.192.137.108
d2aydouiit1aqm.cloudfront.net	http://www.estevescaricaturas.com/	Get hash	malicious	Unknown	Browse	13.224.103.104
d2aydouiit1aqm.cloudfront.net	S38G0o4jF9.exe	Get hash	malicious	Unknown	Browse	13.224.89.158
s.360.cn	_____NCM______2_10042231.exe	Get hash	malicious	Unknown	Browse	180.163.251.230
	_____NCM______2_10042231.exe	Get hash	malicious	Unknown	Browse	180.163.251.230
	http://www.gourmethousemacau.com/	Get hash	malicious	Unknown	Browse	171.8.167.89
	http://china.cn	Get hash	malicious	Unknown	Browse	101.198.2.147
	Inst7__9510085.exe	Get hash	malicious	Unknown	Browse	180.163.251.231
	A1FsbRkm5m.exe	Get hash	malicious	Unknown	Browse	171.8.167.89
	http://www.360.cn/download/	Get hash	malicious	Unknown	Browse	171.8.167.89
	S38G0o4jF9.exe	Get hash	malicious	Unknown	Browse	171.8.167.89
	https://dl.pconline.com.cn/download/467865.html	Get hash	malicious	Unknown	Browse	171.8.167.89
	instbeta.exe	Get hash	malicious		Browse	171.8.167.89

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
QIHOOBeijingQihuTechnologyCompanyLimitedCN	https://www.az-partners.net/apps/driver-hub/download?ap=28	Get hash	malicious	Unknown	Browse	104.192.108.17
	https://dbrg.wxsckjz.cn/sem/childbd/f17.html?TFT=8&sfrom=206&DTS=1&keyID=0851&bd_vid=11240621751133777397	Get hash	malicious	Unknown	Browse	104.192.110.245
	eOIFF58KfU.elf	Get hash	malicious	Unknown	Browse	101.197.85.238
	scorp.arm.elf	Get hash	malicious	Mirai	Browse	101.199.91.135
	SecuriteInfo.com.Win32.Trojan.Kryptik.HK@susp.11565.26013.exe	Get hash	malicious	Unknown	Browse	104.192.110.226
	7DmcSNdUVT.exe	Get hash	malicious	AsyncRAT, Fabookie, Glupteba, RedLine, SmokeLoader, onlyLogger	Browse	104.192.108.21
	file.exe	Get hash	malicious	AsyncRAT, Babuk, Clipboard Hijacker, Djvu, Fabookie, Glupteba, SmokeLoader	Browse	104.192.108.20
	file.exe	Get hash	malicious	AsyncRAT, Fabookie	Browse	104.192.108.20
	file.exe	Get hash	malicious	Babuk, Djvu, Fabookie, Glupteba, SmokeLoader	Browse	104.192.108.20
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, CryptOne, Djvu, Fabookie, Glupteba, RedLine	Browse	104.192.108.21
	p7b3Lz57YC.exe	Get hash	malicious	Babuk, Clipboard Hijacker, CryptOne, Djvu, Fabookie, Glupteba, RedLine	Browse	104.192.108.17
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Fabookie, Glupteba, SmokeLoader, onlyLogger	Browse	104.192.108.17
	https://www.so.com/link?m=bHHIH9gHiWMt7CT52Mk%2FHVbpA4Q7HLpfa%2Fe58lRjM9C9UVI%2BR7UmsSaIs1wIDRUJSJpxHEWC1%2BYp0sKM%2Fqs2t2rWnaBABhH9Okw2hj0SG5Er8qYCL76sO1Txz1%2BBPXh5CUJd9No6kEqqeY436	Get hash	malicious	Unknown	Browse	104.192.110.226
	9gbFT1d2ha.elf	Get hash	malicious	Mirai	Browse	101.199.91.165
	mi2xF8aaxo.elf	Get hash	malicious	Mirai	Browse	101.198.225.136
	_____NCM______2_10042231.exe	Get hash	malicious	Unknown	Browse	104.192.108.19
	_____NCM______2_10042231.exe	Get hash	malicious	Unknown	Browse	104.192.108.20
	driver-hub-install__28.exe	Get hash	malicious	Unknown	Browse	104.192.108.20
	driver-hub-install__28.exe	Get hash	malicious	Unknown	Browse	104.192.108.20
	WwFUN1uab0.elf	Get hash	malicious	Mirai	Browse	101.199.91.125
CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePR	https://dbrg.wxsckjz.cn/sem/childbd/f17.html?TFT=8&sfrom=206&DTS=1&keyID=0851&bd_vid=11240621751133777397	Get hash	malicious	Unknown	Browse	1.194.250.6
	http://www.baidu.com	Get hash	malicious	Unknown	Browse	36.99.50.48
	kpYawcK42x.elf	Get hash	malicious	Mirai	Browse	1.192.193.56
	07diuwMEw4.elf	Get hash	malicious	Mirai, Moobot	Browse	1.192.193.72
	3nvoeHhdPc.elf	Get hash	malicious	Unknown	Browse	1.192.193.74
	arm7.elf	Get hash	malicious	Mirai	Browse	1.192.193.43
	o8YVsZ3s65.elf	Get hash	malicious	Mirai, Moobot	Browse	36.99.213.123
	http://www.gourmethousemacau.com/	Get hash	malicious	Unknown	Browse	171.8.167.89
	omMuSCiQba.elf	Get hash	malicious	Mirai	Browse	1.192.193.56
	MFHHpyEYrt.elf	Get hash	malicious	Mirai	Browse	1.192.193.73
	6bpg019kR3.exe	Get hash	malicious	Unknown	Browse	36.99.50.35
	360#U6d4b#U901f.exe	Get hash	malicious	Unknown	Browse	1.192.136.170
	f_005f4d.exe	Get hash	malicious	Unknown	Browse	36.99.225.35
	SecuriteInfo.com.Linux.Siggen.9999.1427.20017.elf	Get hash	malicious	Mirai	Browse	1.192.193.52
	DRL8J3CIbk.elf	Get hash	malicious	Mirai	Browse	36.99.143.184
	bJhVWLP5lU.elf	Get hash	malicious	Unknown	Browse	1.192.193.62
	skid.mpsl-20220815-1818	Get hash	malicious	Moobot	Browse	36.99.195.71
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse	171.8.167.68
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse	171.8.167.89
	arm-20220709-0050	Get hash	malicious	Mirai, Moobot	Browse	1.192.193.73
CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePR	https://dbrg.wxsckjz.cn/sem/childbd/f17.html?TFT=8&sfrom=206&DTS=1&keyID=0851&bd_vid=11240621751133777397	Get hash	malicious	Unknown	Browse	1.194.250.6
	http://www.baidu.com	Get hash	malicious	Unknown	Browse	36.99.50.48
	kpYawcK42x.elf	Get hash	malicious	Mirai	Browse	1.192.193.56
	07diuwMEw4.elf	Get hash	malicious	Mirai, Moobot	Browse	1.192.193.72
	3nvoeHhdPc.elf	Get hash	malicious	Unknown	Browse	1.192.193.74
	arm7.elf	Get hash	malicious	Mirai	Browse	1.192.193.43
	o8YVsZ3s65.elf	Get hash	malicious	Mirai, Moobot	Browse	36.99.213.123
	http://www.gourmethousemacau.com/	Get hash	malicious	Unknown	Browse	171.8.167.89
	omMuSCiQba.elf	Get hash	malicious	Mirai	Browse	1.192.193.56
	MFHHpyEYrt.elf	Get hash	malicious	Mirai	Browse	1.192.193.73
	6bpg019kR3.exe	Get hash	malicious	Unknown	Browse	36.99.50.35
	360#U6d4b#U901f.exe	Get hash	malicious	Unknown	Browse	1.192.136.170
	f_005f4d.exe	Get hash	malicious	Unknown	Browse	36.99.225.35
	SecuriteInfo.com.Linux.Siggen.9999.1427.20017.elf	Get hash	malicious	Mirai	Browse	1.192.193.52
	DRL8J3CIbk.elf	Get hash	malicious	Mirai	Browse	36.99.143.184
	bJhVWLP5lU.elf	Get hash	malicious	Unknown	Browse	1.192.193.62
	skid.mpsl-20220815-1818	Get hash	malicious	Moobot	Browse	36.99.195.71
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse	171.8.167.68
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse	171.8.167.89
	arm-20220709-0050	Get hash	malicious	Mirai, Moobot	Browse	1.192.193.73

