Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
Analysis ID:	1367834
MD5:	aae3eedbdc1b1a99f7c2844f85352692
SHA1:	8025c689f73816e6c275e38002649d91244d6db2
SHA256:	2c1d65f58f07ad391492f0c0b1c335321f7b0d6e9f41218e04404e7b58692ddb
Tags:	exe
Infos:

Detection

Score:	54
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	17
Range:	0 - 100

Signatures

Yara detected AntiVM3

Contains functionality to infect the boot sector

Creates an undocumented autostart registry key

Flash file may contain encrypted javascript

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

DLL planting / hijacking vulnerabilities found

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

EXE planting / hijacking vulnerabilities found

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file contains strange resources

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Registers a DLL

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe (PID: 6196 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe MD5: AAE3EEDBDC1B1A99F7C2844F85352692)

regsvr32.exe (PID: 3668 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 5692 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 2076 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

360TopbarASS.exe (PID: 3176 cmdline: "C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe" MD5: DEC58427DAFCCF050DA9AC893E28407C)

regsvr32.exe (PID: 3668 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 4508 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 6784 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 5380 cmdline: /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

GBInst.exe (PID: 4072 cmdline: "C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe" /S MD5: 32DC2FA6DB8B8809B12A8CAD215C69FD)

360wpappInstaller_zhuomian.exe (PID: 5884 cmdline: "C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe" /S /Pzhuomian MD5: 02C91D3BE856789E1711C37649F382CC)

flashApp.exe (PID: 5004 cmdline: "C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe" onlyimport MD5: 28580334E670277D005E38D4C9E65CFD)

360DesktopSwitch64.exe (PID: 4764 cmdline: "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe" /unloaddtswitcher MD5: 476B86E7D05550919702E25541927DA5)

regsvr32.exe (PID: 5808 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 1984 cmdline: /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 5256 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 432 cmdline: "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

360TopBar.exe (PID: 2860 cmdline: "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun MD5: B70E8845A3DFB674910975E6D0C061EC)

WerFault.exe (PID: 6968 cmdline: C:\Windows\system32\WerFault.exe -u -p 1028 -s 10624 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

explorer.exe (PID: 1784 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

WerFault.exe (PID: 5012 cmdline: C:\Windows\system32\WerFault.exe -u -p 1784 -s 4932 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

explorer.exe (PID: 6668 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360seNotify.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe PID: 6196	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021C3210 CryptCATAdminReleaseContext,	15_2_021C3210
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021C3230 CreateFileW,LocalAlloc,LocalAlloc,LocalFree,CryptCATAdminCalcHashFromFileHandle,GetLastError,LocalFree,LocalAlloc,CloseHandle,	15_2_021C3230
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021C3560 lstrlenA,MultiByteToWideChar,WinVerifyTrust,WTHelperProvDataFromStateData,WTHelperGetProvSignerFromChain,WTHelperGetProvCertFromChain,CertGetNameStringA,WinVerifyTrust,lstrlenA,MultiByteToWideChar,CryptCATAdminEnumCatalogFromHash,CryptCATAdminReleaseCatalogContext,LocalFree,	15_2_021C3560
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021C37D0 CryptCATAdminAcquireContext,CryptCATAdminEnumCatalogFromHash,CryptCATAdminReleaseCatalogContext,LocalFree,	15_2_021C37D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C36E990 CryptBinaryToStringA,	16_2_6C36E990
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C37A460 CryptDestroyHash,	16_2_6C37A460
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C37A440 CryptDestroyKey,	16_2_6C37A440
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C36E6C0 CryptBinaryToStringA,_memmove_s,_memcpy_s,	16_2_6C36E6C0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3BA7A4 _LocaleUpdate::_LocaleUpdate,_strlen,CryptBinaryToStringA,_strlen,	16_2_6C3BA7A4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C37A030 CryptReleaseContext,	16_2_6C37A030
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C37E090 CryptGetHashParam,	16_2_6C37E090
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C37A120 CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,_memset,lstrcpynA,CryptImportKey,CryptCreateHash,CryptSetHashParam,CryptHashData,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	16_2_6C37A120
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C37A320 CryptGetHashParam,CryptGetHashParam,CryptGetHashParam,	16_2_6C37A320
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3D3420 CertOpenStore,CryptMsgOpenToDecode,CryptMsgUpdate,CertCloseStore,CryptMsgClose,	16_2_6C3D3420
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C393560 CryptUnprotectData,	16_2_6C393560
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3932A0 CryptProtectData,LocalFree,	16_2_6C3932A0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C393360 CryptUnprotectData,	16_2_6C393360
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C36B380 CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,	16_2_6C36B380
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3F13E0 CryptDestroyKey,	16_2_6C3F13E0

Privilege Escalation

DLL planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: LINKINFO.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: MSIMG32.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\PDown.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeature360Control.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	DLL: C:\Users\user\AppData\Roaming\360bizhi\NotifyDown.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\AppcenterDataGb.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\somcoredt.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: MSASN1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\img_reader.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: VERSION.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\7z.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: cscapi.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\safelive.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: WININET.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: NETAPI32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: Cabinet.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\360NetUL.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\360Login.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\NotifyDown.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360P2SP.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\somkernldt.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: DEVRTL.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\LiveUpd360.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: IPHLPAPI.DLL	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeatureKernel.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\GameBox.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\GameBoxCore.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360net.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: Wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: TextShaping.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	DLL: C:\Users\user\AppData\Roaming\360bizhi\360verify.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360verify.dll

EXE planting / hijacking vulnerabilities found

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpup.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\DTCrashReport.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\oauthlogin.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\DTCrashReport.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	EXE: regsvr32.exe	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\360GbApp.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\360GameBox.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Uninstall.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\SetupUtilDT.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\Uninstall.exe

Compliance

DLL planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: LINKINFO.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: MSIMG32.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\PDown.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeature360Control.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	DLL: C:\Users\user\AppData\Roaming\360bizhi\NotifyDown.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\AppcenterDataGb.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\somcoredt.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: MSASN1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\img_reader.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: VERSION.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\7z.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: cscapi.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\safelive.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: WININET.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: NETAPI32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: Cabinet.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\360NetUL.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\360Login.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\NotifyDown.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360P2SP.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\somkernldt.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: DEVRTL.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\LiveUpd360.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: IPHLPAPI.DLL	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeatureKernel.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\GameBox.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\Bin\GameBoxCore.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360net.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: Wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	DLL: TextShaping.dll	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	DLL: C:\Users\user\AppData\Roaming\360bizhi\360verify.dll
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	DLL: C:\Users\user\AppData\Local\360GameBox\360verify.dll

EXE planting / hijacking vulnerabilities found

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpup.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\DTCrashReport.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\oauthlogin.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\DTCrashReport.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	EXE: regsvr32.exe	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\360GbApp.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\360GameBox.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Uninstall.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	EXE: C:\Users\user\AppData\Local\360GameBox\Bin\SetupUtilDT.exe
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	EXE: C:\Users\user\AppData\Roaming\360bizhi\Uninstall.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: D:\360se3\trunk\extension\AppBase\wxsqlite3.7.2\bin\sqlite3.pdbNB10k source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb`` source: GBInst.exe, 0000000D.00000002.2546487459.000000000040B000.00000004.00000001.01000000.0000000E.sdmp
Source:	Binary string: e:\build\360DeskTop\UiFeatureControlSrc\UiFeature\Src\Pdb\UiFeature360Control.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B050000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2509212496.000000000357C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se3\trunk\extension\AppBase\wxsqlite3.7.2\bin\sqlite3.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\shell360dt64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2558990791.00007FF8B8CEB000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\build\360browser\src\DreamWork\TheWorld\TheWorld\TheWorld___Win32_Release_Unicode\360mwapp.pdbNB10K source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtwebframe.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\Bin\360DeskTop\Release\BizPluginCake.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb8pJ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\shell360ext.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360NetUL\bin\360NetUL.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008D81000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2497316206.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360DesktopUi.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_2.6.0.1080_20130226\bin\360DeskTop\Release\360DesktopAssistant.pdbt source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DTNotify.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBox.pdb5 source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2501426282.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\SML_Shutdown_for_DT\Output\Bin\Release\RegularShutdown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360MsgPushCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopSwitch64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\7z_%209.20.0.1020_20120420_A\bin\Release\7z.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2043012277.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2482042900.00000000005A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\7z_%209.20.0.1020_20120420_A\bin\Release\7z.pdbx source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2043012277.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2482042900.00000000005A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360DTSwitchBar.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Work\360se\extension2010\ExtNetIncrement\Output\ExtNetIncrement.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\desktoptool.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb\ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360ZMUDetail.pdb0` source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb\Al source: flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SetupUtilDT.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\DownDll\Release\LiveUpd360.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000954C000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490485754.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\bin\360DeskTop\Release\AppcenterDataGb.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopSwitch.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360Wapp.pdbXp\ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlproc_1.2.8\CheckedBuildWithPDB\urlproc.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtwebbrowser.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Net_2\Release\360net.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008D81000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2487820669.00000000005C8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopMenu.pdbh source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se\360se3\trunk\extension_store\Down360seNotify\Release\NotifyDown.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2507348840.0000000003571000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBoxCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503231467.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360DeskTop\src\Release\360TopBar.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000016.00000002.2612965104.0000000000219000.00000002.00000001.01000000.0000001D.sdmp, 360TopBar.exe, 00000016.00000000.2548217131.0000000000219000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\release\360wallpaper\version\360wpup.pdb source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtswitcher64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb``y source: GBInst.exe, 0000000D.00000002.2552193222.0000000003792000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360Wapp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\dtappcore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000092D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtswitcher.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\CloudTaskCenter_naive.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000092D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpapp.pdb source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360AppCenter.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006BF2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\BoxUI.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_1.4.0.1085_20110902\bin\360DeskTop\Release\RegSMWebProxy.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\release\360wallpaper\version\360wpup.pdbL source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360DeskTop\src\Release\UiPluginCake.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009B29000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B087000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\build\onlineinstaller\Release\360Inst.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\AppUpdate.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360Apns.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360weibo.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpsrv.pdbxQJ source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\360Down\Release\LiveUpdate360.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_2.6.0.1080_20130226\bin\360DeskTop\Release\360DesktopAssistant.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360Ver.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2608003325.0000000003C54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008E93000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2485680529.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\SML_Shutdown_for_DT\Output\Bin\Release\RegularShutdown.pdbP source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360ZMUDetail.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\DTCrashReport.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2499422068.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\somcore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlprocnet_1.2.4\CheckedBuildWithPDB\urlprocnet.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429415030.0000000003FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtfilm.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SomSoftMgrdt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\somQuickInstdt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpsrv.pdb source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360Desktop.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\svn\360desktop\branches\2.0.0.1120_201207016_B\Output\Bin\Release\SoftMgrLiteBase.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DTFence.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SMWebProxydt.pdbp source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\Release\360wallpaper\version\DTCrashReport.pdb source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb`` source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\onlineinstaller\Release\360Inst.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360Desktop_20120814_2.3Release_appcore\bin\360DeskTop\Release\360AppCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000016.00000003.2610280460.00000000030E1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\flashApp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2479671082.0000000002CE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000083EE000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000000.2482543383.00000000001F4000.00000002.00000001.01000000.00000010.sdmp, flashApp.exe, 00000010.00000002.2486101694.00000000001F4000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: E:\build\360browser\src\DreamWork\TheWorld\TheWorld\TheWorld___Win32_Release_Unicode\360mwapp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\code_svn\360SoftMgr\branches\GameMaster_1125_for_360dt\Output\Bin\Release\AppCenterCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se\360se3\trunk\extension_store\Down360seNotify\Release\NotifyDown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2507348840.0000000003571000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360FeedBack\Release\360FeedBack.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360Login\Release\oauthlogin.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\bin\360DeskTop\Release\360GbApp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\DTQuickInstProxy.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpapp.pdbH source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopMenu.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\PDown\Release\PDown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490747591.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlproc_1.2.8\CheckedBuildWithPDB\urlproc.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\Safelive\ReleaseUMinDependency\Safelive.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000096F8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2492077094.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\bin\Release\MiniUI.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2406322166.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047064905.000000000377D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2611106336.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2456398831.0000000003DC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047343657.0000000003DE8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2274600628.0000000000AD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2052214824.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\DTShutdown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SMWebProxydt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2501426282.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\somkernldt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\UpdateTool.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360DesktopSetup\360TopbarASS\Release\360TopbarASS.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 00000007.00000000.2447871998.0000000000B08000.00000002.00000001.01000000.0000000A.sdmp, 360TopbarASS.exe, 00000007.00000002.2455079953.0000000000B08000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb source: GBInst.exe, 0000000D.00000002.2552193222.0000000003792000.00000002.00000001.01000000.0000001A.sdmp, GBInst.exe, 0000000D.00000002.2546487459.000000000040B000.00000004.00000001.01000000.0000000E.sdmp
Source:	Binary string: e:\360DeskTop_2.2.0.1070_20120618\bin\360DeskTop\Release\MsgBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000095D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb8pw source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: E:\repos\urlprocnet_1.2.4\CheckedBuildWithPDB\urlprocnet.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429415030.0000000003FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\AppcenterData.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\360GameBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\MusicIEFrame.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\02.WINDOWS\01.MyWork\01.UiFeature\01.SvnKing\trunk\KernelVersionCompany\Bin\Release\UiFeatureKernel.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009B29000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B087000.00000004.00001000.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2511568800.0000000003571000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	13_2_00405368
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_00405D3A FindFirstFileA,FindClose,	13_2_00405D3A
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_00402630 FindFirstFileA,	13_2_00402630
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	15_2_00405368
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_00405D3A FindFirstFileA,FindClose,	15_2_00405D3A
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_00402630 FindFirstFileA,	15_2_00402630
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C34EF80 _memset,_memset,PathAddBackslashW,FindFirstFileW,_memset,PathAddBackslashW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,	16_2_6C34EF80

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData	Jump to behavior

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 171.8.167.89 171.8.167.89

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=6648 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29968 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24957 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=13209 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=1772 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23407 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7933&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=37062&r2=15793 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=17067 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=18640 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=18640 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=13322 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=8772 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=30407 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=20906 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23355&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=105189&r2=24629 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=25445 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=10282 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=474 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24763 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24865&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=152251&r2=26191 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=26498 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=16128 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=4740 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22292&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=179645&r2=23925 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24539 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=26734 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=20600 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29172&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=203246&r2=29887 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=30243 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=10129 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=11343 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21499&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=228113&r2=22263 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22619 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=1538 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23630 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7343&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7343&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7343&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7395&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=254324&r2=9077 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=9384 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22394 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=15343 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 7_2_00AE8060 InternetReadFile,

7_2_00AE8060

Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=6648 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29968 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24957 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=13209 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=1772 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23407 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7933&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=37062&r2=15793 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=17067 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=1&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=18640 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=18640 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=13322 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=8772 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=30407 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=20906 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23355&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=105189&r2=24629 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=25445 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=10282 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=474 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24763 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24865&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=152251&r2=26191 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=26498 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=16128 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=4740 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22292&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=179645&r2=23925 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24539 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=26734 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=20600 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29172&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=203246&r2=29887 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=30243 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=10129 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=11343 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21499&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=228113&r2=22263 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22619 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=1538 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23630 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7343&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7343&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7343&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7395&r3=1280x1024 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=254324&r2=9077 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=9384 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0Host: s.360.cnUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22394 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=15343 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: s.360.cn