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)	360#U6d4b#U901f.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	271968
Entropy (8bit):	2.7198331920728727
Encrypted:	false
SSDEEP:	1536:xVepfNLvvRB47p+UMXDcOKXYumQN+o5kJAIcPXXvHsnRAvwwCaq:xVahBoMzcOnZ3e0AIcf0nRA9q
MD5:	20E69F7B55EA4F7A48736A19389BD2F9
SHA1:	B104DD43F009AF3AB490C79CA3FCD5BDB7585965
SHA-256:	6C608C5C17969CBFBD43051E860BBA4B9AEDDEDFE57A7310DA37024BA688CBBD
SHA-512:	36627BD215C2AFFD4DEC5E3FFAD5CFB7B44AE7FB2FBA4C582867AB248F88FFD50D1537CA86810CA107CF2A672E8016BF34B71C35EBD396C6A2C48AE66FFDABE1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N...............q.......T.......<.......e.......e..............<.......e...................................<.......................Rich............PE..L...9..N...........!.........0......'........................................0..........................................=...H...........................`...............................................................t............................text...b........................... ..`.rdata........... ..................@..@.data....;... ... ... ..............@...history......`.......@..............@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.398021602915379
Encrypted:	false
SSDEEP:	384:Y/UFxCmfvfbaujA2Eon5ERJ0UsFJzuiFlY4lO8k:Yix7vfbaujMo5+JlsrzuiFlY4lO8
MD5:	07E14445383AD70AE7F4FEAF7D1A6675
SHA1:	D3CD45DFEC7675CC56EC14C16BC788D7D59B6F07
SHA-256:	7CCC528B31759537D28540C1DD4A31B6135047C84AE013A11DEC6EC4C5A82A22
SHA-512:	80A88B2E868728AB25846C65188DDC2980AFBC73191A37EC9578F360EF07890CD9EAEFA4094F0F70C9F3A9EB88B2E660D87B8563D0C3EBED8A5BFC98BE26F831
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.8.2.7.9.2.5.5.2.4.9.8.2.6.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.F.l.a.g.s.=.5.2.4.2.8.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.1.6.8.f.7.1.8.-.0.5.9.d.-.4.5.1.5.-.b.6.6.f.-.5.6.4.4.1.6.6.9.0.8.0.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.6.d.e.2.2.9.e.-.1.a.8.6.-.4.f.c.6.-.a.f.b.e.-.2.7.e.e.f.c.f.a.7.3.3.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.E.x.p.l.o.r.e.r...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.X.P.L.O.R.E.R...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.f.4.-.0.0.0.1.-.0.0.1.4.-.d.c.2.e.-.8.7.0.3.d.5.3.9.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.9.0.b.0.8.0.e.0.6.5.5.7.2.0.c.a.d.8.c.1.c.a.e.4.b.8.1.9.3.c.9.3.8.2.c.9.a.c.9.2.!.e.x.p.l.o.r.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.0.2././.1.2././.2.1.:.2.0.:.5.

Process:	C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	724600
Entropy (8bit):	6.515371619339392
Encrypted:	false
SSDEEP:	12288:xnFslNsHuR4pg6uEBj/jRK5nYg2DNfMC+zFXTX94/wo9Tm5KO1f:5FslNsO6yft2JfMjzFXTt4V9To1f
MD5:	640F33B0059ED6EB89AA5133263846D3
SHA1:	F1BC1491BBF6DAEC1FB2B1AA3437BBA4C3D3D0BA
SHA-256:	677C9F6A9DF66F0F086931AD46B28B4C94BFF7A28960B8E9970B84801D633AD8
SHA-512:	14E3A419C0A75B3780903889A0D4921AB7487ECF53272C10042DB4D211D15C226A10CF8C25AA23E143EBFE77C15A7A9D6FAE3BD2F4EAA5A701295A8AA6405313
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^i..^i..^i..y..._i..v..Vi..@;..[i...&..[i..W...~i..y...Ci..^i..i..W....i..W...*i..W..._i..@;.._i..W..._i..Rich^i..........PE..L......P...........!.....v..........<Y..............................................-.....@.........................pX.......D..,....0..................x....@...S..`................................................................................text...,t.......v.................. ..`.rdata..B............z..............@..@.data...@....`...:...F..............@....rsrc........0......................@..@.reloc...q...@...r..................@..B........................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	111744
Entropy (8bit):	4.018161304500342
Encrypted:	false
SSDEEP:	768:blUHkoG653Wljk0Vs0OQ684wNmLyIujyHH0PO2kVR1vND3xFJmyyp13ceGhtibGa:mko5l0OQ6J1htibGCn+GFTKneAvFa
MD5:	2DB30F0696AE8A1CA7B22AF378B8513F
SHA1:	719E675EEF50FDBD245C0519DBECDCE213BFC1F5
SHA-256:	2F7571D4045F96FC6D7DC5973B9ED65D2F112319C9534F13B0B7DFBB7284AC5E
SHA-512:	8749715E7242733CB3B5563187CD7A4D892BA231A736FB04D06979E5492EEBD0074F59E15C83E4918C67E51164B76BA4ED70C37596E5FC946120C176C7FDAFB8
Malicious:	false
Preview:	....h... ...............P...............[...x...a..........h...........Y.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................h.u.b.e.r.t.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................

Process:	C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x1024, components 3
Category:	dropped
Size (bytes):	298959
Entropy (8bit):	7.990404767615786
Encrypted:	true
SSDEEP:	6144:xOZMD6KTkMgcRvQN8KKUiTS+3MiTDu5wTEx385uglA6Vk+n3xRv:MMDRHRvQNDKbTX3MiTDuWTLo6A6VhBRv
MD5:	8E5A267C732B09630F7BF0224D5C02C2
SHA1:	0392BECBBD7E79C99BF61986D533DAB35BC40757
SHA-256:	814784BF0A80F0F64A62161AB528E2822BB9263BBE03A001027C5EE3A8D3AAF3
SHA-512:	52D4821E23C82B7EC2C5F5F945848456AA0D51D3EFF02E35C79282C819CA32D63D0607823BA0D7841438CA642B7828E3AF7F6809B6C19E21B756DC2CCAE7A091
Malicious:	false
Preview:	......JFIF.....H.H.....C..............................................!........."$".$.......C............................................................................"................................................................................G.O'Y9f...-.:.e..r..&..N.jq9...Et.g..ii[...q.3Ye..KX.........Q..6.T.1..h.0;.7........I...9..2.........R...Fce.z....rJ....&Y.&...>.c.:....)B....=s)D...TU.ms..81@.......".....:DE.s.gy7.Z..(5....m5..e.n.T...1..lX..."......ws#...t..pM{..Yd..:u...'.:x'...$8......HKS./."\9..[1....0.'J..[.j..N......b..iUCM8...z.5..=...E.-.P..b.\..x..c..4^....^..,...h.6..i...4[.T.k#..ak..; ....$8..+\9.S-Me..{R)..9.@....uN...rt..A.q.{.d...eO=<.......s.....W.^.i....jM..Z..8Tu`:e..)....nE.'S=8.v...Z.&j.Lp.....=^..uOG@OG..X'.G^...Jq.....t.#..'.q.T..$..\...R........4..........,.P...cL.c......M0:.v..:.e.6s.L.45..~..tA....Q.d.ms.H..AdH....f.j.......u%.e..Y;u....!...x@b-#.*G..t]L:(+.....{R.k3JT...<+r.u(-2.d}..j^..^.M..3o...c...$

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.992113234589977
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
File size:	22'004'296 bytes
MD5:	aae3eedbdc1b1a99f7c2844f85352692
SHA1:	8025c689f73816e6c275e38002649d91244d6db2
SHA256:	2c1d65f58f07ad391492f0c0b1c335321f7b0d6e9f41218e04404e7b58692ddb
SHA512:	85572587d270bd81180ef6f71bd7ea67ef68e043d2938cf44821efa8f448141f821219fc5f9eef5896c92098e0cb1c49c2a094cf52dae5dc9bfdca0b69f67766
SSDEEP:	393216:MM29LTLRF5Aqahe8A6+M5JnOHz15dDaYqZJRPcVxkbnpIwpmXhd99lEuts:Mn9LBF5AiDzM5OzndDfwJRPUepfmxbot
TLSH:	E9273322BBCAC0BAEBD2233545A99B1F6975F6324B505DCBB3E50B5C4E216C06D36313
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7I.OV'.OV'.OV'.....KV'.F...SV'.Q...JV'.F....V'.F...\V'.h.J.KV'.h.\.hV'.OV&..W'.F....V'.Q...NV'.F...NV'.RichOV'................

Entrypoint:	0x469a9a
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x51947733 [Thu May 16 06:05:39 2013 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	404cf80e26b57b92c5197972a37704a5

Signature Valid:	true
Signature Issuer:	CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	11/03/2013 01:00:00 11/03/2016 00:59:59
Subject Chain	CN=Qihoo 360 Software (Beijing) Company Limited, OU=Tech. Dev. Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Qihoo 360 Software (Beijing) Company Limited, L=Beijing, S=Beijing, C=CN
Version:	3
Thumbprint MD5:	3CA61B8826F65521BFB360E9053FC4F7
Thumbprint SHA-1:	1E5BB77FCB63F26277F95AAE09B852699327A08A
Thumbprint SHA-256:	BF14AC18F94AB836E88591B971FA00AC7A690A22E1354016059FBC12351558C8
Serial:	51BD5D8E45B82A0210F17FE4C5233468

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa3e90	0x190	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xae000	0xec0a0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x14fa798	0x1ab0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x19b000	0x7444	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x8b6f0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x98270	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8b000	0x618	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8912c	0x89200	False	0.5042445305378305	data	6.57735167781926	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8b000	0x1b082	0x1b200	False	0.3235527073732719	data	4.5992220814652605	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa7000	0x69b8	0x3e00	False	0.248046875	data	4.123195216012852	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xae000	0xec0a0	0xec200	False	0.9657505211090525	data	7.960227616232132	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x19b000	0xa2b6	0xa400	False	0.5201505335365854	data	5.496479285816793	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
DLL	0xaebb0	0x5ff01	7-zip archive data, version 0.4	Chinese	China	1.0002468438343755
DLL	0x10eab4	0x341b3	Microsoft Cabinet archive data, Windows 2000/XP setup, 213427 bytes, 1 file, at 0x2c +A "7z.dll", number 1, 12 datablocks, 0x1 compression	Chinese	China	1.0003373518814396
LICENCE	0x142c68	0x1ad8	Unicode text, UTF-16, little-endian text, with CRLF line terminators	Chinese	China	0.539871944121071
OEMDATA	0x144740	0x56	7-zip archive data, version 0.3	Chinese	China	0.9069767441860465
SETUPCONFIG	0x144798	0x2f0a	7-zip archive data, version 0.4	Chinese	China	1.000913469523335
SETUPDATA	0x1476a4	0x18	data	Chinese	China	1.3333333333333333
SETUPPLUGIN	0x1476bc	0x10	data	Chinese	China	0.6875
SKIN	0x1476cc	0x254df	7-zip archive data, version 0.4	Chinese	China	1.0003664945451214
RT_ICON	0x16cbac	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Chinese	China	0.582089552238806
RT_ICON	0x16da54	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Chinese	China	0.730595667870036
RT_ICON	0x16e2fc	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Chinese	China	0.5541907514450867
RT_ICON	0x16e864	0xfda7	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9992145992145992
RT_ICON	0x17e60c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Chinese	China	0.5579875518672199
RT_ICON	0x180bb4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Chinese	China	0.5956848030018762
RT_ICON	0x181c5c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Chinese	China	0.7384751773049646
RT_ICON	0x1820c4	0x10a77	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9740966063182585
RT_ICON	0x192b3c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Chinese	China	0.4276970954356846
RT_ICON	0x1950e4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Chinese	China	0.4896810506566604
RT_ICON	0x19618c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Chinese	China	0.40691489361702127
RT_DIALOG	0x1965f4	0x2c	data	Chinese	China	0.8409090909090909
RT_DIALOG	0x196620	0x350	data	Chinese	China	0.5176886792452831
RT_DIALOG	0x196970	0xdc	data	Chinese	China	0.7227272727272728
RT_DIALOG	0x196a4c	0x1da	data	Chinese	China	0.5780590717299579
RT_DIALOG	0x196c28	0x1ac	data	Chinese	China	0.5677570093457944
RT_DIALOG	0x196dd4	0xde	data	Chinese	China	0.7117117117117117
RT_DIALOG	0x196eb4	0x1ce	data	Chinese	China	0.5735930735930735
RT_DIALOG	0x197084	0x412	data	Chinese	China	0.5239923224568138
RT_DIALOG	0x197498	0x6c	data	Chinese	China	0.75
RT_DIALOG	0x197504	0x152	data	Chinese	China	0.4940828402366864
RT_STRING	0x197658	0x2d8	data	Chinese	China	0.49175824175824173
RT_STRING	0x197930	0x49a	data	Chinese	China	0.6239388794567062
RT_STRING	0x197dcc	0x5a4	data	Chinese	China	0.5706371191135734
RT_STRING	0x198370	0x1aa	data	Chinese	China	0.755868544600939
RT_STRING	0x19851c	0x1d4	data	Chinese	China	0.7243589743589743
RT_STRING	0x1986f0	0x49c	data	Chinese	China	0.4872881355932203
RT_STRING	0x198b8c	0x294	data	Chinese	China	0.7090909090909091
RT_STRING	0x198e20	0x19a	data	Chinese	China	0.8512195121951219
RT_STRING	0x198fbc	0x17e	data	Chinese	China	0.6387434554973822
RT_STRING	0x19913c	0x86	data	Chinese	China	0.7985074626865671
RT_STRING	0x1991c4	0xf4	data	Chinese	China	0.6844262295081968
RT_STRING	0x1992b8	0x68	AmigaOS bitmap font "egSb \220\250`\352\201\361]\204v3", 60255 elements	Chinese	China	0.8076923076923077
RT_STRING	0x199320	0x24	data	Chinese	China	0.4444444444444444
RT_STRING	0x199344	0x56	data	Chinese	China	0.6627906976744186
RT_STRING	0x19939c	0x2c	data	Chinese	China	0.5454545454545454
RT_STRING	0x1993c8	0x128	data	Chinese	China	0.597972972972973
RT_STRING	0x1994f0	0x22	data	Chinese	China	0.38235294117647056
RT_ACCELERATOR	0x199514	0x70	data	Chinese	China	0.6785714285714286
RT_RCDATA	0x199584	0x80	OpenPGP Public Key	English	United States	1.0859375
RT_GROUP_ICON	0x199604	0x68	data	Chinese	China	0.6923076923076923
RT_GROUP_ICON	0x19966c	0x3e	Targa image data - Map 32 x 2679 x 1 +1	Chinese	China	0.8548387096774194
RT_VERSION	0x1996ac	0x5ac	data	Chinese	China	0.3409090909090909
RT_MANIFEST	0x199c58	0x448	ASCII text, with very long lines (612), with CRLF line terminators	English	United States	0.47354014598540145