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ftp://https://.org.net.com.net.cn.com.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%s.trt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%u%u.html
Source: flashApp.exe	String found in binary or memory: http://%s/api.php?
Source: flashApp.exe	String found in binary or memory: http://%s/checkpwc.php
Source: flashApp.exe	String found in binary or memory: http://%s/intf.php
Source: flashApp.exe	String found in binary or memory: http://%s/intf.php?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://%s?https://%s?&from=parad=login.360.cnhttp://%s/intf.php?https://%s/intf.php?method=UserIntf.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2507348840.0000000003571000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1/%s;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1/%sfilename=resourcesfilesmetalink:/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://agd.p.360.cnSOFTWARE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.go108.cn/360zm/json/astro_everyday/day/Horoscope:%dlovecareer
Source: flashApp.exe	String found in binary or memory: http://api.qcloud.360.cn/intf.php
Source: flashApp.exe	String found in binary or memory: http://api.renren.com/restserver.do
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://api.renren.com/restserver.do%utinyurlWWW-Authenticate
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.renren.com/restserver.doSV
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.renren.com/restserver.doSVW
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.renren.com/restserver.doU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/account/verify_credentials.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/account/verify_credentials.json?U
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/oauth/access_token
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/oauth/access_token?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/statuses/update.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.163.com/statuses/upload.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/%s/%s/members.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/%s/lists/%s/statuses.xmlper_pagehttp://api.t.sina.com.cn/statuses/user_time
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/account/verify_credentials.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/account/verify_credentials.xml?source=U
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/favorites.xmlhttps://api.weibo.com/2/favorites.jsonfavorites
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/friendships/create.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://api.t.sina.com.cn/friendships/create/%s.json?source=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/friendships/show.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://api.t.sina.com.cn/oauth/access_token
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://api.t.sina.com.cn/oauth/access_tokenhttp://api.t.sina.com.cn/users/show/%s.json?source=%shttp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/shortUrl.xmlurl_shorttypeurl_longhttp://api.t.sina.com.cn/friendships/creat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/counts.xmlhttps://api.weibo.com/2/statuses/count.jsoncountrtrepost
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/followers.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/friends.xmlhttps://api.weibo.com/2/friendships/friends.jsonnext_cu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/friends_timeline.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/mentions.xmlhttps://api.weibo.com/2/statuses/mentions.jsonhttps://
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/repost.xmlhttps://api.weibo.com/2/statuses/repost.jsonid=&status=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/update.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/update.xmlU
Source: flashApp.exe	String found in binary or memory: http://api.t.sina.com.cn/statuses/upload.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/upload.xmlU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/upload.xmlhttp://api.t.sina.com.cn/statuses/update.xmlhttps://api.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://api.t.sina.com.cn/statuses/upload.xmlstatus&oauth_signatureOAuth
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/users/show.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.t.sina.com.cn/users/show.xmlhttps://api.weibo.com/2/users/show.jsoncmttypemention_status2
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://api.t.sina.com.cn/users/show/%s.json?source=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auto.search.msn.comGIF89a
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.360.cn/5473920.htmlCPictureGridPicker::ScrollTo:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.360safe.com/forum-883-1.htmlhttp://weibo.com/360gamebox%s?action=mgbosskey&state=%d&from=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000071FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.360safe.com/forum.php?mod=forumdisplay&fid=118&tj=pczhuomian360FeedBack.xmlSoftware
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.ioage.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bbs.ioage.com/cn/forum-33-1.html
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bdmbdr//dr/%d_%d_%d.jpg%d_%d_%d_%dmuti_desc%d_%dspecial_%d_%d/bdm/%d_%d_%dclass_idurl_thumb31
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bizhi.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000083EE000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000000.2482543383.00000000001F4000.00000002.00000001.01000000.00000010.sdmp, flashApp.exe, 00000010.00000002.2486101694.00000000001F4000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://bizhi.360.cn/
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bizhi.360.cn/#360
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bizhi.360.cn/uploadwallpaper.html360
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007A7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bsalsa.com/
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000071FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://care.help.360.cn/care/uploadverifytagsys
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdata.browser.360.cn/api.php?a=switch&m=set&stamp=%s&sign=%s&qt=%s&app=%s&status=%sExt-Data;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=Ad&a=show&appid=%lu&m=%s&modulever=%s&appver=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=AppRelate&a=showList&appid=%lu&mid=%s&modulever=%s&appver=%s&bd=%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getAppStatus&dtver=%s&mid=%sversion%lu%%3A%s%%2Capps=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getInfoByAppid&appid=%s&display_column=utag
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getListByTag&cid=%lu&page=%lu&sort=%s&tag=%s&ver=v2htt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getPresetUpdateApps%shttp://cdn.apc.360.cn/index.php?c
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientApp&a=getRecommendApps2&appid=%d&mid=%s&dtver=%s&mode=%dhttp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=ClientClass&a=getList&ver=v2http://cdn.apc.360.cn/index.php?c=Clie
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=detailV2&appid=%dGameDownloadResultLaunchGame
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503231467.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=detailV2&appid=%dopenMobileMgrisMobileMgrExistis360SafeE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=detailV2&appid=%dyingyongdianjihttp://stat.apc.360safe.c
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=getEvent&qid=%s&event=%s84D988A6-79F3-3360-01CN-BE29SDES
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBox&a=getTimeTamptimefix/w
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=GameBoxClient&a=championNotice&qid=%sapp_namerival_name
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=VideoScreen&a=getPlayInfo&appid=%utitlesrc_allplay_titles
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=WallPaper&a=getAppsByTagsFromCategory&from=360desktop&cids=%d&tags
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=WallPaper&a=getAppsInfoByIds&ids=%sDownloadFavoriteProcess
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=WebApp&a=show&appid=%lu&from=360dtclosesuccrawUrlloginedUrl%st
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.apc.360.cn/index.php?c=WebApp&a=show&appid=%lu&from=360dtsuccrawUrlloginedUrlweb
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.weather.hao.360.cn/sed_api_weather_info.php?app=desktop&fmt=json&code=%darea(%
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.weather.hao.360.cn/sed_api_weather_info.php?app=safeDestop&fmt=json&code=%shttp://weather
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://chrome.360.cn/pdown://h3=60
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://client.apc.360.cn/cms/360dtconf.inid
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000092D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cloud.openapi.360.cncookie_qcookie_t/app/add_list?uid=%s&ver=1.0Content-Type:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cmsg.browser.360.cn/api.php?qt=Get
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.geotrust.com/crls/gtglobal.crl04
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489590698.00000000005EB000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2526016726.00000000037C6000.00000004.00001000.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteCodeSigningCA.crl0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489590698.00000000005EB000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2526016726.00000000037C6000.00000004.00001000.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: explorer.exe, 00000014.00000000.2501641218.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2585762632.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.v
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dapp.wan.360.cn/360desk/mhxx?scrol=no&height=&r=1328833800D
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://data.weibo.com/top/topic?t=hourU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://desk.score.svc.1360.com/get?qid=%s&sign=%sLoginBallShowCountLoginGuideShowLLoginGuideShowHGui
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://desk.score.svc.1360.com/incr?event=%s&qid=%s&value=%d&sign=%s%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://desktop.360.cn/update/update.nxdbupdate.nxdb.newupdate.xdb.new
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.360safe.com/softmupdate/onekeyinstall.cabpdown://http://dlleak.360safe.com/leak/ty/hcphotf
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dlleak6.360safe.com/leak/winxp/123456.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/gamebox/android/360gamebox.apkDlg.ConnectPopuphttp://stat.apc.360safe.com/ms
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://down.360safe.com/safesetup_2000.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dll
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490747591.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllPath
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000954C000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490485754.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllPathopen
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllSOFTWARE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000096F8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2492077094.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllopen
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeSOFTWARE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exeentry
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097C5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047064905.000000000377D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047343657.0000000003DE8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2456398831.0000000003DAC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000083EE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007132000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503231467.0000000003571000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490747591.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exe8
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeH
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000096F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000954C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040411849.0000000000777000.00000008.00000001.01000000.00000003.sdmp, GBInst.exe, 0000000D.00000003.2490485754.0000000003571000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2492077094.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeN
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeP
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000071FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exehttp://down.360safe.com/setup.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/zhuomian/downchrome.inichromeconfigurl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/zhuomian/downchrome.inichromeconfigurl360webapp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/zhuomian/mini_installer.exedownloadpdown://h3=60
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://down.360safe.com/zhuomian/setup.exeUpdateApplicationsAppDownloadCloseUpdateNewUpdateApplicati
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://errsug.se.360.cn/ch.html?m=%s&v=%s&qt=%s&qid=%s&n=%s&mn=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fastmm.sourceforge.net).
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gamebox.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503231467.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gamebox.360.cn360yxhezi13a22fc0a
Source: flashApp.exe	String found in binary or memory: http://graph.renren.com/oauth/token
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://graph.renren.com/oauth/tokenhttps://graph.renren.com/oauth/tokenrenren
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://graph.renren.com/renren_api/session_key?oauth_token=%sU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hd.360.cn/angrybirds/http://static.apc.360.cn/cms/olympics/game_winner.html/page=%d
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hd.360.cn/baobei&ids
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007211000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.360.cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503231467.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://https://DecodePNGimg_reader.dll%s.uiz~mytmpimage_file_%srb
Source: flashApp.exe	String found in binary or memory: http://i.360.cn/findpwd/?src=%s&mid=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://i.360.cn/profile/index2927http://i.360.cn/profile/chusername
Source: flashApp.exe	String found in binary or memory: http://i.360.cn/reg?src=%s&mid=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://i.360.cn/reg?src=%s&mid=%shttp://i.360.cn/findpwd/?src=%s&mid=%sEDITLISTBOXD
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://i3.feixin.10086.cn/%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/appmenugouwu.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menubagua.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menulicai.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menushenghuo.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menushipin.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menutupian.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuxitong.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuyinyue.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuyo
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuyouxi.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.360.cn/images/webapp/logo1223/menuyuedu.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/05/shame_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/0c/sw_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/0c/ws_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/13/sweat.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/17/ldln_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/19/hate.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/1b/gz_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/1b/m_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/29/bz_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/33/camera_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/40/come_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/40/cool_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/41/zz2_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/46/zxc_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/48/sx_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/4b/paoxiao_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/4d/crazy.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/57/angry.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/58/mb_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/58/pig.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/5c/yw_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/60/horse2_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/64/cafe_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/64/hs_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6a/cake.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6a/laugh.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6d/heart.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6d/zhh_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6e/panda_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/70/vw_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/71/bs2_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/73/wq_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7d/sleep_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7e/hei_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7e/love.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/81/rabbit_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/88/zgl_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/89/nm_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/8b/sleepy.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/8f/qq_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/90/money_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/91/d_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/98/yhh_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/9c/tz_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/9e/t_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/a4/dizzy.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/a6/x_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/af/cry.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/af/kl_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b6/kbs_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b6/sb_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b8/cz_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b8/green_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/b9/moon.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/bc/fuyun_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/bc/otm_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/bd/cheer.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c2/tooth.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c7/no_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c9/geili_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/ca/chunnuanhuakai_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d0/z2_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d3/clock_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d6/ok_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d8/good_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d8/sad.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d8/sad_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d9/ye_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/e5/sun.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/e9/sk_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/ea/unheart.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/eb/smile.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/f2/wg_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/f3/k_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/f4/cj_thumb.gif
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://intf.soft.360.cn/index.php?c=Search&a=getSoftList&cver=v1&kw=%S&soft_ids=%s&%s%d-baoku%d-%sCS
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://intf.zsall.mobilem.360.cn/intf/checkMobile?para=%s%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://intf.zsall.mobilem.360.cn/zsintf/getDownloadUrl?soft_ids=%s&market_id=&appver=%s&uid=%s&pid=%
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jquery.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jquery.org/license
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/cgi/pin.php?r=%d&p=%sSV
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/member/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/member/getpwd/getpwd0.php?entry=ssoS
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/sso/getalt.php?entry=weibo360plugin&service=weibo360plugin&tgt=%sU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/sso/login.php?entry=weibo360plugin&alt=%s&url=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://login.sina.com.cn/sso/prelogin.php?entry=weibo360plugin
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://m.openapi.360.cn/msg/check?session=%s&msgid=%s3A6539ADE038ACD6DBFA8A4D130E34A5
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://m.openapi.360.cn/usr/login
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://m.openapi.360.cn/usr/loginnickname:cookie:??unp=%s&un=%s&unp=%s&un=%shttp://profile.openapi.3
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://m.soft.360.cn/index.php?controller=Intf&action=get.Down.Url&soft_id=%d&no_view=1&ofmt=xml&%sh
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007A7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mail.163.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mail.S
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://monitoring.openapi.360.cn/desktop/nopen/id/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://my.360.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://news.baike.360.cn/fw/zt1/heixiazi.htmlhttp://bbs.360safe.com/forum-162-1.html
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000014.00000002.2596015892.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.geotrust.com0K
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489590698.00000000005EB000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2526016726.00000000037C6000.00000004.00001000.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://open.app.360.cn/?from=360desktop_tray%stype=open&action=appcenter&from=youxiajiaotray&TrayMen
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://open.app.360.cn/?from=360desktop_trayhttp://bbs.360.cn/5473920.htmlTaskbarCreatedhW
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p1.qhimg.com/t01300a29501effb80d.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p17.qhimg.com/t01786e375a7830d753.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p17.qhimg.com/t01f55a00a83c723f3d.png)
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p19.qhimg.com/t01008d7e105188efac.png)
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p2.qhimg.com/t016ca463057d8d4362.png)
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p2s.f.360.cn/urlquery
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p5.qhimg.com/t019530ea43ea4d8d90.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p7.qhimg.com/t0187051ceab8c8d55c.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p8.qhimg.com/t011dbc6e088968ddd8.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p9.qhimg.com/t013736ff668d0555d4.png)
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pdown.stat.360safe.com/dimana.htm&usetime=%d&downrate=%d&downlen=%I64u=&?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pinst.360.cn/360haohua/safe_chaoqiang.cab
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pinst.360.cn/gamebox/GBUpdateConfig_Manual.ini?tick=%lu..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pinst.360.cn/zhuomian/DtUpdateConfig_Manual.ini?tick=%dUpdateContentAttributeDownloadMainVers
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pinst.360.cn/zhuomian/DtUpdateConfig_Manual.ini?tick=%dhttp://pinst.360.cn/zhuomian/DtUpdateC
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://pinst.360.cn/zhuomian/reinst_beta.cab/URL:http://pinst.360.cn/zhuomian/reinst_final.cabmodule
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://player.56.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://player.ku6.com/refer/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://player.pptv.com/v/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://player.youku.com/player.php/sid/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.openapi.360.cn/degree.html#tab=2#uhp=%s#un=%shttp://profile.openapi.360.cn/user/info.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.openapi.360.cn/degree.html#uhp=%s#un=%shttp://profile.openapi.360.cn/msg/info.html?ve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.openapi.360.cn/user/info.html?un=dockbar
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.openapi.360.cn/user/popup.htmlGS
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://profile.se.360.cn/proxyerr.php
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pstat.p.360.cn/uplog.php0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pstat.p.360.cn/uplog.phpinfo0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://q.soft.360.cn/get_download_url.php?type=download_url&soft_ids=%s&%sOptions
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://q.soft.360.cn/get_polls.php?mid=%Shttp://q.soft.360.cn/get_polls.php?ofmt=json&mid=%Shttp://q
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://q.soft.360.cn/get_update_info.php?type=update_info&soft_ids=%s&lrtime=0&%snameubrief2vdisppti
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://q.soft.360.cn/get_update_info.php?type=update_info&soft_ids=%s&lrtime=0&%subrief2vdispptimesu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.163.com/getpasswd/RetakePassword.jsp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.163.com/reg/reg.jsp
Source: 360TopbarASS.exe	String found in binary or memory: http://relate.apc.360.cn/index.php?c=Relate&a=getRelateCate&mid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 00000007.00000000.2447871998.0000000000B08000.00000002.00000001.01000000.0000000A.sdmp, 360TopbarASS.exe, 00000007.00000002.2455079953.0000000000B08000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://relate.apc.360.cn/index.php?c=Relate&a=getRelateCate&mid=&count=16&show=1&version=catecidrela
Source: 360TopbarASS.exe, 00000007.00000002.2455270046.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 00000007.00000002.2455270046.0000000000F2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://relate.apc.360.cn/index.php?c=Relate&a=getRelateCate&mid=59cd53708ed730f0ef42bb01f668d936&cou
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://res.qhupdate.com/wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini%d.%dB:A:downloadpat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://rm.api.weibo.com/statuses/unread.xml
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhibox&from=2
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhiexit&from=4startfrom=4http://s.360.cn/bizhi/s.html?action=b
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=0&fangshi=2http://s.360.cn/bizhi/s.html?acti
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=0http://static.apc.360.cn/cms/guajian.htmlHi
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=7http://s.360.cn/bizhi/s.html?action=bizhiri
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=8
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhirightlist&from=9dataimg_%d_%dtotal0errnogoodwallpaper.jsonh
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhiset&from=0&appver=2.1.0.1026&pid=zhuomian&m=
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=bizhiset&from=1&appver=2.1.0.1026&pid=zhuomian&m=
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=wpinst&from=1&appver=2.1.0.1026&pid=zhuomian&m=
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?%sfun=lifecycle&act=updatedownload&res=app
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?%sfun=lifecycle&act=updateopen&res=app
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?%sfun=link&act=%s&res=%s&r1=%s&r2=%s&r3=%s&wjj
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=%s&fun=%s&act=%d&res=%d&mid=%s&ver=%s&r1=%d&r2=%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2406322166.0000000000A9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=59cd53708ed730f0ef42bb01f668d936&ver
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2610717046.00000000035B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2459215204.000000000359F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2129177521.0000000003582000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/s.htm?pidu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000092D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/tray.htm?m=%s&uid=%s&pid=%s&appver=%s&modulever=%s%u.%u.%u.%uName
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/dt/tray.htm?m=%s&uid=%s&pid=%s&appver=%s&modulever=%shttp://m.openapi.360.cn/status.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.360.cn/xiaoguanjia/xgj.html%s?action=shutdown&from=%d&appver=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s0.qhimg.com/lib/jquery/171.js
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s0.qhimg.com/st.360.cn/;bk_up;style/7e995a0e.css
Source: explorer.exe, 00000014.00000000.2510896073.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.2512903417.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000002.2593631457.0000000008890000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sd.p.360.cn/%s.trt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sd.p.360.cn/BB53D19C9D32290AC8A94E902D7CB0C86A7E01E1.trt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://se.360.cnU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seapp.stat.360safe.com/q.html?name=%s&appver=%s&mid=%s&c=%sU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seapp.stat.360safe.com/ver.html?name=%s&p=%s&mid=%s&fa=%s&fb=%s&fc=%sU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://setpass.app.se.360.cn/forget?type=mail
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2507348840.0000000003571000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seupdate.360safe.com/360webmail_ver2.ini%s%d.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seupdate.360safe.com/360webmail_ver2.ini?%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://seupdate.360safe.com/360webmail_ver2.ini?%dSV
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sizzlejs.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soft.360.cn/static/ess/class_lenovo.xml?t=%d&%shttp://soft.360.cn/static/ess/class_6_0.xml?t=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=onekeyinstall&softid=%u&succ=%d&update=%d&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=onekeyinstall&softid=%u&succ=%d&update=%d&0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=open&action=%s&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=web&action=time&htime=%d&etime=%d&u=%s&ie=%s&bug=%lu&%%%about:bl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?type=web&action=time&htime=%d&etime=%d&u=%s&ie=%s&bug=%lu&%%%mshtml.d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?xml=err&m=~DF
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.360safe.com/stat/?xml=err&m=~DFP.ScriptTypeScript..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.update.360safe.com/360deskup2m.cab10222201102021020621221110210213208218206204209203205
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.update.360safe.com/360deskup2m.cab360AppCore%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.update.360safe.com/360gamebox/v3update.cab?src=%S&t=%d&%Supdate.ini360safe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://softm.update.360safe.com/360gamebox/v3update.cab?src=360DtMgr&t=%d&%shttp://softm.update.360s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.360safe.com/360/?stype=changeskin&ver=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429415030.0000000003FE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stat.360safe.com/360safeurl/?type=upnet&mid=%sFloating