DLL	Import
KERNEL32.dll	FindFirstFileW, FormatMessageW, CopyFileW, GetVolumeInformationW, OpenProcess, CompareFileTime, SetThreadPriority, GetCurrentThread, SetPriorityClass, GetEnvironmentVariableW, GetSystemInfo, InitializeCriticalSection, DeleteCriticalSection, GetLongPathNameW, lstrcmpiW, CreateMutexW, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceW, LoadLibraryExW, GetCommandLineW, QueryDosDeviceW, GetLogicalDriveStringsW, GetSystemDirectoryW, CreateProcessW, FindAtomW, GlobalAddAtomW, GetTickCount, QueryPerformanceCounter, QueryPerformanceFrequency, CreateFileA, GetTempPathA, GlobalUnlock, GlobalLock, GlobalAlloc, GetPrivateProfileStringW, CreateThread, TerminateProcess, FindResourceExW, GetDiskFreeSpaceExW, LockResource, GetFileTime, ReadProcessMemory, GetFileSizeEx, GetFullPathNameW, GetPrivateProfileIntW, FindClose, FindNextFileW, lstrcpyW, CreateToolhelp32Snapshot, LocalAlloc, LocalFree, GetTempFileNameW, GetFileAttributesW, LoadLibraryW, GetCurrentProcessId, CreateFileW, DeviceIoControl, GlobalFindAtomW, GetVersionExW, CreateDirectoryW, lstrcmpiA, Process32FirstW, WriteConsoleW, GetConsoleOutputCP, WritePrivateProfileStringW, GetDriveTypeA, GetCurrentDirectoryA, FlushFileBuffers, SetStdHandle, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetConsoleMode, GetConsoleCP, GetModuleHandleA, GetStartupInfoA, SetHandleCount, IsValidCodePage, GetOEMCP, GetModuleFileNameA, HeapCreate, GetCPInfo, LCMapStringW, LCMapStringA, GetStartupInfoW, ExitProcess, ExitThread, RtlUnwind, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, SystemTimeToFileTime, LocalFileTimeToFileTime, InitializeCriticalSectionAndSpinCount, GetACP, SetEnvironmentVariableW, TlsFree, TlsAlloc, Process32NextW, WriteFile, GetDriveTypeW, SetLastError, GetCurrentThreadId, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, lstrcatW, Sleep, GetLocalTime, GetModuleFileNameW, GetShortPathNameW, MoveFileW, MoveFileExW, DeleteFileW, GetProcAddress, FreeLibrary, SetFileAttributesW, RemoveDirectoryW, GetTempPathW, lstrlenA, OutputDebugStringW, DebugBreak, InterlockedIncrement, lstrlenW, InterlockedDecrement, WaitForSingleObject, CloseHandle, EnterCriticalSection, MulDiv, RaiseException, GetModuleHandleW, CreateEventW, SetEvent, GetLocaleInfoW, GetLastError, ResetEvent, LockFile, GetFileSize, OpenThread, TlsSetValue, TlsGetValue, ReleaseMutex, SetFilePointerEx, GetFileType, lstrcmpA, GetSystemTime, ReadFile, UnlockFile, CreateFileMappingW, GetSystemTimeAsFileTime, HeapSize, HeapReAlloc, HeapDestroy, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, GetStdHandle, SetEndOfFile, SetFileTime, GetFileAttributesExW, UnmapViewOfFile, SetFilePointer, WriteConsoleA, WideCharToMultiByte, MapViewOfFile, GetExitCodeProcess
USER32.dll	IsWindow, SendMessageW, CharNextW, CharUpperW, LoadStringW, PostMessageW, FindWindowW, SendMessageTimeoutW, wvsprintfW, EnableWindow, GetDlgItem, IsWindowEnabled, ShowWindow, SetDlgItemTextW, IsWindowVisible, EndDialog, GetWindowLongW, SetWindowTextW, EnumWindows, GetClassNameW, GetWindowThreadProcessId, EmptyClipboard, SetClipboardData, CloseClipboard, SetCursor, PtInRect, OpenClipboard, MessageBoxW, wsprintfW, WaitForInputIdle, DialogBoxParamW, OffsetRect, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, BringWindowToTop, RegisterClassExW, LoadCursorW, GetClassInfoExW, GetSystemMetrics, LoadImageW, IsIconic, PostQuitMessage, InflateRect, IsDialogMessageW, GetSystemMenu, EnableMenuItem, GetActiveWindow, CharLowerW, EndPaint, BeginPaint, CallWindowProcW, DefWindowProcW, CopyRect, KillTimer, SetTimer, CreateDialogParamW, GetWindowTextLengthW, MessageBeep, SetFocus, RedrawWindow, InvalidateRect, DestroyWindow, CreateWindowExW, FindWindowExW, GetWindowTextW, ReleaseDC, GetDC, SetWindowLongW, GetParent, GetWindow, GetWindowRect, ExitWindowsEx, UnregisterClassA, MonitorFromWindow, GetMonitorInfoW, MapWindowPoints, SetWindowPos, ScreenToClient, GetClientRect, MoveWindow
GDI32.dll	CreateCompatibleDC, DeleteDC, CreateCompatibleBitmap, DeleteObject, BitBlt, SetViewportOrgEx, SelectObject
ADVAPI32.dll	LookupAccountSidW, RegQueryInfoKeyW, RegDeleteValueW, RegDeleteKeyW, RegOpenKeyExW, RegCreateKeyExW, RegSetValueExW, GetUserNameW, GetNamedSecurityInfoW, BuildExplicitAccessWithNameW, SetEntriesInAclW, SetNamedSecurityInfoW, GetExplicitEntriesFromAclW, EqualSid, GetTrusteeNameW, DeleteAce, RegOpenKeyExA, LookupAccountNameW, RegOpenKeyW, RegEnumKeyExW, RegCloseKey, RegEnumKeyExA, RegQueryValueExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegQueryValueExA
SHELL32.dll	ShellExecuteW, ShellExecuteExW, SHCreateDirectoryExW, SHChangeNotify, SHGetSpecialFolderPathW, SHGetSpecialFolderLocation, SHGetMalloc, SHGetFolderPathW, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW
ole32.dll	OleRun, CoInitialize, CoUninitialize, CoCreateGuid, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoTaskMemRealloc
OLEAUT32.dll	VariantClear, SysAllocStringByteLen, SysStringByteLen, VarUI4FromStr, VariantInit, SysStringLen, SysFreeString, SysAllocString
SHLWAPI.dll	SHGetValueA, PathFileExistsW, SHGetValueW, PathCombineW, PathFindFileNameW, SHDeleteValueW, SHDeleteKeyW, PathIsRelativeW, PathAppendW, PathAddBackslashW, PathRemoveFileSpecW, PathIsPrefixW, wnsprintfW, PathRemoveBackslashW, PathAppendA, SHSetValueA, PathFindExtensionW, StrCmpIW, PathIsDirectoryW, PathIsURLW, PathIsNetworkPathW, StrRetToStrW, PathMatchSpecW, PathRemoveExtensionW, SHSetValueW
COMCTL32.dll	InitCommonControlsEx
MSIMG32.dll	AlphaBlend
VERSION.dll	GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
PSAPI.DLL	GetProcessImageFileNameW, EnumProcesses, GetModuleFileNameExW
urlmon.dll	URLDownloadToFileW, URLDownloadToCacheFileW
IPHLPAPI.DLL	GetAdaptersInfo
WININET.dll	InternetGetConnectedState
NETAPI32.dll	Netbios
SETUPAPI.dll	SetupIterateCabinetW
CRYPT32.dll	CryptMsgClose, CertCloseStore, CryptMsgUpdate, CryptMsgOpenToDecode, CertOpenStore, CertGetNameStringW, CertGetCertificateContextProperty
WINTRUST.dll	WTHelperGetProvSignerFromChain, WTHelperProvDataFromStateData

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2023 00:19:57.537019968 CET	58213	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:19:57.896249056 CET	53	58213	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:04.602859974 CET	58487	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:04.933532000 CET	53	58487	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:12.661696911 CET	49388	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:12.965959072 CET	53	49388	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:19.555391073 CET	58302	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:20.106847048 CET	53	58302	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:25.925373077 CET	60620	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:26.097635031 CET	53	60620	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:32.743307114 CET	60052	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:32.939935923 CET	53	60052	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:38.965389967 CET	60226	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:39.449395895 CET	53	60226	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:40.972238064 CET	63756	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:41.275552034 CET	53	63756	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:44.296148062 CET	56285	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:44.418893099 CET	53	56285	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:46.780684948 CET	53345	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:46.941236019 CET	53	53345	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:50.656985998 CET	61950	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:50.995877028 CET	53	61950	1.1.1.1	192.168.2.8
Dec 29, 2023 00:20:59.104631901 CET	62883	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:20:59.264755964 CET	53	62883	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:00.128458023 CET	55505	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:00.435400009 CET	53	55505	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:01.347132921 CET	62663	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:02.353069067 CET	62663	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:02.358078003 CET	53	62663	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:02.409930944 CET	50974	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:02.474678993 CET	53	62663	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:02.938143969 CET	53	50974	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:06.013504982 CET	60642	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:06.178896904 CET	53	60642	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:07.313731909 CET	64810	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:07.667758942 CET	53	64810	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:09.898104906 CET	52387	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:10.228272915 CET	53	52387	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:12.739259958 CET	57541	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:14.630287886 CET	55952	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:15.110070944 CET	53	55952	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:24.038351059 CET	51920	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:24.348001003 CET	53	51920	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:31.054044962 CET	52487	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:31.214174032 CET	53	52487	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:33.024691105 CET	61802	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:33.185267925 CET	53	61802	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:35.440159082 CET	56877	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:35.799705029 CET	53	56877	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:36.790195942 CET	59214	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:36.989273071 CET	53	59214	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:46.362169027 CET	53147	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:46.650255919 CET	53	53147	1.1.1.1	192.168.2.8
Dec 29, 2023 00:21:53.359186888 CET	56857	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:21:53.690109015 CET	53	56857	1.1.1.1	192.168.2.8
Dec 29, 2023 00:22:01.865330935 CET	61411	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:22:01.987535000 CET	53	61411	1.1.1.1	192.168.2.8
Dec 29, 2023 00:22:04.094885111 CET	61316	53	192.168.2.8	1.1.1.1
Dec 29, 2023 00:22:04.218981028 CET	53	61316	1.1.1.1	192.168.2.8