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://stat.360safe.com/login.html?type=login&from=%s&action=%s&style=%s&uid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://stat.360safe.com/login.html?type=login_checksumfail&q_send=%s&vt_send=%d&q_recv=%s&vt_recv=%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/ad.html?action=slidetimeout&appid=%lu&%stype=new&action=webapp-cpu&from=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/ad.html?action=slidetimeout&appid=%lu&UiFeature360CtrlAnimationBalloonWndClsA
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=dakaizhuce&%stype=new&action=zhuce&from=%s&r1=%s&ap
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=msgbox&from=%d&detail=%d&m=%s&modulever=%s&appver=%
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=msgboxweibo&from=%s&detail=%s&uid=%s&pid=%s&m=%s&mo
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=runmsg&from=full&detail=run&m=%s&modulever=%s&appve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=runmsg&from=full&detail=run&open_msgbox360ID
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/msg.html?type=open&action=zhucechenggong&360DesktopRegisterVerifyCodeDlg
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html%s?type=open&action=%s&mod=%d&appid=%lu&fenleiid=%d&from=%d&style=fu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%dx%d%stype=new&action=newdtmusic&from=%d&appid=&0http://stat.apc.3
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=moviefunction&from=%d&fangshi=&sort=&r1=&%stype=n
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=newdtmusic&from=%d&appid=&bad
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=openfiles&from=%d&r1=fences&r2=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=performanceindex_button&from=%u&fangshi=%u&safeve
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=new&action=tipsclick&from=%d&fangshi=%d&sort=&r1=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=open&action=appcenter&style=fullscreen&from=%d&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?%stype=open&action=yingyongdianji&mod=1&fangshi=%d&appid=%d&fenleii
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=SetAppwallpaper&from=1&fangshi=&appid=&r1=&r2=&r3=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=SetSyswallpaper&from=0&fangshi=&appid=&r1=&r2=&r3=&
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=bizhibubble&from=1LastCloudIdSoftware
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=bizhibubble&from=4http://stat.apc.360.cn/stat.html?
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=bizhilunbo&from=%d&fangshi=%d&appid=%s&r1=&r2=&r3=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007211000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=feedback&from=%d&fangshi=%d&uid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendar&from=1&fangshi=1&r1=fences&r2=particu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendar&from=1&fangshi=2&r1=fences&r2=particu
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendar&from=6&r1=fences&r2=particular&http:/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendarstate&from=2&fangshi=1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=fencecalendarstate&from=2&fangshi=2
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=genghuanbizhishezhi&from=1&fangshi=&http://stat.apc
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=genghuanbizhishezhi&from=2&fangshi=&CCapDeviceChang
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=gerenzhongxin&from=%d&mid=%s&uid=%sA3B6B07CF749024E
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=guanbiruanjian&from=&fangshi=&sort=&r1=&
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=msgremind&from=%d&appid=%s&http://stat.apc.360.cn/s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newbuttonclick&from=1&uid=1&pid=h_home&m=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newbuttonclick&from=3&uid=1&pid=h_home&m=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=1&uid=1&pid=h_home&m=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=startinstall&appver=%s&r1=%s&uid=1&pid=%s&m=%shttp:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2459215204.000000000359F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=startinstall&appver=2.6.0.1110&r1=2.6.0.1110&uid=1&
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=wpcommon&from=00
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000083EE000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000000.2482543383.00000000001F4000.00000002.00000001.01000000.00000010.sdmp, flashApp.exe, 00000010.00000002.2486101694.00000000001F4000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=zidaiyingyong&from=7&fangshi=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newbuttonclick&from=2&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newbuttonclick&from=4&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=1000&uid=1&pid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=2&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=3&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=4&uid=1&pid=h_h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=anzhuanganquanzhuomian&from=3&mod=%d&appver=%s&pac
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2459215204.000000000359F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=anzhuanganquanzhuomian&from=3&mod=1&appver=2.6.0.1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=anzhuangyunxing&from=%d&appver=%s&packagever=%s&ui
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=bengkuilesorry&deskbanben=%s&deakbanhao=%s&t=%dMoz
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2499422068.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=bengkuilesorry&deskbanben=%s&deakbanhao=%s&t=%dfee
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=guanbicomputer&-reboothttp://stat.apc.360.cn/stat.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=guanbisuoyouruanjian&%shttp://stat.apc.360.cn/stat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=qieping&from=1&style=%d&PageMyAppFS.xml%windir%
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=sequence&from=%d&r1=fences&%stype=new&action=xinji
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=shengjichengxu&from=1&http://stat.apc.360.cn/stat.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2610717046.00000000035B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=tiyanjihua&from=1&appver=2.6.0.1110&packagever=2.6
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=update&360DTNotifyF3C85C74-71B1-4ac8-9C89-B9BE4DC4
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/stat.html?type=open&action=detailclick&from=1&uid=1&pid=h_hom
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000016.00000003.2610280460.00000000030E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/tmp.html%s?action=gj_appcore&from=1%s?action=gj_appcore&from=2&fangshi=%u&sor
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360.cn/webapp.html?%stype=webapp&action=error&appID=%d&host=%s&errorcode=%d&errortyp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html%s?action=%s&sid=%u&moduledownokmoduleinstallokmodulenoninstallT
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html%s?action=%s&sid=%u&moduledownokmoduleinstallokmodulenoninstalld
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2501426282.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html%s?action=mgpopup&from=4&detail=1003&state=1&x
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?360Gbapp..
Source: GBInst.exe, 0000000D.00000002.2548302754.000000000056B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?action=mginst&state=
Source: GBInst.exe, 0000000D.00000002.2548302754.00000000005D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?action=mginst&state=1&pid=ZMSilent&m=59cd53708ed730f0ef42bb01f6
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?action=mgpopup&from=4&detail=2001&state=%d&x
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.apc.360safe.com/msg.html?http://stat.apc.360.cn/stat.html?%stype=open&action=somxmlLoadR
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stat.ioage.com/web/theworld2up.ini?2.4.1.9needfileSUBVER_%slanguages
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/apphotweb.htmlsysMaxtooltips_class32dcGP
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/ertong/ertongleyuan.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/ertong/ertongleyuan.htmlhttp://static.apc.360.cn/cms/music/tingyinyue.h
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/gamecomment.html?appid=%d&from=%dwebapp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/education.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/fashion.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/female.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/game.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/investment.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/life.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/magzine.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/music.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/news.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/novel.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/picture.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/shopping.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/social.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/tools.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/mini/video.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/minivideo/index.htmlAnimImage
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/minivideo/noplayer.html360Desktop
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/minivideo/player.html?playUrl=%sspliter1spliter2
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/music/tingyinyue.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B050000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2509212496.000000000357C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/novels/gcy.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B050000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2509212496.000000000357C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/novels/gcy.htmliBookMenu.Yahei.NormaliBookMenu.Yahei.Hover
Source: GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/recommend_game_new.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/selected.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/selected.htmlhttp://client.apc.360.cn/cms/360dtconf.ini7
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/skin_uploadwebapp.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/theme/index.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/theme/index.htmlMusicIEFrame7
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/video/shipinhezi1.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/video/shipinhezi1.html%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/video/videoNew.html?context=%s&num=%s&count=%d
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/bztuijian.htmlhttp://s.360.cn/bizhi/s.html?action=bizhirightl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/show.php
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/show.phpTextSinaWeibo_CJPicLD_BeginTimeLD_EndTimebutton
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/weibo-share.html
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper/weiboshare.html#
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/wallpaper_feedback.htmlloopwallpaper.xml&r1=1&action=bizhiEntrance&from
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/cms/xiaoxihezi/tankuang.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/feedback/index.html?appid=%d&name=%s360WebappLead2ArenaTipsClass360WebappGa
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/feedback/index.html?appid=%d&name=%swebgamecontrolpanel.xml360Desktop
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://static.apc.360.cn/other/app_center/app_poll_1_0.htmlSoftMgr_Notify
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/360GameBoxConf.xmlGameBox_ConnectingMobilePopup
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/popup/pop_bg.pngmap/set
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/rules.htmhttp://swf.baoku.360.cn/gamebox/exaward.htmhttp://swf.baoku
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/sorryjump.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/sorryjump.htmI360AppCenterDataClientTypeTabVisible
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/sorryjump.htmSettingCenter
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/gamebox/sorryjump.htmpdown://h3=30
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/hzx/Sound.zipStartDownload()
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/hzx/flashActiveX.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/hzx/flashActiveX.exe&..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/hzx/flashActiveX.exehttp://swf.baoku.360.cn/hzx/Flash32_11_3_win8_360.ocx..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/zhuomian/player/v2/douban.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/zhuomian/player/v2/jingfm.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/zhuomian/player/v2/kugou0329.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://swf.baoku.360.cn/zhuomian/player/v2/kuwoo.zip
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t.163.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t.cn/Swi4kM
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t.cn/htzkKX
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://theworld.cn/http://ioage.com/http://www.ioage.com/Update
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tp3.sinaimg.cn/1751401422/50/5611920854/1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tuan.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tuan.360.cn/api/se2.php?rc=%d&fromid=%d
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://uninstall.feedback.360.cn/360desktopuninstall.html?ver=%s&mid=%s&safever=%s&sysver=%s&is64=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://up.soft.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://up.soft.360.cnQuickInstLog0.0.0.0/index.php?c=Upload&a=upload&pjt=quickinst&ver=%s&mid=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/instcomp.htm?soft=1101&status=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/instcomp.htm?soft=1101&status=25&change=local&mid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/instcomp.htm?soft=1101&status=25&change=self&mid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000071FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/instcomp.htm?soft=2300&status=%d%02xshell32.dllPrivateExtractIconsWuser32.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000954C000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490485754.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/v3/safeup_lib64.cabhttp://update.360safe.com/v3/safeup_lib.cab360trayHandl
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.360safe.com/zhuomian/music/SelectMusicConfig.xml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v.ifeng.com/include/exterior.swf?guid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.cnzz.com/c.php?id=30000496
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/Shopping.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/bagua.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/licai.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/shenghuo3.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/shipin.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/tupian.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/xitonggongju.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/yinyue.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/youxi3.png
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://w.qhimg.com/images/v2/webapp/class/20110519/yuedu.png
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAllCategoriesV2http://cdn.apc.360.cn/index.ph
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsByCategory&cid=%s&start=%d&count=%dhttp:/
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsByTagsFromCategory&cids=%s&start=%d&count
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsInfoByIds&ids=%s-995OpenSettingCenterDoOp
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsV3&cids=%s&start=%d&count=%dhttp://wallpa
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaperAloneRelease&a=qrcodeshow&url=%shttp://wallpaper.ap
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cn/index.php?c=WallPaperAloneRelease&a=srvhoverUpdateFinish
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wallpaper.apc.360.cnjson_err/index.php?c=WallPaper&a=apiCrashReportbizhi.dump.360.cndump/uplo
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn/bbs.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn/bbs.htmlgame.360.cn&name=http://wan.360.cn/bbs/second.html?g=%shttp://wan.360.cnn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn/cs
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wan.360.cn/csgame.360.cn&name=http://wan.360.cn/bbs/second.html?g=%shttps://KeFuhttp://wan.36
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/fans
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profile
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profileS
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profileSVW
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profileSf
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/%d/profileU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/atme
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/comments
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/messages?source=toptray
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/signup/signup.php?entry=360se
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/signup/signup.php?ps=u3&lang=zh
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/signup/signup.php?ps=u3&lang=zhU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://weibo.com/zt/s?k=
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://whttp://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsInfoByIds
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wpad.%s/wpad.dathttp://%s/wpad.datwpad
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2043012277.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097C5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047217526.000000000320E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2608003325.0000000003C54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000095D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008E93000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009B29000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009348000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008D81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.000000000359F000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2495238781.000000000357E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490485754.0000000003571000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2497316206.0000000003586000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2497052860.0000000003580000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490747591.0000000003571000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002BDE000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487364268.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2484431607.0000000002CB3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn//index.html127.0.0.1--
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/ConnectedState:%dCreateFile
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/custom/xukexieyi.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/privacy/index.htmlJoinExperiencePlan%stype=setting&action=tiyanshezhi&shezhi=%d&SO
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/shoujizhushou/index.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/sinaweibo.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/ucenter/faq.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/userexperienceimprovement.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/weishi/index.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/weishi/index.htmlres://%d/%s/%dDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayT
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/xukexieyi.html#zhuomianJ
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000083EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn/yinsichengnuo.html#xiangqing23
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn4
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cn;color=rgb(60
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cnMAINFRAME
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2508252090.000000000054E000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360.cnPublisher360
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.360safe.com360o
Source: explorer.exe, 00000014.00000000.2522719212.000000000C860000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2607456987.000000000C860000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/baidu?word=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/baidu?word=%us&tn=ichuner_4_pg&ie=utf-8:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/index.php?tn=ichuner_2_pg
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/s?tn=ichuner_4_pg
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/s?wd=%shttp://www.google.com.hk/search?q=%s&client=aff-os-prius&hl=zh-CN&ie=gb2
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007132000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.geotrust.com/resources/cps0(
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.go108.com.cn/openapp/360app/astrofate/result.php?iAstro=%dA3B6B07CF749024E2DB5A6DF0DF37D1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.cn/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=javascri
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.cn/search?client=aff-worldbrowser&channel=errorpage&forid=1&ie=utf-8&oe=UTF-8&hl=z
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%s&i
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%us:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.hk/search?q=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.hk/webhp?client=aff-worldbrowser&ie=utf-8&oe=UTF-8&hl=zh-CN
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ifeng.com&fromweb=other&AutoPlay=false
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/help-appendix-04.htmhttp://www.theworld.cn/http://www.ioage.com/cn/help.htmT
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/help-shortcut.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/help.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/index.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/plugins.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/skin.htmPA
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/cn/thanks.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/hl/cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/hl/cn/browsemode.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/hl/cn/dailytips.ini$http://www.ioage.com/web/navierr.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/hl/cn/rendermode.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/frame_naverror.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/inst.htmhttp://www.ioage.com/web/uninst.htmUpgrade
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/navierrres:about:blank%s/Software
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/web_search_cn.htm
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ioage.com/web/welcome_cn.htm?ver=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.macromedia.com/go/getflashplayer
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.meilishuo.com/users/register
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mogujie.com/register
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.planeart.cn/?p=1121
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.renren.com/md5LoginU
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sogou.com/sogou?query=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.theworld.cn/client/downhttp://www.theworld.cn/client/up
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.theworld.cn/client/syncfavsorder.db%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tudou.com/v/
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll-1.2.3rbr
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllP
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000954C000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503231467.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllincompatible
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000095D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllrbr
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.yinyuetai.com/video/player/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://you.video.sina.com.cn/api/sinawebApi/outplayrefer.php/vid=
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhifu.openapi.360.cnMode
Source: explorer.exe, 00000014.00000002.2609003981.000000000CA11000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/00C91DA8863D472fB1873585577810F1
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/360chromeinstalltips.html
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/360chromeinstalltips.html$
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ShowAppPermitDlg
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/f&TCopyright
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe	String found in binary or memory: http://zhuomian.360.cn/ver2.0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000016.00000003.2610280460.00000000030E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0/
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000016.00000002.2612965104.0000000000219000.00000002.00000001.01000000.0000001D.sdmp, 360TopBar.exe, 00000016.00000000.2548217131.0000000000219000.00000002.00000001.01000000.0000001D.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0/reboot360DTSwitchBar.dllRunDLL
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0C:
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0L
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0SetUnhandledExceptionFilterkernel32.dllGIF89a
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009B29000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B087000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0Shell_TrayWnd
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0kernel32.dll360BoxCtrlCScrollMutliAppbox360DockBarCtrl360Desktop_CNBSug
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0kernel32.dllSetUnhandledExceptionFilteropenDTCrashReport.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0processinfo.dat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0somkernldt.dll..
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cn/ver2.0widthheightcallbackoncloseHWND=%lu;content=%sHWND=;content=T
Source: explorer.exe, 00000014.00000002.2596015892.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnLocalSt
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: http://zhuomian.360.cnReferertokenautologinerrno=vector
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://zhuomian.360.cnSwitchBar.xmlupdatecfg.inimodules
Source: explorer.exe, 00000014.00000002.2596015892.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnap
Source: explorer.exe, 00000014.00000002.2596015892.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cne
Source: explorer.exe, 00000014.00000000.2503114639.0000000003040000.00000002.00000001.00040000.00000017.sdmp	String found in binary or memory: http://zhuomian.360.cnhttp://zhuomian.360.cnhttp://zhuomian.360.cn360
Source: explorer.exe, 00000014.00000002.2596015892.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnobat
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zhuomian.360.cnsomkernldt.dll..
Source: flashApp.exe	String found in binary or memory: https://%s/intf.php?
Source: explorer.exe, 00000014.00000000.2521483480.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2605360530.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000014.00000000.2507675469.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2590375486.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000014.00000000.2515605568.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2596015892.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000014.00000000.2507675469.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2590375486.0000000007637000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://api.weibo.com/2/friendships/create.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/friendships/followers.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/friendships/show.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/statuses/friends_timeline.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/statuses/update.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/statuses/upload.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/statuses/upload.jsonaccess_token1.jpgpic
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/2/users/show.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://api.weibo.com/2/users/show.json?access_token=%s&uid=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/oauth2/U
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2497052860.0000000003580000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.weibo.com/oauth2/authorize?client_id=3977697501&redirect_uri=https%3A%2F%2Fconnect.360.c
Source: explorer.exe, 00000014.00000000.2504115554.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2588015796.00000000035FA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.coml
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdata.browser.360.cn/api.php?https://cdata.browser.360.cn/api.phpvtversiontype
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://connect.360.cn/index.php?U
Source: explorer.exe, 00000014.00000002.2596015892.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://feixin.10086.cn/account/register/CC_DelAccountResult
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe	String found in binary or memory: https://graph.renren.com/oauth/token
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://graph.renren.com/transfer?%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://graph.renren.com/transfer?%slogout
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2497052860.0000000003580000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.feixin.10086.cn/https://i2.feixin.10086.cn/https://i3.feixin.10086.cn/https://i5.feixin.10
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://i2.feixin.10086.cn/api/user.json?access_token=%s
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://i2.feixin.10086.cn/api/user.json?access_token=%shttp://api.qcloud.360.cn/intf.phperror_descr
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2129191265.0000000003562000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2166209779.0000000003562000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.sina.com.cn/sso/login.php
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openapi.360.cn/internal/get_is_user_paid.json?q=%s&t=%spaynotify.xmlpaynotify_del.xmlheadima
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openapi.360.cn/internal/get_user_by_q_t.json?%sapp_key=%s&q=%s&t=%s&type=%d&name=%sD
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openapi.360.cn/internal/get_user_by_q_t.json?%sapp_key=%s&q=%s&t=%s&type=%d&name=%shttp://cd
Source: explorer.exe, 00000014.00000002.2596015892.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passport.360.cn/api.php?parad=http://passport.360.cn/api.php?parad=&from=360deskmethod=UserI
Source: explorer.exe, 00000014.00000002.2605360530.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2521483480.000000000C460000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rm.api.weibo.com/2/remind/unread_count.json
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spreadsheets.google.com/http://spreadsheets.google.com/https://docs.google.com/http://docs.g
Source: explorer.exe, 00000014.00000002.2596015892.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/)s
Source: explorer.exe, 00000014.00000002.2596015892.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comon
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwhttp://wwwTW.2.10%d:

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe

Code function: 13_2_00404F1F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

13_2_00404F1F

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 16_2_6C37A120 CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,_memset,lstrcpynA,CryptImportKey,CryptCreateHash,CryptSetHashParam,CryptHashData,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,

16_2_6C37A120

System Summary

Contains functionality to communicate with device drivers

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 7_2_00AEF080: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle,

7_2_00AEF080

Contains functionality to shutdown / reboot the system

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,		13_2_00403225
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,		15_2_00403225

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0341A669	0_3_0341A669
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0341A669	0_3_0341A669
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0341A938	0_3_0341A938
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0341A938	0_3_0341A938
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0341A669	0_3_0341A669
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0341A669	0_3_0341A669
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0341A938	0_3_0341A938
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0341A938	0_3_0341A938
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034BA94E	0_3_034BA94E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034BA94E	0_3_034BA94E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347CBCA	0_3_0347CBCA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034863D8	0_3_034863D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034863D8	0_3_034863D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347FFE9	0_3_0347FFE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348260F	0_3_0348260F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347BE96	0_3_0347BE96
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347BC12	0_3_0347BC12
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347D99D	0_3_0347D99D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347D7A7	0_3_0347D7A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034849A0	0_3_034849A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034849A0	0_3_034849A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034BA94E	0_3_034BA94E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034BA94E	0_3_034BA94E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347CBCA	0_3_0347CBCA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034863D8	0_3_034863D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034863D8	0_3_034863D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347FFE9	0_3_0347FFE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348260F	0_3_0348260F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347BE96	0_3_0347BE96
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347BC12	0_3_0347BC12
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347D99D	0_3_0347D99D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347D7A7	0_3_0347D7A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034849A0	0_3_034849A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034849A0	0_3_034849A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348D88F	0_3_0348D88F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348D518	0_3_0348D518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348D88F	0_3_0348D88F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348D518	0_3_0348D518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348D88F	0_3_0348D88F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348D518	0_3_0348D518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034923F9	0_3_034923F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489E88	0_3_03489E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489709	0_3_03489709
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348D88F	0_3_0348D88F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18	0_3_03488A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0348D518	0_3_0348D518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03491639	0_3_03491639
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03489A31	0_3_03489A31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034897B1	0_3_034897B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147	0_3_034AA147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A9F01	0_3_034A9F01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C	0_3_034A6A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A61AE	0_3_034A61AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA422	0_3_034AA422
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03492410	0_3_03492410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03492410	0_3_03492410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03492410	0_3_03492410
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00B04083	7_2_00B04083
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AE3070	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AF0190	7_2_00AF0190
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00B02A8E	7_2_00B02A8E
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AF6A32	7_2_00AF6A32
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AFEB27	7_2_00AFEB27
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AFE347	7_2_00AFE347
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00B056E8	7_2_00B056E8
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AFDE72	7_2_00AFDE72
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AFB7AE	7_2_00AFB7AE
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AF0FE0	7_2_00AF0FE0
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00B02FD2	7_2_00B02FD2
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AFE71B	7_2_00AFE71B
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AFEF47	7_2_00AFEF47
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_3_037B6B48	13_3_037B6B48
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_3_037B14F0	13_3_037B14F0
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_3_037BB0B0	13_3_037BB0B0
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_0040600A	13_2_0040600A
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_00404730	13_2_00404730
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_0378FF5F	13_2_0378FF5F
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_03790B9B	13_2_03790B9B
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_0378FA1B	13_2_0378FA1B
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_03781680	13_2_03781680
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_0378A845	13_2_0378A845
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_037918FC	13_2_037918FC
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_037904A3	13_2_037904A3
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_0040600A	15_2_0040600A
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_00404730	15_2_00404730
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021CB0B0	15_2_021CB0B0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021C14F0	15_2_021C14F0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021C6B48	15_2_021C6B48
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001DE6D0	16_2_001DE6D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001DE150	16_2_001DE150
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001F1992	16_2_001F1992
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001E1190	16_2_001E1190
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001F1389	16_2_001F1389
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001F1CB0	16_2_001F1CB0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001F0E45	16_2_001F0E45
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001D8E70	16_2_001D8E70
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001D16A0	16_2_001D16A0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001ED738	16_2_001ED738
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001E6741	16_2_001E6741
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C371480	16_2_6C371480
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3E4C18	16_2_6C3E4C18
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3AEDF0	16_2_6C3AEDF0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3DEDD9	16_2_6C3DEDD9
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3DEDC0	16_2_6C3DEDC0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3B2EF0	16_2_6C3B2EF0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3B8F30	16_2_6C3B8F30
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3B6A80	16_2_6C3B6A80
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C380B80	16_2_6C380B80
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3E65B5	16_2_6C3E65B5
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3D0630	16_2_6C3D0630
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C358610	16_2_6C358610
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3E46D4	16_2_6C3E46D4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3CC714	16_2_6C3CC714
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3660D0	16_2_6C3660D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C354250	16_2_6C354250
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3CC2F4	16_2_6C3CC2F4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C382390	16_2_6C382390
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3663E0	16_2_6C3663E0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C373D80	16_2_6C373D80
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3CBEE8	16_2_6C3CBEE8
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3E1EC3	16_2_6C3E1EC3
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3E5854	16_2_6C3E5854
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3D9900	16_2_6C3D9900
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3C1A50	16_2_6C3C1A50
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3CBB14	16_2_6C3CBB14
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C363BD0	16_2_6C363BD0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C357BC0	16_2_6C357BC0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C383500	16_2_6C383500
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3CB63F	16_2_6C3CB63F
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3B7080	16_2_6C3B7080
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3E515C	16_2_6C3E515C
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3B7290	16_2_6C3B7290
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CE75BC	20_2_00007FF8B8CE75BC
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CD49F0	20_2_00007FF8B8CD49F0
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CE3E68	20_2_00007FF8B8CE3E68
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CDAFA0	20_2_00007FF8B8CDAFA0
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CDF360	20_2_00007FF8B8CDF360
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CE132C	20_2_00007FF8B8CE132C
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CDE72C	20_2_00007FF8B8CDE72C
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CD3890	20_2_00007FF8B8CD3890
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CE60B0	20_2_00007FF8B8CE60B0
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 22_2_00206AA0	22_2_00206AA0
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 22_2_00215BF5	22_2_00215BF5
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 22_2_0020F7FB	22_2_0020F7FB
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AE2400	26_2_00007FF680AE2400
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AF5DEC	26_2_00007FF680AF5DEC
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AE21A0	26_2_00007FF680AE21A0
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AE1990	26_2_00007FF680AE1990
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AE62D0	26_2_00007FF680AE62D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AEEB0C	26_2_00007FF680AEEB0C
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AF3B04	26_2_00007FF680AF3B04
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AE4EB0	26_2_00007FF680AE4EB0
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AE67E0	26_2_00007FF680AE67E0
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AED7F8	26_2_00007FF680AED7F8
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AEFF90	26_2_00007FF680AEFF90
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AF10B8	26_2_00007FF680AF10B8
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AF3D28	26_2_00007FF680AF3D28
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AEB44C	26_2_00007FF680AEB44C
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AE7C40	26_2_00007FF680AE7C40
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AF20B0	26_2_00007FF680AF20B0

Found potential string decryption / allocating functions

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: String function: 03789F4C appears 34 times
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: String function: 00AF6FF8 appears 42 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C354240 appears 124 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 001E4094 appears 48 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C3D1A70 appears 50 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C3D1B90 appears 39 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C3B8655 appears 36 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C349710 appears 31 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C347530 appears 37 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C3D1B50 appears 83 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C3BC28C appears 58 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: String function: 6C3B1210 appears 146 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: String function: 00007FF680AE79D0 appears 32 times
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: String function: 0020A0AC appears 37 times

One or more processes crash

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1028 -s 10624

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: DLL type: 7-zip archive data, version 0.4
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: DLL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 213427 bytes, 1 file, at 0x2c +A "7z.dll", number 1, 12 datablocks, 0x1 compression
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: OEMDATA type: 7-zip archive data, version 0.3
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: SETUPCONFIG type: 7-zip archive data, version 0.4
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Resource name: SKIN type: 7-zip archive data, version 0.4
Source: 360mwapp.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 separate I&D executable not stripped
Source: 360weibo.exe.0.dr	Static PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: Uninstall.exe.0.dr	Static PE information: Resource name: OEMDATA type: 7-zip archive data, version 0.3
Source: Uninstall.exe.0.dr	Static PE information: Resource name: SKIN type: 7-zip archive data, version 0.4

PE file contains more sections than normal

Source: 360seNotify.exe.0.dr

Static PE information: Number of sections : 12 > 10

PE file contains strange resources

Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\017TCWeiBoEditForm\016CWeiBoEditForm\013BorderStyle\007\006bsNone\007Caption\022\005'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\030TCWeiboPuzzlePicEditForm\027CWeiboPuzzlePicEditForm\013BorderStyle\007\006bsNone\007Caption\006\027CWeiboPuzzlePicEditForm\014ClientHeight\003"\001\013ClientWi'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\030TCWeiboPuzzlePicItemForm\027CWeiboPuzzlePicItemForm\013BorderStyle\007\006bsNone\007Caption\006\027CWeiboPuzzlePicItemForm\014ClientHeight\003\014\001\013ClientWi'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\027TMsgBoxClientAnchorForm\026MsgBoxClientAnchorForm\013BorderStyle\007\006bsNone\007Caption\022'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TRemindItemBasicForm\023RemindItemBasicForm\013BorderStyle\007\006bsNone\007Caption\006\023RemindItemBasicForm\014ClientHeight\003\027\001\013ClientWidth\003\346\001\005Color'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TShareImgPreviewForm\023ShareImgPreviewForm\013BorderStyle\007\006bsNone\013BorderWidth\002\001\007Caption\022\004'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TShareLoginBasicForm\023ShareLoginBasicForm\013BorderStyle\007\006bsNone\007Caption\006\023ShareLoginBasicForm\014ClientHeight\003\320'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\032TShareSendResultAnchorForm\031ShareSendResultAnchorForm\013BorderStyle\007\006bsNone\007Caption\006\031ShareSendResultAnchorForm\014ClientHeight\003\320'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TSinaSsoLoginingForm\023SinaSsoLoginingForm\013BorderStyle\007\006bsNone\007Caption\024\011'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\022TUfClientBasicForm\021UfClientBasicForm\013BorderStyle\007\006bsNone\007Caption\006\021UfClientBasicForm\014ClientHeight\003\027\001\013ClientWidth\003\262\001\005Color\004\361\366\371'
Source: 360seNotify.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\021TUfTodayTopicForm\020UfTodayTopicForm\013BorderStyle\007\006bsNone\007Caption\022\004'

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 360seNotify.exe.0.dr

Static PE information: Section: .reloc IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: classification engine

Classification label: mal54.evad.winEXE@27/1337@43/2

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 16_2_6C3D1230 SetLastError,GetLastError,SetLastError,GetLastError,_wcsrchr,_wcsncpy,_strerror,MultiByteToWideChar,_wcsncpy,LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,FormatMessageW,_wcstok,_vswprintf_s,_wcsncpy,GetSystemTime,LocalFree,FreeLibrary,

16_2_6C3D1230

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe

Code function: 13_2_00404275 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

13_2_00404275

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

Code function: 22_2_00201160 lstrlenW,_memset,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,__wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle,CloseHandle,

22_2_00201160

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe

Code function: 13_2_00402012 CoCreateInstance,MultiByteToWideChar,

13_2_00402012

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 16_2_001DC1E0 LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,

16_2_001DC1E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File created: C:\Program Files (x86)\360

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\s[1].htm

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Mutant created: \Sessions\1\BaseNamedObjects\360DtUnInstaller
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\360_login_account_config_lock2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 6196
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 2860
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 4764
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Mutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 5004
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1028
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\360Login_mapping_lock
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Mutant created: \Sessions\1\BaseNamedObjects\DT_TOPBAR_{8AB1E186-A11B-476f-B8EB-83D0A6E5009E}
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Mutant created: \Sessions\1\BaseNamedObjects\360DtInstaller
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1784
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Mutant created: \Sessions\1\BaseNamedObjects\360desktop_appcore

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File created: C:\Users\user\AppData\Local\Temp\{8BA98B53-011F-40a2-8B0C-D0C87CFC6457}.tmp

Jump to behavior

Source: Yara match

File source: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360seNotify.exe, type: DROPPED

Source: unknown	Process created: C:\Windows\explorer.exe
Source: unknown	Process created: C:\Windows\explorer.exe