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:19:58.224361897 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=10047 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:19:58.542596102 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:19:58 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Wed, 24 Apr 2019 08:04:53 GMT Connection: keep-alive ETag: "5cc018a5-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:04.599854946 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=2179 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:04.918622971 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:04 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Wed, 24 Apr 2019 08:04:53 GMT Connection: keep-alive ETag: "5cc018a5-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:12.660742998 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=28509 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:12.980195045 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:12 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Wed, 24 Apr 2019 08:04:53 GMT Connection: keep-alive ETag: "5cc018a5-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:19.553544044 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:20.133143902 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:20.726906061 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:21.914402008 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:24.273761034 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:26.633532047 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:29.133315086 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:33.836289883 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:43.242794037 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18192 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:20:45.046379089 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:20:45.348995924 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:45 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:33 GMT Connection: close ETag: "6295d265-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:20:47.357517958 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=6291 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:47.668170929 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:47 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:47.706908941 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=28540 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:48.017307043 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:47 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:48.018445969 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16080 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:48.328993082 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:48 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:48.330001116 CET	390	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=24600&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:48.640286922 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:48 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:48.647659063 CET	380	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=43609&r2=8823 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:48.957901955 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:48 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:48.959037066 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=9946 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:49.269392014 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:49 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:20:59.104095936 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:59.539422989 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:20:47.867671013 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=1&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:20:48.189614058 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:48 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:21 GMT Connection: close ETag: "6295d259-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:20:59.645899057 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=16313 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:20:59.962344885 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:20:59 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:07.314291954 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=10437 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:07.629359007 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:07 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:14.629472017 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=1547 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:14.946264029 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:14 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:24.036797047 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32263 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:24.351685047 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:24 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:31.056819916 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=22406 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:31.371623993 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:31 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:34.206644058 CET	952	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:34.522488117 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:34 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:34.523093939 CET	864	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:34.849622965 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:34 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:05.116108894 CET	346	OUT	GET /wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa&w=6.2&t=6658734&active=1 HTTP/1.1 Accept: / Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: res.qhupdate.com Connection: Keep-Alive
Dec 29, 2023 00:21:17.456804037 CET	290	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:17 GMT Content-Type: text/plain Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=20 Vary: Accept-Encoding X-Powered-By: PHP/5.3.10 Content-Encoding: gzip Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:05.214373112 CET	216	OUT	GET /cms/guajian.html HTTP/1.1 Accept: / Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: static.apc.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:05.338560104 CET	544	IN	HTTP/1.1 200 OK Date: Thu, 28 Dec 2023 23:21:05 GMT Content-Type: text/html Content-Length: 21 Connection: keep-alive Expires: Thu, 28 Dec 2023 14:12:01 GMT Server: Apache Last-Modified: Tue, 19 May 2020 09:34:07 GMT ETag: "1-5a5fcfb2905a3" Accept-Ranges: bytes Cache-Control: max-age=600 Content-Encoding: gzip Age: 33544 X-Cache: HIT from cache.51cdn.com X-Via: 1.1 PSrbJP1ty77:3 (Cdn Cache Server V2.0), 1.1 PS-DFW-04Eay52:9 (Cdn Cache Server V2.0) X-Ws-Request-Id: 658e02e1_PS-DFW-04xVs53_13627-23937 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 33 04 00 b7 ef dc 83 01 00 00 00 Data Ascii: 3

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Cryptography

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)

C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)

C:\Program Files (x86)\360\360Desktop\360Preview.ui (copy)

C:\Program Files (x86)\360\360Desktop\360Preview.xml (copy)

C:\Program Files (x86)\360\360Desktop\360Ver.dll (copy)

C:\Program Files (x86)\360\360Desktop\360dtpreview.exe (copy)

C:\Program Files (x86)\360\360Desktop\360net.dll (copy)

C:\Program Files (x86)\360\360Desktop\360verify.dll (copy)

C:\Program Files (x86)\360\360Desktop\7z.dll

C:\Program Files (x86)\360\360Desktop\Bin\360Apns.dll (copy)

C:\Program Files (x86)\360\360Desktop\Bin\360AppCenter.exe (copy)

C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe (copy)

C:\Program Files (x86)\360\360Desktop\Bin\360DTFence.dll (copy)

C:\Program Files (x86)\360\360Desktop\Bin\360DTNotify.exe (copy)