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: cate	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: count	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: count	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: cate	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: cid	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: relate_type	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: cid	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: relate_type	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: zm_d	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: 10004	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: version	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: 1.0	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: encoding	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: UTF-8	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: standalone	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: child	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: book	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Command line argument: \360Desktop	7_2_00AE3070
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Command line argument: RunDLL	22_2_00201DF0

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM ' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT aid , cid FROM customcategoryappmap;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT aid , cid FROM customcategoryappmap_cm;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT info FROM tempappinfos WHERE aid IN %s ;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT info FROM appinfos WHERE aid IN %s ;
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM ' \|\| quote(name) \|\| ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT aid , cid FROM customcategoryappmap_disneymode;

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe "C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe "C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe" /S
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe "C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe" /S /Pzhuomian
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe "C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe" onlyimport
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1028 -s 10624
Source: unknown	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe" /unloaddtswitcher
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1784 -s 4932
Source: unknown	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File written: C:\Program Files (x86)\360\360Desktop\updatecfg.ini

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static file information: File size 22004296 > 1048576

PE file contains a mix of data directories often seen in goodware

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains a debug data directory

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Binary contains paths to debug symbols

Source:	Binary string: D:\360se3\trunk\extension\AppBase\wxsqlite3.7.2\bin\sqlite3.pdbNB10k source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb`` source: GBInst.exe, 0000000D.00000002.2546487459.000000000040B000.00000004.00000001.01000000.0000000E.sdmp
Source:	Binary string: e:\build\360DeskTop\UiFeatureControlSrc\UiFeature\Src\Pdb\UiFeature360Control.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B050000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2509212496.000000000357C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se3\trunk\extension\AppBase\wxsqlite3.7.2\bin\sqlite3.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\shell360dt64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2558990791.00007FF8B8CEB000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\build\360browser\src\DreamWork\TheWorld\TheWorld\TheWorld___Win32_Release_Unicode\360mwapp.pdbNB10K source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtwebframe.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\Bin\360DeskTop\Release\BizPluginCake.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb8pJ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\shell360ext.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360NetUL\bin\360NetUL.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008D81000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2497316206.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360DesktopUi.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_2.6.0.1080_20130226\bin\360DeskTop\Release\360DesktopAssistant.pdbt source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DTNotify.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBox.pdb5 source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2501426282.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\SML_Shutdown_for_DT\Output\Bin\Release\RegularShutdown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360MsgPushCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopSwitch64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\7z_%209.20.0.1020_20120420_A\bin\Release\7z.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2043012277.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2482042900.00000000005A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\7z_%209.20.0.1020_20120420_A\bin\Release\7z.pdbx source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2043012277.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2482042900.00000000005A9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360DTSwitchBar.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Work\360se\extension2010\ExtNetIncrement\Output\ExtNetIncrement.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\desktoptool.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb\ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360ZMUDetail.pdb0` source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: P:\intermoutput\3\360Login_ForDeskTop\Release\360Login.pdb\Al source: flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SetupUtilDT.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\DownDll\Release\LiveUpd360.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000954C000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490485754.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\bin\360DeskTop\Release\AppcenterDataGb.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000911E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2500257404.000000000358D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopSwitch.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360Wapp.pdbXp\ source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlproc_1.2.8\CheckedBuildWithPDB\urlproc.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtwebbrowser.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Net_2\Release\360net.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008D81000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2487820669.00000000005C8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopMenu.pdbh source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se\360se3\trunk\extension_store\Down360seNotify\Release\NotifyDown.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2507348840.0000000003571000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBoxCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503231467.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360DeskTop\src\Release\360TopBar.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000016.00000002.2612965104.0000000000219000.00000002.00000001.01000000.0000001D.sdmp, 360TopBar.exe, 00000016.00000000.2548217131.0000000000219000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\release\360wallpaper\version\360wpup.pdb source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtswitcher64.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb``y source: GBInst.exe, 0000000D.00000002.2552193222.0000000003792000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360Wapp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\dtappcore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000092D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtswitcher.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\CloudTaskCenter_naive.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000092D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpapp.pdb source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360AppCenter.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006BF2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\BoxUI.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_1.4.0.1085_20110902\bin\360DeskTop\Release\RegSMWebProxy.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\release\360wallpaper\version\360wpup.pdbL source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360DeskTop\src\Release\UiPluginCake.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009B29000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B087000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\build\onlineinstaller\Release\360Inst.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\AppUpdate.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360Apns.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360weibo.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpsrv.pdbxQJ source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\360Down\Release\LiveUpdate360.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop_2.6.0.1080_20130226\bin\360DeskTop\Release\360DesktopAssistant.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360Ver.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2608003325.0000000003C54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008E93000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2485680529.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\SML_Shutdown_for_DT\Output\Bin\Release\RegularShutdown.pdbP source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\360desktop\360DeskTop\bin\360DeskTop\Release\360ZMUDetail.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\DTCrashReport.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2499422068.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\somcore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlprocnet_1.2.4\CheckedBuildWithPDB\urlprocnet.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429415030.0000000003FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\dtfilm.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SomSoftMgrdt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\somQuickInstdt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpsrv.pdb source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\360Desktop.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\360\svn\360desktop\branches\2.0.0.1120_201207016_B\Output\Bin\Release\SoftMgrLiteBase.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DTFence.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SMWebProxydt.pdbp source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper\bin\360desktop\Release\360wallpaper\version\DTCrashReport.pdb source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb`` source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\onlineinstaller\Release\360Inst.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360Desktop_20120814_2.3Release_appcore\bin\360DeskTop\Release\360AppCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe, 00000016.00000003.2610280460.00000000030E1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\flashApp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2479671082.0000000002CE3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000083EE000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, 00000010.00000000.2482543383.00000000001F4000.00000002.00000001.01000000.00000010.sdmp, flashApp.exe, 00000010.00000002.2486101694.00000000001F4000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: E:\build\360browser\src\DreamWork\TheWorld\TheWorld\TheWorld___Win32_Release_Unicode\360mwapp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\code_svn\360SoftMgr\branches\GameMaster_1125_for_360dt\Output\Bin\Release\AppCenterCore.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360se\360se3\trunk\extension_store\Down360seNotify\Release\NotifyDown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2507348840.0000000003571000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\360FeedBack\Release\360FeedBack.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360Login\Release\oauthlogin.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\bin\360DeskTop\Release\360GbApp.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\DTQuickInstProxy.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360WallPaper_For_C++\bin\360desktop\Release\360wallpaper\version\360wpapp.pdbH source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\360DesktopMenu.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\build\360Pdown_3\PDown\Release\PDown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009647000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2490747591.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\repos\urlproc_1.2.8\CheckedBuildWithPDB\urlproc.pdbX source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\Safelive\ReleaseUMinDependency\Safelive.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000096F8000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2492077094.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\bin\Release\MiniUI.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2406322166.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047064905.000000000377D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2611106336.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2456398831.0000000003DC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047343657.0000000003DE8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2274600628.0000000000AD3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2052214824.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\src\Release\DTShutdown.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\SMWebProxydt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\GameBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2501426282.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\somkernldt.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\UpdateTool.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\360DesktopSetup\360TopbarASS\Release\360TopbarASS.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 00000007.00000000.2447871998.0000000000B08000.00000002.00000001.01000000.0000000A.sdmp, 360TopbarASS.exe, 00000007.00000002.2455079953.0000000000B08000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: e:\build\360GameBox_1.5.0.1040_20121119\bin\360DeskTop\Release\SetupHelperGB.pdb source: GBInst.exe, 0000000D.00000002.2552193222.0000000003792000.00000002.00000001.01000000.0000001A.sdmp, GBInst.exe, 0000000D.00000002.2546487459.000000000040B000.00000004.00000001.01000000.0000000E.sdmp
Source:	Binary string: e:\360DeskTop_2.2.0.1070_20120618\bin\360DeskTop\Release\MsgBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000095D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\PROJ\360DesktopSetup\360Setup_Work\Release\Setup.pdb8pw source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: E:\repos\urlprocnet_1.2.4\CheckedBuildWithPDB\urlprocnet.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009BA1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429415030.0000000003FE0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\AppcenterData.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000908A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360GameBox\Bin\360DeskTop\Release\360GameBox.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e:\build\360DeskTop\bin\360DeskTop\Release\MusicIEFrame.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\02.WINDOWS\01.MyWork\01.UiFeature\01.SvnKing\trunk\KernelVersionCompany\Bin\Release\UiFeatureKernel.pdb source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009B29000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B087000.00000004.00001000.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2511568800.0000000003571000.00000004.00000020.00020000.00000000.sdmp

PE file contains a valid data directory to section mapping

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 7_2_00B0023C LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,

7_2_00B0023C

PE file contains sections with non-standard names

Source: 360seNotify.exe.0.dr	Static PE information: section name: .didata
Source: 360seNotify.exe.0.dr	Static PE information: section name: QProtect
Source: 360weibo.exe.0.dr	Static PE information: section name: .share
Source: DTCrashReport.exe.0.dr	Static PE information: section name: .share
Source: 360Common.dll.0.dr	Static PE information: section name: history
Source: 360MsgPushCore.dll.0.dr	Static PE information: section name: .share
Source: Safelive.dll.0.dr	Static PE information: section name: .IShareO
Source: Shell360dt.dll.0.dr	Static PE information: section name: .orpc
Source: Shell360dt64.dll.0.dr	Static PE information: section name: .orpc
Source: somkernldt.dll.0.dr	Static PE information: section name: .data1
Source: urlproc.dll.0.dr	Static PE information: section name: .SHARE

Registers a DLL

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034191A8 push 88033709h; ret	0_3_034191AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034191A8 push 88033709h; ret	0_3_034191AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034191A8 push 88033709h; ret	0_3_034191AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034191A8 push 88033709h; ret	0_3_034191AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347B42B pushfd ; ret	0_3_0347B441
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_0347B42B pushfd ; ret	0_3_0347B441
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_03488A18 push ss; iretd	0_3_0348914A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147 pushfd ; iretd	0_3_034AA421
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147 pushfd ; iretd	0_3_034AA421
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AA147 pushfd ; iretd	0_3_034AA421
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C push eax; ret	0_3_034A6E0D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034A6A9C push eax; ret	0_3_034A6E0D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AAD11 push ecx; retf	0_3_034AAD12
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Code function: 0_3_034AAD11 push ecx; retf	0_3_034AAD12

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	7_2_00AEF080
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	7_2_00AEF440
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	7_2_00AEF5D0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	15_2_021C2480
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	15_2_021C2300
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d	15_2_021C1F40
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	16_2_6C3CF8D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	16_2_6C3CFA60
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	16_2_6C3CF510
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	22_2_00206360
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	22_2_002063C9
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: malloc,SetLastError,CreateFileA,DeviceIoControl,CloseHandle,free, \\.\PhysicalDrive%d	26_2_00007FF680AE5DD0

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\ExtNetIncrement.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\360wpup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DTFence.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\BoxUI.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\MusicIEFrame.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\UpdateTool.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360wapp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\SMWebProxydt.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\Temp\nsnAB77.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360NetUL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\DTShutdown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360Login.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\360GameBox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\DumpReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\AppUpdate.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\somkernldt.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\Temp\nsnAB77.tmp\NSISdl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\AppcenterDataGb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\sqlite3.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\SetupUtilDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\oauthlogin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\MsgBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\somcoredt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360AppCore.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtfilm.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360ZMUDetail.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\PDown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360TopBar.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\LiveUpd360.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\LiveUpdate360.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360AppCenter.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\UpdateTool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360weibo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\360seNotify.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\oauthlogin.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\SomSoftMgrdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\desktoptool.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\NotifyDown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\UiFeatureKernel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\modules\360wpappInstaller_zhuomian.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\360GameBox.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtwebbrowser.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\GameBox.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DTSwitchBar.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopAssistant.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\BizPluginCake.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\360GbApp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360Desktop.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\CatchScreenTray.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\UiPluginCake.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\360seNotify.rs (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360Desktop.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\AppcenterDataGb.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\DumpReport.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Local\Temp\nsyACA0.tmp\Registry.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Local\Temp\{CF943540-C2E3-43cc-9B55-E4222D53DF15}.tmp\MiniUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtfilm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DTNotify.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtwebbrowser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DesktopUi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360mwapp\360mwapp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtappcore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\CloudTaskCenter_naive.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\GameBoxCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\360GbApp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtwebframe.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\RegularShutdown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\modules\GBInst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtswitcher64.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\360verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\Shell360dt64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360dtpreview.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360MsgPushCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\ImportFavHelper.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\AppcenterDataGb.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\img_reader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360NetUL.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\safelive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\AppcenterData.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Safelive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\img_reader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\DTShutdown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\CatchScreenTray.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\LiveUpd360.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtwebframe.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Local\Temp\{7B893064-B4AE-4242-8CC3-858A8B4FE14C}.tmp\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360net.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\Temp\nsnAB77.tmp\registry.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360FeedBack.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Local\Temp\{B170E3C0-9961-47b4-9C8F-0491D4147672}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360seNotify.rs	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\360GbApp.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Uninstall.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\360verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360FeedBack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Local\Temp\{9F0A4041-4B7E-48bb-8CA2-8C474BD03C91}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\CloudTaskCenter_naive.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\PDown.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Local\Temp\nsyACA0.tmp\360verify.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360Common.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\360NetUL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\RegSMWebProxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360verify.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Local\Temp\nsyACA0.tmp\NSISdl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\AppCenterCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\Shell360dt.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeatureKernel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\ImportFavHelper.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\GameBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\MiniUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360ZMUDetail.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\MsgBox.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\DTCrashReport.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\Temp\nsnAB77.tmp\SetupHelperGB.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\dtswitcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DTFence.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\safemon\urlprocnet.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\DTCrashReport.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\flashApp.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\oauthlogin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Users\user\AppData\Roaming\360Notify\Bin\360weibo.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DTSwitchBar.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\ExtNetIncrement.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\GameBoxCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\LiveUpdate360.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\AppCenterCore.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\360GameBox.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\SoftMgrLiteBase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtswitcher.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\MusicIEFrame.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DesktopSwitch64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\GameBoxCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\AppUpdate.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Local\Temp\nsyACA0.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360Apns.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\360net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360MsgPushCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\DTQuickInstProxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\modules\360TopbarASS.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\AppcenterData.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360Login.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360dtpreview.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\desktoptool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\DTQuickInstProxy.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\somcoredt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopUi.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360Ver.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\LiveUpd360.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360mwapp\360mwapp.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\360Login.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DTNotify.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\modules\360Inst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\modules\360Inst.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	File created: C:\Users\user\AppData\Roaming\360bizhi\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DesktopAssistant.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtswitcher64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360P2SP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DesktopSwitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360seNotify.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\safemon\urlproc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\RegSMWebProxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360net.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360Ver.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360wapp.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeature360Control.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\SetupUtilDT.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtappcore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\BizPluginCake.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360Apns.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DesktopMenu.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\PDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\img_reader.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\somkernldt.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\360P2SP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\somQuickInstdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360AppCenter.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\GameBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\BoxUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\UiFeature360Control.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File created: C:\Users\user\AppData\Local\360GameBox\Bin\SetupUtilDT.exe	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File created: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360seNotify.rs

Jump to dropped file

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	7_2_00AEF080
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	7_2_00AEF440
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	7_2_00AEF5D0
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	15_2_021C2480
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	15_2_021C2300
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: CreateFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d	15_2_021C1F40
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d	16_2_6C3CF8D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	16_2_6C3CFA60
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d	16_2_6C3CF510
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	22_2_00206360
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d	22_2_002063C9
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: malloc,SetLastError,CreateFileA,DeviceIoControl,CloseHandle,free, \\.\PhysicalDrive%d	26_2_00007FF680AE5DD0

Creates an undocumented autostart registry key

Source: C:\Windows\System32\regsvr32.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\360DesktopExt NULL
Source: C:\Windows\System32\regsvr32.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\360DesktopExt NULL

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe

Window found: window name: Progman

Hooking and other Techniques for Hiding and Protection

Flash file may contain encrypted javascript

Source: wallpaper-cm2.swf.0.dr

Static Flash information: Found token: unescape in unescapeStringreadN

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C39C240 InvalidateRect,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,	16_2_6C39C240
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C39C240 InvalidateRect,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,	16_2_6C39C240
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C39B0D0 InvalidateRect,SetWindowPos,SetWindowPos,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,	16_2_6C39B0D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C39B0D0 InvalidateRect,SetWindowPos,SetWindowPos,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,GetWindowRect,SetWindowPos,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,ShowWindow,	16_2_6C39B0D0
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C39B320 IsWindow,IsWindowVisible,IsWindow,IsWindowVisible,IsWindow,IsWindowVisible,IsWindow,IsIconic,ShowWindow,ShowWindow,ShowWindow,BringWindowToTop,SetActiveWindow,SetForegroundWindow,	16_2_6C39B320

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 16_2_6C3D4040 LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetLastError,

16_2_6C3D4040

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe PID: 6196, type: MEMORYSTR

Query firmware table information (likely to detect VMs)

Source: C:\Windows\explorer.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\explorer.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SBIECTRL.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MSNIFFER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\SBIECTRL.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WINDBG.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EHSNIFFER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\WIRESHARK.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\FIDDLER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VSNIFFER.EXE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE

Contains capabilities to detect virtual machines

Source: C:\Windows\explorer.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\explorer.exe

Window / User API: foregroundWindowGot 486

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9F0A4041-4B7E-48bb-8CA2-8C474BD03C91}.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360FeedBack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\ExtNetIncrement.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\PDown.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\360wpup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\CloudTaskCenter_naive.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DTFence.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\BoxUI.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\MusicIEFrame.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360Common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\UpdateTool.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360wapp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\RegSMWebProxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\AppCenterCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\Shell360dt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\DTShutdown.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeatureKernel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\ImportFavHelper.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\GameBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\360GameBox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\DumpReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\MiniUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\AppUpdate.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\somkernldt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360ZMUDetail.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\MsgBox.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\360wpsrv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtswitcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DTFence.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\safemon\urlprocnet.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\AppcenterDataGb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\DTCrashReport.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\sqlite3.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\SetupUtilDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\oauthlogin.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\oauthlogin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\MsgBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\360weibo.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\somcoredt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360AppCore.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtfilm.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360ZMUDetail.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\PDown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\LiveUpd360.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\LiveUpdate360.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360AppCenter.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\ExtNetIncrement.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\GameBoxCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\LiveUpdate360.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\360GameBox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\AppCenterCore.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\NotifyDown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\UpdateTool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\SoftMgrLiteBase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360weibo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtswitcher.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\MusicIEFrame.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\360seNotify.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\oauthlogin.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\360wpapp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\SomSoftMgrdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\GameBoxCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\AppUpdate.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\desktoptool.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360Apns.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\360net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\DTQuickInstProxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\NotifyDown.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\UiFeatureKernel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\360GameBox.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtwebbrowser.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\AppcenterData.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\GameBox.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopAssistant.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\BizPluginCake.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\360GbApp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360dtpreview.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\desktoptool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\DTQuickInstProxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360Desktop.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\NotifyDown.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\somcoredt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\CatchScreenTray.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\UiPluginCake.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopUi.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360Ver.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360Notify\Bin\360seNotify.rs (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360Desktop.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\AppcenterDataGb.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\LiveUpd360.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\DumpReport.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360mwapp\360mwapp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{CF943540-C2E3-43cc-9B55-E4222D53DF15}.tmp\MiniUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtfilm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DTNotify.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DTNotify.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\modules\360Inst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\360bizhi\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\modules\360Inst.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtwebbrowser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DesktopAssistant.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtswitcher64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DesktopUi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360mwapp\360mwapp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtappcore.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\CloudTaskCenter_naive.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\GameBoxCore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360P2SP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360seNotify.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\gamebox\360GbApp.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360DesktopSwitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtwebframe.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\safemon\urlproc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\RegularShutdown.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\dtswitcher64.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\RegSMWebProxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360net.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360Ver.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360wapp.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\UiFeature360Control.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\360dtpreview.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\ImportFavHelper.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\SetupUtilDT.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\AppcenterDataGb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtappcore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\BizPluginCake.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\img_reader.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\safelive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360Apns.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\AppcenterData.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Safelive.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\img_reader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\DTShutdown.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\360P2SP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\PDown.dll	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\somkernldt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\img_reader.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\CatchScreenTray.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\LiveUpd360.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\DTCrashReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\dtwebframe.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\somQuickInstdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{7B893064-B4AE-4242-8CC3-858A8B4FE14C}.tmp\7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\360AppCenter.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\360net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360FeedBack.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\_appdata_\360Notify\Bin\360seNotify.rs	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\360GbApp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\gamebox\GameBox.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\BoxUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Uninstall.exe	Jump to dropped file
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\360GameBox\Bin\SetupUtilDT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Dropped PE file which has not been started: C:\Program Files (x86)\360\360Desktop\update\{F6F6A611-BAE5-4482-A483-BBD9A761C2A2}.tmp\Bin\UiFeature360Control.dll	Jump to dropped file

Found evaded block containing many API calls

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Evaded block: after key decision

Found evasive API chain (date check)

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

Evasive API call chain: GetSystemTime,DecisionNodes

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep	graph_7-17197
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess	graph_13-11668
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Windows\explorer.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep	graph_13-11283

Found large amount of non-executed APIs

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	API coverage: 4.0 %
Source: C:\Windows\explorer.exe	API coverage: 0.6 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe TID: 6568

Thread sleep count: 45 > 30

Queries disk information (often used to detect virtual machines)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	13_2_00405368
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_00405D3A FindFirstFileA,FindClose,	13_2_00405D3A
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_00402630 FindFirstFileA,	13_2_00402630
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	15_2_00405368
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_00405D3A FindFirstFileA,FindClose,	15_2_00405D3A
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_00402630 FindFirstFileA,	15_2_00402630
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C34EF80 _memset,_memset,PathAddBackslashW,FindFirstFileW,_memset,PathAddBackslashW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,	16_2_6C34EF80

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: explorer.exe, 00000014.00000002.2590375486.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "Qemu Manager 6.0\Qemu Manager.lnk
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QemuManager.exe
Source: explorer.exe, 00000014.00000002.2596015892.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0r
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000002.2588015796.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmware.exe
Source: explorer.exe, 00000014.00000002.2585762632.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2166209779.000000000356D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2129191265.000000000356D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: GBInst.exe, 0000000D.00000003.2512653390.00000000005C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Qemu Manager 6.0\Qemu Manager.lnk
Source: GBInst.exe, 0000000D.00000002.2548302754.00000000005A0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
Source: 360TopbarASS.exe, 00000007.00000002.2455270046.0000000000F2E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2548302754.00000000005D9000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000003.2505190629.000000000059A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: GSoftware\Microsoft\Windows\CurrentVersion\Uninstall\VMware_Workstation
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BSoftware\Microsoft\Windows\CurrentVersion\Uninstall\VMware_Player
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTcaVMWare
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000014.00000002.2588015796.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000014.00000002.2590375486.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware\VMware Workstation.lnk
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000003.2497279919.000000000059A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllE
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware\VMware Player.lnk
Source: explorer.exe, 00000014.00000002.2588015796.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Software\Microsoft\Windows\CurrentVersion\Uninstall\VMware_Workstation
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Software\Microsoft\Windows\CurrentVersion\Uninstall\VMware_Player
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QEMU Manager
Source: explorer.exe, 00000014.00000002.2588015796.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware,p
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Player
Source: explorer.exe, 00000014.00000002.2585762632.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Workstation
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}-
Source: explorer.exe, 00000014.00000002.2590375486.000000000769A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	API call chain: ExitProcess graph end node	graph_13-10914
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	API call chain: ExitProcess graph end node	graph_13-11670
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	API call chain: ExitProcess graph end node	graph_15-9872
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	API call chain: ExitProcess graph end node	graph_15-11202
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\explorer.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\explorer.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks if the current process is being debugged

Source: C:\Windows\explorer.exe	Process queried: DebugPort
Source: C:\Windows\explorer.exe	Process queried: DebugPort

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 7_2_00AF11FB _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

7_2_00AF11FB

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe

Code function: 16_2_6C3D6530 GetCurrentThreadId,OpenThread,GetProcessHeap,OpenThread,GetLastError,GetProcessHeap,HeapFree,OutputDebugStringW,CloseHandle,

16_2_6C3D6530

Contains functionality to dynamically determine API calls

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

7_2_00B0023C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 7_2_00B04593 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

7_2_00B04593

Enables debug privileges

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AF11FB _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00AF11FB
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AF294A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00AF294A
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AEEBA1 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00AEEBA1
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AF0D52 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00AF0D52
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: 7_2_00AFBEE8 SetUnhandledExceptionFilter,	7_2_00AFBEE8
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_0378579A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_0378579A
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_037865B2 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_037865B2
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: 13_2_0378CD95 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_0378CD95
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021C965D SetUnhandledExceptionFilter,	15_2_021C965D
Source: C:\Program Files (x86)\360\360Desktop\modules\360wpappInstaller_zhuomian.exe	Code function: 15_2_021C964B SetUnhandledExceptionFilter,	15_2_021C964B
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001E1970 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_001E1970
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001EC2F2 SetUnhandledExceptionFilter,	16_2_001EC2F2
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001E1318 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_001E1318
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_001E46DB __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_001E46DB
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3BCC8B __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_6C3BCC8B
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3B8D36 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_6C3B8D36
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: 16_2_6C3B8660 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_6C3B8660
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CDD17C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_00007FF8B8CDD17C
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CDBC80 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_00007FF8B8CDBC80
Source: C:\Windows\explorer.exe	Code function: 20_2_00007FF8B8CE5C6C RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_00007FF8B8CE5C6C
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 22_2_00201C00 lstrlenW,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,Sleep,CreateMutexW,GetLastError,SetUnhandledExceptionFilter,__set_invalid_parameter_handler,	22_2_00201C00
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 22_2_0020997E _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_0020997E
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 22_2_00209241 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_00209241
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 22_2_0020E715 SetUnhandledExceptionFilter,	22_2_0020E715
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: 22_2_00213F44 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_00213F44
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AEAD88 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF680AEAD88
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AF2EEC RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF680AF2EEC
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AED3F8 SetUnhandledExceptionFilter,	26_2_00007FF680AED3F8
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: 26_2_00007FF680AE90D0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF680AE90D0

HIPS / PFW / Operating System Protection Evasion

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: lstrlenW,_memset,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,__wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle,CloseHandle, explorer.exe	22_2_00201160
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: lstrlenW,_memset,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,__wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle,CloseHandle, explorer.exe	22_2_00201160
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: lstrlenW,_memset,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,__wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle,CloseHandle, explorer.exe	22_2_00201160
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: __wcsicoll,OpenProcess,CloseHandle,GetCurrentProcess,Process32NextW,CloseHandle, explorer.exe	22_2_00201209

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\Shell360dt64.dll"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\SMWebProxydt.dll"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\360\360Desktop\Bin\360DesktopMenu.dll"	Jump to behavior

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe

Code function: 22_2_00201720 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