Windows Analysis Report
SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:05.237658024 CET	260	OUT	GET /index.php?c=WallPaper&a=getAppsByDigest&start=0&count=100 HTTP/1.1 Accept: / Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: wallpaper.apc.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:05.510531902 CET	417	IN	HTTP/1.1 200 OK Date: Thu, 28 Dec 2023 23:21:05 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Expires: Thu, 28 Dec 2023 23:26:06 GMT Server: nginx/1.16.1 Cache-Control: max-age=600 X-Cache: MISS from cache.51cdn.com X-Via: 1.1 PSrbJP1qr80:4 (Cdn Cache Server V2.0), 1.1 PS-DFW-04Eay52:14 (Cdn Cache Server V2.0) X-Ws-Request-Id: 658e02e1_PS-DFW-04Eay52_10633-14853
Dec 29, 2023 00:21:05.510551929 CET	1286	IN	Data Raw: 38 62 32 0d 0a 7b 22 65 72 72 6e 6f 22 3a 22 30 22 2c 22 65 72 72 6d 73 67 22 3a 22 5c 75 36 62 36 33 5c 75 35 65 33 38 22 2c 22 63 6f 6e 73 75 6d 65 22 3a 22 31 36 37 22 2c 22 74 6f 74 61 6c 22 3a 22 32 22 2c 22 64 61 74 61 22 3a 5b 7b 22 69 64 Data Ascii: 8b2{"errno":"0","errmsg":"\u6b63\u5e38","consume":"167","total":"2","data":[{"id":"2019255","class_id":"26","resolution":"3840x2160","url_mobile":"","url":"http:\/\/p1.qhimg.com\/bdr\/__85\/t01755cc43f58bff4ee.jpg","url_thumb":"http:\/\/p1.q
Dec 29, 2023 00:21:05.510565042 CET	947	IN	Data Raw: 64 72 5c 2f 5f 5f 38 35 5c 2f 74 30 31 63 65 64 65 65 30 38 65 39 62 39 64 30 37 66 37 2e 6a 70 67 22 2c 22 75 72 6c 5f 6d 69 64 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 70 38 2e 71 68 69 6d 67 2e 63 6f 6d 5c 2f 62 64 72 5c 2f 5f 5f 38 35 5c 2f 74 30 Data Ascii: dr\/__85\/t01cedee08e9b9d07f7.jpg","url_mid":"http:\/\/p8.qhimg.com\/bdr\/__85\/t01cedee08e9b9d07f7.jpg","download_times":"0","imgcut":"0","tag":"_\u5168\u90e8_ _category_\u5e73\u539f_ _category_\u65f7\u91ce_ _category_\u98ce\u666f\u5927\u72
Dec 29, 2023 00:21:05.510577917 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:06.308600903 CET	235	OUT	GET /bdm/1280_1024_85/t01755cc43f58bff4ee.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: p1.qhimg.com Connection: Keep-Alive
Dec 29, 2023 00:21:09.249387980 CET	1286	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 225829 Connection: keep-alive Date: Thu, 28 Dec 2023 23:21:09 GMT Last-Modified: Wed, 05 Jul 2023 13:10:38 GMT xzp: zhlbmrwuizeiralelsmlml Expires: Wed, 27 Mar 2024 23:21:09 GMT Cache-Control: s-maxage=7776000, max-age=7776000 Access-Control-Allow-Origin: * Timing-Allow-Origin: * XCS: HIT KCS-Via: MISS from w-fc01.lato;MISS from w-sc01.bjyt Accept-Ranges: bytes X-Cache: Miss from cloudfront Via: 1.1 0878f88c5343da8d67032ec6de2d7e04.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAH50-P2 X-Amz-Cf-Id: ioH7nDlJJb70_EgkYRtkOl-ECjM8fsMAmkcggXBpzil15VXEXNBWsQ== Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 01 2c 01 2c 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c2 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 01 02 00 03 04 05 06 07 08 ff c4 00 1a 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 f1 50 cd f3 10 c2 43 01 09 16 34 85 84 8b 1a 2a 96 82 92 4a e5 80 04 30 23 41 24 03 51 6d 66 88 a4 54 22 2f 8a 47 10 15 58 90 b6 48 24 55 34 40 e2 47 82 c6 82 47 82 47 94 91 a0 a1 e0 a1 e0 81 e0 91 a0 91 c1 9a fc fa db ae 30 61 43 c1 23 41 03 81 43 81 43 81 61 25 71 c0 81 c0 b0 c0 2b a8 a1 c0 b0 80 43 05 0c 01 08 00 60 02 08 b0 81 43 08 81 81 01 94 01 80 92 12 48 49 21 01 01 04 02 10 49 21 24 84 92 12 48 49 21 24 84 92 12 48 49 21 24 84 92 12 48 49 21 24 84 92 12 48 49 21 24 87 62 13 62 c6 80 8d 00 61 85 8d 05 26 28 8d 05 24 8a 49 16 34 02 5b 04 24 c6 79 aa 56 59 a4 c6 69 a1 cc 86 f7 32 cd 50 ce 34 31 90 e8 63 2c d7 0c 72 d4 2c b0 38 b1 a0 b1 a0 a1 e0 a1 e0 91 c0 a1 e0 85 a0 81 e5 20 b0 09 1e 1c dd 98 fa 59 f4 56 1a 5f 3a 47 14 82 c0 22 15 9b 71 62 dc 28 70 20 70 05 b1 45 0c 05 0e 00 ae a2 86 00 0c 05 0e a0 86 0a 18 0b 08 01 84 48 40 90 ac b1 d5 d1 21 15 01 80 06 02 48 49 21 24 84 0c a4 92 02 48 49 21 24 84 92 12 48 49 21 24 84 92 12 48 49 21 24 84 92 12 48 49 21 24 84 92 12 48 49 21 db 84 d8 b1 a0 09 80 8d 22 06 8a a4 c0 46 82 96 82 96 82 92 45 24 8b 18 c5 6e 40 09 61 56 d8 54 eb 60 b1 e0 ab 63 14 38 04 09 61 52 d8 07 b0 58 24 78 24 78 24 78 24 70 28 b0 09 1a 08 5a 08 1e 08 2c 02 3c d8 bc Data Ascii: JFIF,,C!"$"$C"PC4*J0#A$QmfT"/GXH$U4@GGG0aC#ACCa%q+C`CHI!I!$HI!$HI!$HI!$HI!$bba&($I4[$yVYi2P41c,r,8 YV_:G"qb(p pEH@!HI!$HI!$HI!$HI!$HI!$HI!"FE$n@aVT`c8aRX$x$x$x$p(Z,<
Dec 29, 2023 00:21:09.249455929 CET	1286	IN	Data Raw: 8e bf 37 d0 f2 f5 f9 bb 2d 4e 9e 64 8e 2e 10 3c ac f7 8b 31 de 95 b0 6b 82 07 14 81 c0 a1 a0 81 c0 81 c0 b0 92 b0 e0 40 ea 00 c0 58 60 a1 d4 58 60 b0 81 63 02 90 c3 1a 73 26 f2 03 01 61 04 06 00 18 09 21 24 81 10 8b 24 24 8e 56 47 58 e5 4d 4a b9 Data Ascii: 7-Nd.<1k@X`X`cs&a!$$$VGXMJR:=GEI3$$BI$$BI$;IQh,h#I"acc$XvTTk"\x'@k{WOtO:SK>=\|XH@(bVE
Dec 29, 2023 00:21:09.249633074 CET	1286	IN	Data Raw: 6e c3 17 58 96 fa 3c 55 8b 06 b9 d6 b6 02 b1 62 95 87 05 61 d4 45 b1 44 57 05 61 d4 40 e2 ab 57 10 a9 62 d5 61 d4 50 e8 45 60 55 21 cd 81 86 a2 82 00 0c 14 10 40 60 a0 c2 2b a0 24 81 56 06 a1 0e 74 99 fa 55 b7 6e fe 4d da d6 ae 76 fc 73 09 d1 be Data Ascii: nX<UbaEDWa@WbaPE`U!@`+$VtUnMvshfWi>~.o/+7Spn];8mHz]Ck6dmW:3Zu5e-}^g=4"T#chZ73gf*Vw+jl,`mv-oklwt+
Dec 29, 2023 00:21:09.249676943 CET	1286	IN	Data Raw: 13 ea c9 90 fb a4 65 b3 c7 44 27 e5 ee 07 00 25 49 e7 c7 63 1d b7 79 2e df 9a e9 cb d1 78 1f a5 79 2d 4e 27 42 8c 9d 65 bb 05 dc 49 d9 e2 77 21 df 19 ad da fc ef 41 76 f3 f1 b2 66 c1 d3 e6 cd d4 0a e3 d3 64 a0 90 b6 94 c9 d0 d3 bb 3a e4 71 fb 3c Data Ascii: eD'%Icy.xy-N'BeIw!Avfd:q<nq=]VtgtC=7^l:w6s^alRu+[]EVKmbjHPj 0PA( S Pj%y?AUowz'>Lk^O_~m{Fa<
Dec 29, 2023 00:21:09.249712944 CET	1286	IN	Data Raw: cf 66 79 75 70 b2 45 fa 6b d5 6e 74 e4 35 9d 2d 6b f4 7a c7 ba bf 2f 2f 5f c6 fd 11 a3 e6 37 e7 4d c6 eb f2 3e 83 37 c9 e5 7d 0b ce 27 8d 86 7a 31 66 8e 87 b8 cd f9 b5 3f 4f f9 ce 2f 8e e3 f5 3d 7e 3b 79 55 eb fb 94 f9 47 23 b5 cd c7 5f 55 e7 fa Data Ascii: fyupEknt5-kz//_7M>7}'z1f?O/=~;yUG#_Uy0is::M?<r{'oZ]VtHC7^GL^Gcey-Cq5XS5F]4S\|sQM0%j:\|?;z~}<:gmU)c
Dec 29, 2023 00:21:09.249749899 CET	1286	IN	Data Raw: 46 56 a2 59 a6 87 c8 d5 35 cb 65 89 3a 66 eb 69 d9 a8 e3 35 26 c9 8e c1 a6 6c b8 d7 b2 d5 d0 f4 38 df 92 f4 f8 28 d0 f8 cf 74 9d f9 7c ff 00 bd e9 3b 1e 7b c4 df d6 ab 59 c1 5e ca ae 6b f3 fd ae 5e ae 4b aa af 9e fb b4 f3 29 e9 93 9b 66 3e 5a 4b Data Ascii: FVY5e:fi5&l8(t\|;{Y^k^K)f>ZKc9jjWkS_^7:N}>*ueV&r'g6esj]o7s"U9~>_\|{S__dDZ!dHb(A$>Z=sO>'
Dec 29, 2023 00:21:09.249797106 CET	1286	IN	Data Raw: 82 af 31 eb 3c de a7 91 16 57 a9 5e bc 4a 69 c4 e0 a0 e4 dd 2f a6 ea 49 bc c9 20 9e 7f a3 cb 89 5b 59 1c dc ce cb ea b4 72 fb 36 0c 1a 35 ce be 7b cf fd 27 ca 39 f6 3d 57 84 b7 53 8d ec 7c f6 6e 5d fe 95 b7 cd e3 c6 b4 78 ae 67 4f af 2c 74 75 f1 Data Ascii: 1<W^Ji/I [Yr65{'9=WS\|n]xgO,tu{Tqtu4}O[qv~Kts.\9huVydFOs'~\}g>vRA6:Nk^\|;p\jP^KN&2HMzTg3ciE
Dec 29, 2023 00:21:09.249840975 CET	1286	IN	Data Raw: 9e da 6b c8 b3 5b 73 d2 db c1 eb eb 3e 6b 93 ee 3c 76 75 99 d2 d2 dd 16 ed 97 01 17 4d 62 1d 49 66 6d d9 74 ef 17 69 cf b2 06 2f 71 e1 63 67 b1 f2 9b 65 f4 d4 f3 3a 7e 5f 40 42 be bf 3c d4 bc 49 aa f9 7d 3e 0e b3 4d 71 91 3a 1d 6e e6 75 9b a1 cf Data Ascii: k[s>k<vuMbIfmti/qcge:~_@B<I}>Mq:nuT\[wK=J<]\|}\|MuyC+9F35#X5'g4-*Vf&MVUj6Mgu'2t0V0$e0d`]U(V[R\|Z{eTSY54BIgY"Y.
Dec 29, 2023 00:21:09.249880075 CET	1286	IN	Data Raw: 7b 3e 39 8e fc 23 59 dd 8f b1 c3 34 f4 f9 3a 0a 86 9c 27 68 73 af 2e e8 e0 6b 38 54 fa 3f 37 9d 5b 65 72 ac a6 c0 82 23 da 4a 94 71 25 ab ee 3c 3f 73 17 d7 46 ab 97 a5 e3 d5 2c 86 b9 75 53 d6 e1 67 b6 65 b6 9e fe 1d 32 b6 e5 e8 2b 14 20 05 8a 50 Data Ascii: {>9#Y4:'hs.k8T?7[er#Jq%<?sF,uSge2+ PdSks$/^VviM)<tsqjqu]<>cU;_I?3xoWnp&,tdY$FS<.,."Y=u[_\|7ijn3e23ao.(NW]"
Dec 29, 2023 00:21:09.249918938 CET	468	IN	Data Raw: 2d af 59 c5 4d 94 59 42 e9 ac aa 58 6a 97 67 4a 85 f2 5a 4d c4 a2 bd a0 ca bb 8a e2 1b e2 73 9b a2 65 e6 0e ac 5e 5c ea 14 e5 ce b1 97 90 fd 46 35 ab 0d e4 19 20 b2 da a9 2e be 31 97 82 13 28 db 53 cd 25 b4 e9 66 b5 b2 b8 6a 2e 6a f2 af db e4 eb Data Ascii: -YMYBXjgJZMse^\F5 .1(S%fj.j3}+vl04rBXZnJC*9oUe{hM4S^PF]N5Z_7Y7TvT[F{YH [[S^u]TJ[ e"HA-E)h
Dec 29, 2023 00:21:09.251718044 CET	1286	IN	Data Raw: 03 09 40 30 58 41 04 01 82 51 b2 97 90 40 a3 5d 9d ab a3 4d 29 2c 54 14 f2 b3 0e f5 31 b3 b7 e7 3a a5 7c be 9e 15 cd 2e 05 52 e3 19 c6 95 29 96 1a a8 5b 5d cc 80 a0 92 04 10 19 21 20 8a 60 84 92 11 94 a7 7b 36 84 f5 71 4d 52 fa 6e a5 5e 87 34 59 Data Ascii: @0XAQ@]M),T1:\|.R)[]! `{6qMRn^4Y\|8=6N9t0v[\fV(zOuSd]Wh$BHMKuh`ZXR$s^[{\FBIXT^9u/*3A#.[