22_2_00201720

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /AddApp=%dProgmanWorkerW360DesktopFullScreenWndClass360DockBarCtrl\RegSMWebProxy.exe\360Desktopwait_for_fullscreen_show
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047064905.000000000377D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047343657.0000000003DE8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_traywndP
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009B29000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B087000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: http://zhuomian.360.cn/ver2.0Shell_TrayWnd\Welcome UiFeatureUiFeatureWindowUI_FEATURE_%08X%04X%04X%02X%02X%02X%02X%02X%02X%02X%02Xfeaturewindowparaminvalid map/set<T> iteratormap/set<T> too long
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ANtCreateUserProcessntdll.dllNtCreateProcessExAppCenterData.dllCreateAppCenterIPCMgrC:..."%s" %sProgmanSHELLDLL_DefViewWorkerWdt_webapp_browser_.lnkExplorerRunFiles (x86)%s\360gameusers%s\360Desktop%s\360desktop.ini%s\360GBsc.ini%s\360Dtsc.ini%s\Skin%s\MiniAppdata.xdb%s\UpgradeData.xdb%s\Config.ini%s\webapps.ini%s\Config.Xdb%s\Config.nxdb%s\HandlerDelFlag.ini%s\SoftMgr.db%s\SoftMgrCfg.db%s\DtUpdateConfig.ini%s\AppDataStorage.db%s\updateapptips.ini%s\SCDUP%s\import.fg%s\AppSCProc.ini#RELATIVE_PATH#%s\360Desktop\Image\Icon\Common\%s\InnerWeb\%s\clientsoftIDs.tmp%s\pushrecord.ini%s\w360_Weather.ini%s\Temp\%s\AdvMsg.xml%s\DtWebMailHost.nxdb%s\AdvMsgRecord.ini%s\schedule.ini%s\ChildeMode\%s\PswImg%s\DisneyMode\%s\Sound%s\360GameCenter.exe360GameBox.exe360GbApp.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndXMenuDragREBAR_GRIPStatusBarFFindBarFTabBarFPlugInBarFMiniBarFFavoriteBarFMenuBarFSearchBarFTabBarPlugInBarMiniBarMenuBarSearchBarStyleSideBarCurSelComboBoxBG_ADDRESSAdressLeftPadAdressRightPadBG_ADDRESSEDITAddressCYAddressBarMainCYBottomCornerMultiTabBrowser-Embedding%s:%sGlobalUserOfflineSoftware\Microsoft\Windows\CurrentVersion\Internet Settingshttp://www.ioage.com/cn/help-appendix-04.htmhttp://www.theworld.cn/http://www.ioage.com/cn/help.htmTWFORM.HTMStatusPluginKeyhttp://www.ioage.com/cn/guide/guide_start.htmhttp://www.ioage.com/wzhttp://bbs.ioage.comhtm400%200%150%130%50%70%30%%s&guid=%s&lastver=%s2.1.2.22.1.2.42.1.0.22.0.5.12.0.3.42.3.0.72.3.0.8Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN2.2.1.02.2.1.22.2.1.4ICON_ADD_FAVORITEStatusCYXFrame_Wnd-setupopenNAVIERR.HTM125%TheWorld.icotw:confhttp://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%s&ie=utf-8http://www.google.com.hk/search?q=&tn=ichunertn=baidu.com/baidu?baidu.com/shttps:http:
Source: explorer.exe, 00000014.00000000.2502770667.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ProgmanSHELLDLL_DefViewWorkerWWinsta0\default" AdvApi32CreateProcessWithTokenWexplorer.exe360GameBox.exe360GbApp.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Desktop.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360GameBox.exe..\Uninstall.exe/SopenBin\360Desktop.exe..\360gamebox.exe/INSTALL/UNINSTALL/UNINSTFromSP/LowRunDeskTop/LowRunGameBox/ClearGBAppZip/SetLocalTime_vector<T> too longsomkernldt.dll..\somkernl.dllSomPluginbad allocation~{
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JvR0kFstd::stringSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360GameBox.exeAppcenterData.dllCreateAppCenterDataInterface.fbak\MiniAppdata.xdb-journal%%%ProgMan..\360appcenter.exe-from 360desktop_new -startup 360loopwallpaper.exeWallPaper\wallpaper.swf WallPaper\wallpaper_cm.swf HideSuspWndUtil::APP::RunFlashApp() -enDesktopMode=%d -pszSwfPath=%sright_menu_wallpaper-swf "%s" -new %d -ver %d -from 360desktop_new -startup flashapp.exe%s StartByDesktopGloUtil::GetDownloadMgr()->CallFlashApp() -bRet=%dWALLPAPER\WALLPAPAER_NEW_TOTALCOUNTWALLPAPER\WALLPAPER_NOW_TOTALCOUNT%s%d\360kantu.exe360safe.exe360chrome.exe360se.exeabout:blank\SoftMgr\SoftManager.exehttp://www.360.cnMAINFRAME\HWND360Desktop\first_run_flag
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ech.txtShell_TrayWndReBarWindow32pastelinkpaste360desktop DropEffectcopycut%s\%s - oR,g%s%s\%s - oR,g (%d)%s360DestopNetDiskClipBoardKeyskin\deskmirror.uizDrawShadowTextLastResulotionycomctl32.dllx
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000093A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ccsUTF-8UTF-16LEUNICODEe+0001#QNAN1#INF1#IND1#SNAN\Fonts\msyh.ttfWorkerWProgmanSHELLDLL_DefView360DesktopFullScreenWndClass360DockBarCtrlFolderViewSysListView32Shell_TrayWndReBarWindow32_360DesktopSwitcherControlWnd_MsgOnly__360DesktopSwitcherControlWnd_MsgOnly_Wnd360DirectUICls_SwitchBar360DirectUICls360Desktop\ExecuteProFile.tmpfilepathexecuteparams
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: IcustomUrl360Desktop\Image\Icon\Common\customUrl.png360Desktop\Image\Icon\Common\customUrl_64.png360Desktop\Image\Icon\Common\customUrl_72.pngdefAppIcon360Desktop\Image\Icon\Common\Default_48.png360Desktop\Image\Icon\Common\Default_64.png360Desktop\Image\Icon\Common\Default_72.pngappMask360Desktop\Image\Icon\Common\DefaultMask_48.png360Desktop\Image\Icon\Common\DefaultMask_64.png360Desktop\Image\Icon\Common\DefaultMask_72.png\UserChoice\ProgidHKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\HKCU\Software\Classes\HKCR\\shell\\command\httpSoftware\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE.lnk..\AppSCProc.iniExplorerRunFilesWorkerWSHELLDLL_DefViewFolderViewProgmanInternet Explorer_ServerGetNativeSystemInfo360DesktopSwitch64.exe360DesktopSwitch.exe"%s" %s360Desktop\ExecuteProFile.tmpfilepathexecuteparamsh
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Anametext360Desktop\Xml\Tools\DesktopToolAppCenterData.dllCreateAppCenterIPCMgrC:...HibernateEnabledSYSTEM\CurrentControlSet\Control\PowerHeuristicsSYSTEM\CurrentControlSet\Control\Session Manager\Powerpowercfg.exe-h on-h off"%s" %s?dir?RES.exe.ICO.imeProgmanWorkerWHARDWARE\DESCRIPTION\System\CentralProcessor\0~MHzAMD4
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: A..\C:/.dllProgmanWorkerWSeDebugPrivilegeListBkListSelBkDropBtnITEMcmdIdselectedImagesrcColorvalueBG_blockBG_imgBtn_blockBtn_imgBtn_heightTabBtnmsctls_hotkey32t
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WorkerWProgmanSHELLDLL_DefViewFolderViewSysListView32skin\images\topbar%s %s360Desktop.exe/fromtopbar /entertainment/fromtopbar /fence360DesktopFullScreenWndClassPathSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360wpapp.exe\360wpsrv.exe\360wpapp.exeStartByDesktop StartFrom=4360WallPaperCtrlCls/pid=360zhuomian..\360yunpan\360WangPan.exe360AppCore.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Safe.exeSoftMgr\360AppCore.exe360desktop_appcore"%s"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Desktop.exe\Bin\AppCenterData.dllCreateAppCenterIPCMgr/fromtopbar /opensetting/fromtopbar /checkupdateURL="%s"explorer.exe\..\360Desktop.exe%d.%d.%d.%d/fromtopbar %s360Lhb
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Fidinfoexec..params.lnk..\AppSCProc.iniExplorerRunFilesWorkerWSHELLDLL_DefViewFolderViewSysListView32ProgmanInternet Explorer_ServerGetNativeSystemInfokernel32.dll360DesktopSwitch64.exe360DesktopSwitch.exe"%s" %s360Desktop\ExecuteProFile.tmpfilepathexecute=at /t %s /w %scid /C %sins /d "%s"acc /id %spa /p %sopent\config.iniimagetextmidJumpToLoginUrl("%s");__login__logout@*Wp
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007132000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AWorkerWProgman360DesktopFullScreenWndClass360DirectUICls360DirectUICls_SwitchBarSOFTWARE\360Desktop\safemon360Preview840F77CA-2872-4366-B665-ED3F37205588GetMiniUIMiniUI.dllCreate360FireWareStateFunction2GetFireWallStateCreate360FireWareStateFunctionGet360ProductHistoryManagerGet360CommonInstance360Common.dll
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndSV
Source: explorer.exe, 00000014.00000002.2596015892.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd=
Source: explorer.exe, 00000014.00000002.2590200976.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2506999612.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2502770667.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000014.00000000.2502770667.0000000001731000.00000002.00000001.00040000.00000000.sdmp, 360DesktopSwitch64.exe	Binary or memory string: Progman
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunCONOUT$SunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecDllRegisterServer360DesktopFullScreenWndClassWorkerWProgmanparam.iniparaminfo/sharewallpaperSMWebProxydt.dll/i /s "%s"Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70425897-213B-4a9a-943B-2EEFB2124E35}\iexploreFlagsSoftware\Microsoft\Windows\CurrentVersion\Ext\Stats\{70425897-213B-4a9a-943B-2EEFB2124E35}\iexplore\AllowedDomainsSoftware\Microsoft\Windows\CurrentVersion\Ext\Stats\{70425897-213B-4a9a-943B-2EEFB2124E35}\iexplore\AllowedDomains\*Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70425897-213B-4a9a-943B-2EEFB2124E35}\360Notify\BinAppPath360seNotify.exeAppNamePolicySoftware\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70425897-213B-4a9a-943B-2EEFB2124E36}360Desktop.exeSoftware\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70425897-213B-4a9a-943B-2EEFB2124E37}RegSMWebProxy.exeShareWallPaper360DockBarCtrl360DesktopMainWndForMsgwait_for_fullscreen_show360
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunGetProcessWindowStationGetUserObjectInformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLLSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$TaskbarCreatedGetNativeSystemInfokernel32.dll360DesktopSwitch64.exe"%s" %sSHELLDLL_DefViewWorkerWProgman360DesktopFullScreenWndClass360DockBarCtrlFolderViewSysListView32Shell_TrayWndReBarWindow32StopInExplorerdtswitcher64.dlldtswitcher.dllStartInExplorer/desktopwnd=/unloaddtswitcherdtunloader64.dlldtunloader.dllUnLoadDtSwitchModule/undock/lockscreen/levelscreenSingle360DesktopSwitchMutex
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000706C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunGetProcessWindowStationGetUserObjectInformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLLSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$TaskbarCreatedGetNativeSystemInfokernel32.dllSHELLDLL_DefViewWorkerWProgman360DesktopFullScreenWndClass360DockBarCtrlFolderViewSysListView32Shell_TrayWndReBarWindow32StopInExplorerdtswitcher64.dlldtswitcher.dllStartInExplorer/desktopwnd=/unloaddtswitcherdtunloader64.dlldtunloader.dllUnLoadDtSwitchModule/undock/lockscreen/levelscreenSingle360DesktopSwitchMutexx
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Aidinfoopenexec..params.lnk..\AppSCProc.iniExplorerRunFilesWorkerWSHELLDLL_DefViewFolderViewSysListView32ProgmanInternet Explorer_ServerGetNativeSystemInfokernel32.dll360DesktopSwitch64.exe360DesktopSwitch.exe"%s" %s360Desktop\ExecuteProFile.tmpfilepathexecute\|=at /t %s /w %scid /C %sins /d "%s"acc /id %spa /p %st\config.iniSoftMgr\360AppCore.exe360AppCore.exedtappcore.dll360desktop_appcore360dt_ipc_dwmem_name,
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %s\%u_%sNONeedCopySCNOForbidSCShell_TrayWndReBarWindow32360Desktop.exe Push SysListView Window success, %d %d %d %d
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QueryFullProcessImageNameWKernel32.dll.jfif.jpe.jpeg.jpghideSkintrayTipsDISPLAYWorkerWProgman360DirectUICls360DirectUICls_SwitchBarSHELLDLL_DefViewSysListView32FolderViewTipsLastActiveDaybActived360WallpaperMsgWndClass@360DesktopFullScreenWndClasstooltips_class32
Source: explorer.exe, 00000014.00000000.2502770667.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000014.00000000.2501641218.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2585762632.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PProgman
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ProgmanWorkerW360DTFence
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: {:g{21EC2020-3AEA-1069-A2DD-08002B30309D}{208D2C60-3AEA-1069-A2D7-08002B30309D}{450D8FBA-AD25-11D0-98A8-0800361B1103}{871C5380-42A0-1069-A2EA-08002B30309D}{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}{645FF040-5081-101B-9F08-00AA002F954E}{59031a47-3f72-44a7-89c5-5595fe6b30ee}{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}{20D04FE0-3AEA-1069-A2D8-08002B30309D}Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenuSoftware\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanelDefaultIconSoftware\Microsoft\Windows\CurrentVersion\Explorer\CLSID%s\%s\%sSoftware\Microsoft\Windows\CurrentVersion\ThemesSoftware\Microsoft\Windows\CurrentVersion\ThemeManagerProgram Manager
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009348000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: GAIsProcessorFeaturePresentKERNEL321#QNAN1#INF1#IND1#SNAN\Fonts\msyh.ttfWorkerWProgmanSHELLDLL_DefView360DesktopFullScreenWndClass360DockBarCtrlFolderViewSysListView32Shell_TrayWndReBarWindow32_360DesktopSwitcherControlWnd_MsgOnly__360DesktopSwitcherControlWnd_MsgOnly_Wnd360DirectUICls_SwitchBar360DirectUICls360Desktop\ExecuteProFile.tmpfilepathexecuteparams
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008CCB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: popupmsgtypesubtypepopuppospopupcontentmsgflagitemidpubtimeapp_idcontent_htmlnotify_typeopen_urlico_urlbutton_textmsgflagrealtimeapp_msg_tips_enableapp_msg_tips_pos_xapp_msg_tips_pos_yWorkerWSHELLDLL_DefViewFolderViewSysListView32Progmandurl=360DesktopChildrenWndClass360DesktopModeWndClass360DesktopDisneyWndClass360DesktopFullScreenWndClasstaskmgr.exeexplorer.exeKernel32.dllQueryFullProcessImageNameW\\.\360SelfProtection360WebIdentify.dllGetWebIdentifyStatePath\netmon360DesktopNewFreshmanWndSingleClass{96FBB367-DA91-4583-B77E-51610A64F02C}true360AppCoreAppCore_IsGameModed

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 7_2_00AEFBF0 cpuid

7_2_00AEFBF0

Contains functionality to query locales information (e.g. system language)

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,	7_2_00B028DE
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	7_2_00AFD8D7
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	7_2_00AFD83F
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,	7_2_00AFD07C
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,	7_2_00B02912
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	7_2_00AFD94B
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,	7_2_00AFD2D4
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	7_2_00AFCA0E
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	7_2_00B02A51
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	7_2_00AFDBDE
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	7_2_00AFDB1D
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,	7_2_00AF54BB
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,	7_2_00AFDC81
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,	7_2_00AFB425
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,	7_2_00B0443A
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	7_2_00AFDC45
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	7_2_00AFD728
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	7_2_00AF3F26
Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe	Code function: GetLocaleInfoA,	7_2_00AFF730
Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe	Code function: GetLocaleInfoA,	13_2_0378C604
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,	16_2_001EDE87
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,	16_2_6C3CCCBF
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	16_2_6C3CAEF5
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,	16_2_6C3CA84C
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,	16_2_6C3CAAA4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,	16_2_6C3CEB2B
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	16_2_6C3CA1DE
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	16_2_6C3BE24A
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,	16_2_6C3C03A4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	16_2_6C3CB412
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,	16_2_6C3CB44E
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	16_2_6C3CB00C
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	16_2_6C3CB0A4
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	16_2_6C3CB118
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,	16_2_6C3CD1EC
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA,	16_2_6C3CD220
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	16_2_6C3CB2EA
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	16_2_6C3CD35F
Source: C:\Program Files (x86)\360\360Desktop\Bin\flashApp.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	16_2_6C3CB3AB
Source: C:\Windows\explorer.exe	Code function: GetLocaleInfoA,	20_2_00007FF8B8CE6E14
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Code function: GetLocaleInfoA,	22_2_00214505
Source: C:\Program Files (x86)\360\360Desktop\Bin\360DesktopSwitch64.exe	Code function: GetLocaleInfoA,	26_2_00007FF680AF4BA4

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\switchtab_hover.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\switchtab_press.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\switchtab.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\tab_select.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\focus_rect.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\topbar_shutdown_button.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\topbar_wallpaper_button.png VolumeInformation
Source: C:\Program Files (x86)\360\360Desktop\Bin\360TopBar.exe	Queries volume information: C:\Program Files (x86)\360\360Desktop\Bin\skin\images\topbar\topbar_fence_button.png VolumeInformation

Source: C:\Program Files (x86)\360\360Desktop\modules\360TopbarASS.exe

Code function: 7_2_00AFC676 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

7_2_00AFC676

Source: C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe

Code function: 13_2_00405A65 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

13_2_00405A65

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: reanimator.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\avgtray.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\kasmain.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: spideragent.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: http://down.360safe.com/setup.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgui.exe
Source: 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: http://down.360safe.com/setup.exeIsBetaVersion360ver.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000092D0000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2505549357.0000000003571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2607727064.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Y\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 123.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bdagent.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009A20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\avgui.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503961697.0000000003577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: >`SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe	Binary or memory string: 360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wireshark.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: zlclient.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\wireshark.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kasmain.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: fsb.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Unhackme.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: spf.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgtray.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009750000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Desktop.exe%d.%d.%d.%d\5SoftMgr\SoftManager.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..\360safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bin\ClamWin.exe
Source: 360TopBar.exe, 00000016.00000003.2589039122.0000000000574000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: +WY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Safe.exe
Source: SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ClamWin.exe