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:10.372796059 CET	235	OUT	GET /bdm/1280_1024_85/t01cedee08e9b9d07f7.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: p8.qhimg.com Connection: Keep-Alive
Dec 29, 2023 00:21:10.948395967 CET	1286	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 298959 Connection: keep-alive Date: Thu, 28 Dec 2023 23:21:10 GMT Last-Modified: Wed, 02 Aug 2023 04:10:28 GMT xzp: zhlbmrwuizeiralelsmlml Expires: Wed, 27 Mar 2024 23:21:10 GMT Cache-Control: s-maxage=7776000, max-age=7776000 Access-Control-Allow-Origin: * Timing-Allow-Origin: * XCS: HIT KCS-Via: MISS from w-fc01.lato;MISS from w-sc09.zzzc Accept-Ranges: bytes X-Cache: Miss from cloudfront Via: 1.1 82888bfcd462dda403ae64a071327a74.cloudfront.net (CloudFront) X-Amz-Cf-Pop: DFW57-P3 X-Amz-Cf-Id: v4_7yBymcxYwfPSXan3rKPfqqTWKjJReo4gXVFBapFxYr13fxOlTPQ== Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c2 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 ff c4 00 1a 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 d7 9e ef 47 cc bc 4f 27 59 39 66 82 d7 1f 2d 83 3a 8b 65 aa 1d 72 e9 90 b8 ca 26 8d 09 4e ae 6a 71 39 a1 96 ec 45 74 cc 67 a0 aa 69 69 5b 96 c1 11 71 a7 33 59 65 a7 a2 4b 58 ac c6 89 dd b8 8b 1d c2 a8 9e 91 d1 51 c4 b0 af 36 c6 bf 54 e8 31 9f 19 68 ea 30 3b 92 37 9d b7 17 e7 e9 a5 9d d1 ce eb 49 bf cd d2 39 90 c5 32 1a 2a c0 80 a3 ed e3 e2 0e c0 52 06 d9 d9 46 63 65 b2 7a 89 bb 8d ec 72 4a f0 f4 e9 a8 ba ba 26 59 c8 26 b9 ec b7 86 f7 3e ce 63 95 3a 96 18 c9 d8 29 42 f4 a6 01 91 3d 73 29 44 e0 cb c2 ae 54 55 a5 6d 73 ea 82 fd 38 31 40 c8 13 a2 01 81 8e 81 22 a8 f7 c6 c3 98 d3 3a 44 45 c7 73 0d 67 79 37 d1 5a 92 d4 28 35 c7 a7 a6 a7 a6 6d 35 16 e9 9b 97 65 9e 6e 84 54 d4 cd d7 31 cc db 6c 58 a0 e6 2e 22 d5 a9 ac f4 d2 8e 98 17 77 73 23 ba 1c f7 74 04 f4 70 4d 7b 83 ad 59 64 cf 11 3a 75 a1 15 e9 86 ba 27 82 3a 78 27 bb 83 a6 24 38 83 94 cb 14 d5 cf 48 4b 53 2e 2f 88 22 5c 39 c1 be 5b 31 a3 98 ce 1b 30 9c 27 4a 8c 80 5b e3 a2 95 6a 89 81 4e 99 da 96 86 ac c2 97 9a 62 80 08 69 55 43 4d 38 e5 13 c3 7a 08 35 e9 e6 3d 95 b3 0a 45 ed 2d a6 50 d3 c7 62 a7 5c b1 19 78 8e ae 63 14 11 34 5e 19 11 c6 ad 15 5e 05 02 2c 09 81 f3 68 09 36 15 a4 69 91 df ca 34 5b 84 54 d9 6b 23 ea b0 1d 61 6b 95 ec 3b 20 86 0d Data Ascii: JFIFHHC!"$"$C"GO'Y9f-:er&Njq9Etgii[q3YeKXQ6T1h0;7I92*RFcezrJ&Y&>c:)B=s)DTUms81@":DEsgy7Z(5m5enT1lX."ws#tpM{Yd:u':x'$8HKS./"\9[10'J[jNbiUCM8z5=E-Pb\xc4^^,h6i4[Tk#ak;
Dec 29, 2023 00:21:10.948421001 CET	1286	IN	Data Raw: f3 d1 8b 24 38 b6 e1 2b 5c 39 c5 53 2d 4d 65 cc 1d 7b 52 29 8a de 39 fa 2a 40 8a a6 ed e7 75 4e cb 19 0f 72 74 d5 06 41 b6 71 d1 7b 86 64 a3 e7 dd 65 4f 3d 3c f5 9b 02 90 08 0b f4 73 e8 02 f5 e7 e8 57 ab 5e ae 69 af 15 cd 0b 6a 4d 86 dd 5a 83 19 Data Ascii: $8+\9S-Me{R)9*@uNrtAq{deO=<sW^ijMZ8Tu`:e)nE'S=8vZ&jLp=^uOG@OGX'G^Jqt#'qT$\R4,PcLcM0:v:e6sL45.~tAQdms
Dec 29, 2023 00:21:10.948437929 CET	1286	IN	Data Raw: ee e0 ee ee 17 77 73 3b bb 82 d6 1f 22 7b ba 97 4c 70 74 4c 25 dd dc c9 e8 e4 5b ab c1 7e af 0e dd 5e 09 ee e6 fb bb 85 d3 12 9f 77 70 fa 26 05 dd dc ce ee 81 4f 57 82 d1 1c 2e e8 91 31 1d d1 a4 77 73 3a 3b 83 a2 78 2b dd c1 dd dc ce ee e6 a3 a7 Data Ascii: ws;"{LptL%[~^wp&OW.1ws:;x+0wpwwwpwZ>18rR&Z/'fV-V-kt]wwD=OwwptpwwwH{GwI]<j:ywwDD
Dec 29, 2023 00:21:10.948451996 CET	1286	IN	Data Raw: 6b b4 92 9a 24 b9 c3 6d c5 dc f2 fa 4b a7 43 32 f4 5a 94 ac 7a 1c 77 91 48 54 95 e0 98 e8 1f 4c 70 89 21 80 6a 17 20 89 43 40 84 6a 48 ed 42 55 13 42 70 07 af 46 a2 d3 20 2b 5a 05 c7 05 c1 9b 23 2d 3b 28 40 3d 29 72 6c 86 9d 35 69 1c b2 d1 d0 14 Data Ascii: k$mKC2ZzwHTLp!j C@jHBUBpF +Z#-;(@=)rl5iP`<2kV6]wJ?6}vyHt"-;U4di\yj8j_ZE9V,RR1IGpD5E.D2\"L5K*IrQIP -)fQ%0%Z,
Dec 29, 2023 00:21:10.948470116 CET	1286	IN	Data Raw: 0a b1 42 34 60 d6 66 a9 63 8d 01 69 7b 36 a8 d9 5b 4c da 81 05 0b 6c 60 fa 2a 30 a1 c9 d3 23 ab a5 9b 96 a9 ea 67 ed e9 9a 95 68 59 d0 06 50 e9 1a 29 ea 67 67 a0 b4 92 7c 54 00 c4 d3 46 1b 79 6c 1e 32 02 93 c5 c2 8b 32 bd c8 75 2a 6c ed 5c ad 5c Data Ascii: B4`fci{6[Ll`0#ghYP)gg\|TFyl22ul\\Ip\D9-v7\|Co~>F~x`jhzd0m6Y^Yd$fSj0Vk;O]}G#-tvn(zBl 9#tsz2]&
Dec 29, 2023 00:21:10.948482037 CET	1286	IN	Data Raw: 68 d1 54 ab 7c 0c b4 18 16 7f 6c 98 d5 f2 be ab 93 b3 47 07 69 2e 7d d9 35 97 8a 59 8a 45 e6 b3 29 5f 5c 9d 65 63 73 75 52 d4 b0 65 b8 47 d9 e6 f4 1e 42 79 c3 b0 cb dc 9b 62 79 1f 53 e6 bd 3e 20 fb 4f 1d ee b3 bf 9b ec 87 d1 ed 09 e3 bf a1 86 fa Data Ascii: hT\|lGi.}5YE)_\ecsuReGBybyS> Owfce<m<\gj+9e8l1i&65\s+/{mdXz`Al":[]-^]>~g?SG{i~#f?4_
Dec 29, 2023 00:21:10.948498964 CET	1286	IN	Data Raw: 69 f4 f7 90 4b 25 e5 28 3d 14 94 e2 ea 60 6a f4 c6 40 b5 3c 6f 76 0e 6f 78 2f 45 b4 fa 2d 25 d3 f2 bb bc b0 d4 af bf e4 0a 45 7d f2 d0 f4 7e 48 38 69 e9 3c fb 21 61 7e 87 f3 df 5f cb a7 a3 15 c5 e2 fa 29 5a d5 d4 83 0b ab 28 d2 14 e1 64 81 74 b6 Data Ascii: iK%(=`j@<ovox/E-%E}~H8i<!a~_)Z(dt<'y?uUEz\|\|klq'"m[7K;*:y9=xy711WMmp4+r:5kf8[ERjz\idM-M
Dec 29, 2023 00:21:10.948512077 CET	1286	IN	Data Raw: 7d ce 15 fa 9a 3d bc 34 b6 92 18 6a df a0 77 1f cc ee 6f 79 1d 4e 0d fc ae c2 8c ea 94 f0 9e fb e7 be a7 15 67 af e9 72 27 a4 86 8c b1 d2 c3 55 5b 54 37 8b 55 61 79 d2 e7 58 d2 c9 51 c2 7e ee 99 ce f8 7e 96 f6 7b be 27 2b dc dd f1 1e c5 ac 1f 25 Data Ascii: }=4jwoyNgr'U[T7UayXQ~~{'+%q"Ur_^y{xy}22tGS1y<eB=\(L(oUzC"\:]Ne4\QYp!cbr^+mKS_[fFUr0}$}g>dl\|E=cW
Dec 29, 2023 00:21:10.948528051 CET	1286	IN	Data Raw: 78 1f 79 e0 e2 a9 6a 13 d1 e1 bb 69 b3 14 32 88 ea ab 30 41 2f 0d d6 a4 15 60 61 13 58 01 c7 4b 4c 64 6b e4 b4 1d 9c bd 66 ad 13 19 69 71 da a3 b7 5e 15 2c 75 db 6b 2d c5 99 a8 6a b7 ae 3b fa ef 47 e1 bd bf cd fb 58 cd ba 2a c7 29 ed 31 13 84 30 Data Ascii: xyji20A/`aXKLdkfiq^,uk-j;GX*)10-Gwm~{[).s,3Ih,VV(^#!zzp,;1\|_}J8qGW8Z~{-kFXyz:-;EjcJmAmjrU{VjX^)yH{q
Dec 29, 2023 00:21:10.948544979 CET	1286	IN	Data Raw: 93 8a 8f d1 46 ae 21 31 8e ab 66 18 5b 63 ed 16 ea f0 7a 0e b7 8b a1 9e 83 c7 38 fb bc fc b0 58 7e a7 92 4b d6 b5 36 61 47 a6 b5 78 37 c3 5c 13 36 1d 33 b8 74 e8 19 83 79 0b 9a cd 89 53 42 52 06 32 53 99 31 6b 21 89 86 33 bb ae fa 92 d4 6d 71 da Data Ascii: F!1f[cz8X~K6aGx7\63tySBR2S1k!3mqdao!SskVofjkVjgk3n\|;gz>W}37=?{>C=({^y@9Cug't<G8<xzKhJsox[f=v6F;\|
Dec 29, 2023 00:21:10.952131987 CET	1286	IN	Data Raw: 49 31 49 b9 6a 81 99 a9 28 61 8c 5d 61 8a 4c 22 0c 25 50 6e 5a c9 7e f4 96 7d 4e 1b 92 b8 13 0d 4b 7b ce f7 0d 4a 3a 36 87 29 d8 46 d3 3d 3d 9c cd 6f 0b df c0 ab b6 55 a4 46 05 c9 d3 89 76 d3 e9 cb 56 1a 47 23 c7 a8 c0 3d af 20 75 a8 af 31 d8 56 Data Ascii: I1Ij(a]aL"%PnZ~}NK{J:6)F==oUFvVG#= u1VqQ}z=os3^P%g:BT/Ta<pIpVa3tj!4/;*Drq6#(7QmKXk&&,g9 C4^#W#4U:7H

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:13.175393105 CET	346	OUT	GET /wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa&w=6.2&t=6671437&active=0 HTTP/1.1 Accept: / Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: res.qhupdate.com Connection: Keep-Alive
Dec 29, 2023 00:21:25.534214973 CET	290	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:25 GMT Content-Type: text/plain Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=20 Vary: Accept-Encoding X-Powered-By: PHP/5.3.10 Content-Encoding: gzip Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:34.521137953 CET	940	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32664&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:34.834193945 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:34 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:15 GMT Connection: keep-alive ETag: "5bd6a4bf-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:34.834882975 CET	390	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=32713&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:35.148144960 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:34 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:15 GMT Connection: keep-alive ETag: "5bd6a4bf-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:35.439212084 CET	381	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=122367&r2=3671 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:35.752511978 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:35 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:15 GMT Connection: keep-alive ETag: "5bd6a4bf-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:35.893788099 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=5251 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:36.206840992 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:36 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:15 GMT Connection: keep-alive ETag: "5bd6a4bf-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:39.808753967 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=18212 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:40.121747017 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:39 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:15 GMT Connection: keep-alive ETag: "5bd6a4bf-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:46.362438917 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=6873 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:46.676083088 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:46 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:15 GMT Connection: keep-alive ETag: "5bd6a4bf-0" Accept-Ranges: bytes
Dec 29, 2023 00:21:53.358885050 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=29683 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:21:53.672358990 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:53 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:15 GMT Connection: keep-alive ETag: "5bd6a4bf-0" Accept-Ranges: bytes
Dec 29, 2023 00:22:01.863946915 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=08bcc5cf9e3fc589107741a5e999ecfa&ver=2.6.0.1110&r1=0&r2=24722 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:22:02.177149057 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:22:02 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:15 GMT Connection: keep-alive ETag: "5bd6a4bf-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:36.027446985 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:21:36.348258018 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:36 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:32:04 GMT Connection: close ETag: "6295d284-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:21:40.043870926 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=08bcc5cf9e3fc589107741a5e999ecfa HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:21:40.356060982 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:21:40 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:33 GMT Connection: close ETag: "6295d265-0" Accept-Ranges: bytes

Target ID:	0
Start time:	00:19:54
Start date:	29/12/2023
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
Imagebase:	0xbd0000
File size:	22'004'296 bytes
MD5 hash:	AAE3EEDBDC1B1A99F7C2844F85352692
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	00:20:06
Start date:	29/12/2023
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Imagebase:	0x760000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	10
Start time:	00:20:39
Start date:	29/12/2023
Path:	C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe"
Imagebase:	0xb60000
File size:	256'872 bytes
MD5 hash:	DEC58427DAFCCF050DA9AC893E28407C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true