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	1 Scripting	2 DLL Search Order Hijacking	2 DLL Search Order Hijacking	11 Deobfuscate/Decode Files or Information	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	2 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	1 Data Encrypted for Impact	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	4 Native API	1 Registry Run Keys / Startup Folder	22 Process Injection	1 Scripting	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Clipboard Data	Exfiltration Over Bluetooth	2 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	1 System Shutdown/Reboot	Domains	Credentials
Domain Accounts	2 Command and Scripting Interpreter	1 Bootkit	1 Registry Run Keys / Startup Folder	2 Obfuscated Files or Information	Security Account Manager	45 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	2 DLL Search Order Hijacking	NTDS	371 Security Software Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	12 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Masquerading	LSA Secrets	14 Virtualization/Sandbox Evasion	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	14 Virtualization/Sandbox Evasion	Cached Domain Credentials	3 Process Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Process Injection	DCSync	11 Application Window Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Regsvr32	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Bootkit	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	5%	ReversingLabs
SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe	1%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://www.indyproject.org/	0%	URL Reputation	safe
http://www.indyproject.org/	0%	URL Reputation	safe
https://word.office.comon	0%	URL Reputation	safe
http://api.t.sina.com.cn/friendships/show.xml	0%	Avira URL Cloud	safe
http://127.0.0.1/%sfilename=resourcesfilesmetalink:/	0%	Avira URL Cloud	safe
http://%s/api.php?	0%	Avira URL Cloud	safe
http://res.qhupdate.com/wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini%d.%dB:A:downloadpat	0%	Avira URL Cloud	safe
http://w.qhimg.com/images/v2/webapp/class/20110519/tupian.png	0%	Avira URL Cloud	safe
http://p17.qhimg.com/t01786e375a7830d753.png	0%	Avira URL Cloud	safe
http://www.meilishuo.com/users/register	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/	0%	Avira URL Cloud	safe
http://%s/intf.php?	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/	0%	Virustotal		Browse
http://api.t.sina.com.cn/friendships/show.xml	0%	Virustotal		Browse
http://p17.qhimg.com/t01786e375a7830d753.png	0%	Virustotal		Browse
http://login.sina.com.cn/member/getpwd/getpwd0.php?entry=ssoS	0%	Avira URL Cloud	safe
http://www.meilishuo.com/users/register	0%	Virustotal		Browse
http://api.t.sina.com.cn/friendships/create/%s.json?source=%s	0%	Avira URL Cloud	safe
http://w.qhimg.com/images/v2/webapp/class/20110519/tupian.png	0%	Virustotal		Browse
http://api.t.sina.com.cn/friendships/create.xml	0%	Avira URL Cloud	safe
http://desk.score.svc.1360.com/get?qid=%s&sign=%sLoginBallShowCountLoginGuideShowLLoginGuideShowHGui	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/friendships/create/%s.json?source=%s	0%	Virustotal		Browse
http://api.t.sina.com.cn/account/verify_credentials.xml?source=U	0%	Avira URL Cloud	safe
http://www.ifeng.com&fromweb=other&AutoPlay=false	0%	Avira URL Cloud	safe
http://w.qhimg.com/images/v2/webapp/class/20110519/shipin.png	0%	Avira URL Cloud	safe
http://127.0.0.1/%sfilename=resourcesfilesmetalink:/	0%	Virustotal		Browse
http://zhifu.openapi.360.cnMode	0%	Avira URL Cloud	safe
http://api.t.sina.com.cn/account/verify_credentials.xml?source=U	0%	Virustotal		Browse
http://api.t.sina.com.cn/statuses/update.xml	0%	Avira URL Cloud	safe
http://www.360.cn;color=rgb(60	0%	Avira URL Cloud	safe
http://https://DecodePNGimg_reader.dll%s.uiz~mytmpimage_file_%srb	0%	Avira URL Cloud	safe
http://w.qhimg.com/images/v2/webapp/class/20110519/shipin.png	0%	Virustotal		Browse
http://api.t.sina.com.cn/friendships/create.xml	0%	Virustotal		Browse
http://api.t.sina.com.cn/statuses/update.xml	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s.360.cn	171.8.167.89	true	false	high
stat.apc.360safe.com	unknown	unknown	false	high
stat.apc.360.cn	unknown	unknown	false	high
relate.apc.360.cn	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2	false	high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=6648	false	high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=1772	false	high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=1538	false	high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29968	false	high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2	false	high
http://s.360.cn/dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=15343	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://tp3.sinaimg.cn/1751401422/50/5611920854/1	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/bizhi/s.html?action=wpinst&from=1&appver=2.1.0.1026&pid=zhuomian&m=	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/msg.html?type=open&action=runmsg&from=full&detail=run&open_msgbox360ID	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/58/mb_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://static.apc.360.cn/cms/wallpaper_feedback.htmlloopwallpaper.xml&r1=1&action=bizhiEntrance&from	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://static.apc.360.cn/cms/theme/index.htmlMusicIEFrame7	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.ioage.com/web/frame_naverror.html	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/60/horse2_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://w.qhimg.com/images/v2/webapp/class/20110519/tupian.png	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://connect.360.cn/index.php?U	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wan.360.cn/bbs.htmlgame.360.cn&name=http://wan.360.cn/bbs/second.html?g=%shttp://wan.360.cnn	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pstat.p.360.cn/uplog.php0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008DF1000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2489330997.0000000003571000.00000004.00000020.00020000.00000000.sdmp	false		high
http://127.0.0.1/%sfilename=resourcesfilesmetalink:/	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://weibo.com	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.indyproject.org/	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://%s/api.php?	flashApp.exe	false	Avira URL Cloud: safe	low
http://api.t.sina.com.cn/friendships/show.xml	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/0c/ws_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://res.qhupdate.com/wallpaper/index.php?c=WallPaperAloneRelease&a=upgradeini%d.%dB:A:downloadpat	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://p17.qhimg.com/t01786e375a7830d753.png	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://api.t.sina.com.cn/	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://stat.apc.360.cn/stat.html?type=new&action=fencecalendarstate&from=2&fangshi=1	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bbs.360.cn/5473920.htmlCPictureGridPicker::ScrollTo:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=new&action=fencecalendarstate&from=2&fangshi=2	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp	false		high
http://dapp.wan.360.cn/360desk/mhxx?scrol=no&height=&r=1328833800D	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008F87000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/8b/sleepy.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/33/camera_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d9/ye_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=new&action=newdetailclick&from=1000&uid=1&pid=	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.weibo.com/2/friendships/show.json	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://static.apc.360.cn/cms/mini/investment.html	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=open&action=bengkuilesorry&deskbanben=%s&deakbanhao=%s&t=%dMoz	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/bizhi/s.html?action=bizhibox&from=2	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.ioage.com/hl/cn/rendermode.htm	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.360.cn/images/webapp/logo1223/menuyouxi.png	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://my.360.com	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	false		high
http://client.apc.360.cn/cms/360dtconf.inid	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/dt/s.htm?pid=%s&fun=%s&act=%d&res=%d&mid=%s&ver=%s&r1=%d&r2=%d	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.meilishuo.com/users/register	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000091AD000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000014.00000000.2522719212.000000000C860000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000002.2607456987.000000000C860000.00000004.00000001.00020000.00000000.sdmp	false		high
http://%s/intf.php?	flashApp.exe	false	Avira URL Cloud: safe	low
http://seapp.stat.360safe.com/ver.html?name=%s&p=%s&mid=%s&fa=%s&fb=%s&fc=%sU	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://login.sina.com.cn/member/getpwd/getpwd0.php?entry=ssoS	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://spreadsheets.google.com/http://spreadsheets.google.com/https://docs.google.com/http://docs.g	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.t.sina.com.cn/friendships/create/%s.json?source=%s	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008B82000.00000004.00000020.00020000.00000000.sdmp, flashApp.exe, flashApp.exe, 00000010.00000003.2483390515.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, flashApp.exe, 00000010.00000002.2487565254.000000006C3F2000.00000002.00000001.01000000.00000011.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.360.cn/ucenter/faq.html	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://intf.zsall.mobilem.360.cn/zsintf/getDownloadUrl?soft_ids=%s&market_id=&appver=%s&uid=%s&pid=%	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/xiaoguanjia/xgj.html%s?action=shutdown&from=%d&appver=	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bbs.ioage.com/cn/forum-33-1.html	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/1b/m_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7e/hei_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.t.sina.com.cn/friendships/create.xml	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://stat.apc.360.cn/stat.html?type=new&action=SetAppwallpaper&from=1&fangshi=&appid=&r1=&r2=&r3=&	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://desk.score.svc.1360.com/get?qid=%s&sign=%sLoginBallShowCountLoginGuideShowLLoginGuideShowHGui	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.theworld.cn/client/syncfavsorder.db%s	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://static.apc.360.cn/cms/video/shipinhezi1.html%s	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/f3/k_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://s.360.cn/bizhi/s.html?action=bizhiset&from=0&appver=2.1.0.1026&pid=zhuomian&m=	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://swf.baoku.360.cn/zhuomian/player/v2/douban.zip	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000006926000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.winimage.com/zLibDll-1.2.3rbr	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wallpaper.apc.360.cn	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c7/no_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bizhi.360.cn/#360	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.t.sina.com.cn/account/verify_credentials.xml?source=U	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.ifeng.com&fromweb=other&AutoPlay=false	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://w.qhimg.com/images/v2/webapp/class/20110519/shipin.png	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.0000000007310000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.000000000730C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2278897310.00000000071F5000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000002.2550425586.0000000002721000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://relate.apc.360.cn/index.php?c=Relate&a=getRelateCate&mid=&count=16&show=1&version=catecidrela	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007AE3000.00000004.00000020.00020000.00000000.sdmp, 360TopbarASS.exe, 00000007.00000000.2447871998.0000000000B08000.00000002.00000001.01000000.0000000A.sdmp, 360TopbarASS.exe, 00000007.00000002.2455079953.0000000000B08000.00000002.00000001.01000000.0000000A.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=open&action=anzhuangyunxing&from=%d&appver=%s&packagever=%s&ui	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040392649.000000000075B000.00000002.00000001.01000000.00000003.sdmp	false		high
http://cdn.apc.360.cn/index.php?c=GameBox&a=detailV2&appid=%dyingyongdianjihttp://stat.apc.360safe.c	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	false		high
http://zhuomian.360.cn/ver2.0	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000832C000.00000004.00000020.00020000.00000000.sdmp, 360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp, 360TopBar.exe	false		high
https://api.weibo.com/2/statuses/upload.json	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.360.cn	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2043012277.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008944000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000823D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000098AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000097C5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000089D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2429591992.000000000B0FF000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2047217526.000000000320E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2608003325.0000000003C54000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000095D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000733B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008EB5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008A90000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008E93000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009B29000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000009348000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000968D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008D81000.00000004.00000020.00020000.00000000.sdmp	false		high
http://weibo.com/%d/fans	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/stat.html?type=new&action=msgremind&from=%d&appid=%s&http://stat.apc.360.cn/s	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/6a/cake.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wallpaper.apc.360.cn/index.php?c=WallPaper&a=getAppsByCategory&cid=%s&start=%d&count=%dhttp:/	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://zhifu.openapi.360.cnMode	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.baidu.com/baidu?word=%us&tn=ichuner_4_pg&ie=utf-8:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
https://word.office.comon	explorer.exe, 00000014.00000002.2596015892.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2515605568.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://down.360safe.com/setup.exe	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://stat.apc.360.cn/msg.html?type=open&action=zhucechenggong&360DesktopRegisterVerifyCodeDlg	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000006D05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/bc/otm_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/d3/clock_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://swf.baoku.360.cn/gamebox/sorryjump.htmI360AppCenterDataClientTypeTabVisible	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007235000.00000004.00000020.00020000.00000000.sdmp	false		high
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/c2/tooth.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://api.t.sina.com.cn/statuses/update.xml	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://img.t.sinajs.cn/t3/style/images/common/face/ext/normal/7d/sleep_thumb.gif	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007D22000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bizhi.360.cn/uploadwallpaper.html360	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.00000000028C5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pstat.p.360.cn/uplog.phpinfo0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000007503000.00000004.00000020.00020000.00000000.sdmp	false		high
http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeH	360wpappInstaller_zhuomian.exe, 0000000F.00000002.2510103248.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeN	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.00000000096F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000954C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000000.2040411849.0000000000777000.00000008.00000001.01000000.00000003.sdmp, GBInst.exe, 0000000D.00000003.2490485754.0000000003571000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2492077094.0000000003571000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.360.cn;color=rgb(60	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.0000000008673000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://https://DecodePNGimg_reader.dll%s.uiz~mytmpimage_file_%srb	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, 00000000.00000003.2424005358.000000000942E000.00000004.00000020.00020000.00000000.sdmp, GBInst.exe, 0000000D.00000003.2503231467.0000000003571000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
101.198.2.147	unknown	China		55992	QIHOOBeijingQihuTechnologyCompanyLimitedCN	false
171.8.167.89	s.360.cn	China		137687	CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePR	false

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1367834
Start date and time:	2023-12-29 00:33:59 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	39
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
Detection:	MAL
Classification:	mal54.evad.winEXE@27/1337@43/2
EGA Information:	Successful, ratio: 63.6%
HCA Information:	Successful, ratio: 99% Number of executed functions: 144 Number of non-executed functions: 221
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe, StartMenuExperienceHost.exe, TextInputHost.exe, SearchApp.exe
Excluded IPs from analysis (whitelisted): 204.79.197.203
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, r.bing.com, a-0003.a-msedge.net, ctldl.windowsupdate.com, crl.usertrust.com, fe3cr.delivery.mp.microsoft.com, api-msn-com.a-0003.a-msedge.net
Execution Graph export aborted for target SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe, PID 6196 because there are no executed function
Execution Graph export aborted for target regsvr32.exe, PID 3668 because there are no executed function
Execution Graph export aborted for target regsvr32.exe, PID 5256 because there are no executed function
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
00:35:31	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 360Desktop "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun
00:35:40	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 360Desktop "C:\Program Files (x86)\360\360Desktop\Bin\360Topbar.exe" /autorun

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
101.198.2.147	http://china.cn	Get hash	malicious	Unknown	Browse
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse
	7YyaK2cB1s.apk	Get hash	malicious	Unknown	Browse
171.8.167.89	http://www.gourmethousemacau.com/	Get hash	malicious	Unknown	Browse	s.360.cn/so/zz.gif?url=http%3A%2F%2Fwww.gourmethousemacau.com%2FIndex.asp&sid=d182b3f28525f2db83acfaaf6e696dba&token=dp1s8a2.bx3efd2n8I5/2m5ofc2.duba
171.8.167.89	instbeta.exe	Get hash	malicious		Browse	s.360.cn/safe/instcomp.htm?soft=1000&status=10&m=4d3b36ce8a9789208f0edb9ce5b72107&from=safebeta_new&vv=10&ver=12.0.0.1061

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s.360.cn	_____NCM______2_10042231.exe	Get hash	malicious	Unknown	Browse	180.163.251.230
	_____NCM______2_10042231.exe	Get hash	malicious	Unknown	Browse	180.163.251.230
	http://www.gourmethousemacau.com/	Get hash	malicious	Unknown	Browse	171.8.167.89
	http://china.cn	Get hash	malicious	Unknown	Browse	101.198.2.147
	Inst7__9510085.exe	Get hash	malicious	Unknown	Browse	180.163.251.231
	A1FsbRkm5m.exe	Get hash	malicious	Unknown	Browse	171.8.167.89
	http://www.360.cn/download/	Get hash	malicious	Unknown	Browse	171.8.167.89
	S38G0o4jF9.exe	Get hash	malicious	Unknown	Browse	171.8.167.89
	https://dl.pconline.com.cn/download/467865.html	Get hash	malicious	Unknown	Browse	171.8.167.89
	instbeta.exe	Get hash	malicious		Browse	171.8.167.89

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
QIHOOBeijingQihuTechnologyCompanyLimitedCN	https://www.az-partners.net/apps/driver-hub/download?ap=28	Get hash	malicious	Unknown	Browse	104.192.108.17
	https://dbrg.wxsckjz.cn/sem/childbd/f17.html?TFT=8&sfrom=206&DTS=1&keyID=0851&bd_vid=11240621751133777397	Get hash	malicious	Unknown	Browse	104.192.110.245
	eOIFF58KfU.elf	Get hash	malicious	Unknown	Browse	101.197.85.238
	scorp.arm.elf	Get hash	malicious	Mirai	Browse	101.199.91.135
	SecuriteInfo.com.Win32.Trojan.Kryptik.HK@susp.11565.26013.exe	Get hash	malicious	Unknown	Browse	104.192.110.226
	7DmcSNdUVT.exe	Get hash	malicious	AsyncRAT, Fabookie, Glupteba, RedLine, SmokeLoader, onlyLogger	Browse	104.192.108.21
	file.exe	Get hash	malicious	AsyncRAT, Babuk, Clipboard Hijacker, Djvu, Fabookie, Glupteba, SmokeLoader	Browse	104.192.108.20
	file.exe	Get hash	malicious	AsyncRAT, Fabookie	Browse	104.192.108.20
	file.exe	Get hash	malicious	Babuk, Djvu, Fabookie, Glupteba, SmokeLoader	Browse	104.192.108.20
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, CryptOne, Djvu, Fabookie, Glupteba, RedLine	Browse	104.192.108.21
	p7b3Lz57YC.exe	Get hash	malicious	Babuk, Clipboard Hijacker, CryptOne, Djvu, Fabookie, Glupteba, RedLine	Browse	104.192.108.17
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Fabookie, Glupteba, SmokeLoader, onlyLogger	Browse	104.192.108.17
	https://www.so.com/link?m=bHHIH9gHiWMt7CT52Mk%2FHVbpA4Q7HLpfa%2Fe58lRjM9C9UVI%2BR7UmsSaIs1wIDRUJSJpxHEWC1%2BYp0sKM%2Fqs2t2rWnaBABhH9Okw2hj0SG5Er8qYCL76sO1Txz1%2BBPXh5CUJd9No6kEqqeY436	Get hash	malicious	Unknown	Browse	104.192.110.226
	9gbFT1d2ha.elf	Get hash	malicious	Mirai	Browse	101.199.91.165
	mi2xF8aaxo.elf	Get hash	malicious	Mirai	Browse	101.198.225.136
	_____NCM______2_10042231.exe	Get hash	malicious	Unknown	Browse	104.192.108.19
	_____NCM______2_10042231.exe	Get hash	malicious	Unknown	Browse	104.192.108.20
	driver-hub-install__28.exe	Get hash	malicious	Unknown	Browse	104.192.108.20
	driver-hub-install__28.exe	Get hash	malicious	Unknown	Browse	104.192.108.20
CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePR	https://dbrg.wxsckjz.cn/sem/childbd/f17.html?TFT=8&sfrom=206&DTS=1&keyID=0851&bd_vid=11240621751133777397	Get hash	malicious	Unknown	Browse	1.194.250.6
	http://www.baidu.com	Get hash	malicious	Unknown	Browse	36.99.50.48
	kpYawcK42x.elf	Get hash	malicious	Mirai	Browse	1.192.193.56
	07diuwMEw4.elf	Get hash	malicious	Mirai, Moobot	Browse	1.192.193.72
	3nvoeHhdPc.elf	Get hash	malicious	Unknown	Browse	1.192.193.74
	arm7.elf	Get hash	malicious	Mirai	Browse	1.192.193.43
	o8YVsZ3s65.elf	Get hash	malicious	Mirai, Moobot	Browse	36.99.213.123
	http://www.gourmethousemacau.com/	Get hash	malicious	Unknown	Browse	171.8.167.89
	omMuSCiQba.elf	Get hash	malicious	Mirai	Browse	1.192.193.56
	MFHHpyEYrt.elf	Get hash	malicious	Mirai	Browse	1.192.193.73
	6bpg019kR3.exe	Get hash	malicious	Unknown	Browse	36.99.50.35
	360#U6d4b#U901f.exe	Get hash	malicious	Unknown	Browse	1.192.136.170
	f_005f4d.exe	Get hash	malicious	Unknown	Browse	36.99.225.35
	SecuriteInfo.com.Linux.Siggen.9999.1427.20017.elf	Get hash	malicious	Mirai	Browse	1.192.193.52
	DRL8J3CIbk.elf	Get hash	malicious	Mirai	Browse	36.99.143.184
	bJhVWLP5lU.elf	Get hash	malicious	Unknown	Browse	1.192.193.62
	skid.mpsl-20220815-1818	Get hash	malicious	Moobot	Browse	36.99.195.71
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse	171.8.167.68
	xaAKuXBlkn.apk	Get hash	malicious	Unknown	Browse	171.8.167.89

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)	360#U6d4b#U901f.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	271968
Entropy (8bit):	2.7198331920728727
Encrypted:	false
SSDEEP:	1536:xVepfNLvvRB47p+UMXDcOKXYumQN+o5kJAIcPXXvHsnRAvwwCaq:xVahBoMzcOnZ3e0AIcf0nRA9q
MD5:	20E69F7B55EA4F7A48736A19389BD2F9
SHA1:	B104DD43F009AF3AB490C79CA3FCD5BDB7585965
SHA-256:	6C608C5C17969CBFBD43051E860BBA4B9AEDDEDFE57A7310DA37024BA688CBBD
SHA-512:	36627BD215C2AFFD4DEC5E3FFAD5CFB7B44AE7FB2FBA4C582867AB248F88FFD50D1537CA86810CA107CF2A672E8016BF34B71C35EBD396C6A2C48AE66FFDABE1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N...............q.......T.......<.......e.......e..............<.......e...................................<.......................Rich............PE..L...9..N...........!.........0......'........................................0..........................................=...H...........................`...............................................................t............................text...b........................... ..`.rdata........... ..................@..@.data....;... ... ... ..............@...history......`.......@..............@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.4143288879416422
Encrypted:	false
SSDEEP:	384:r/C1fvfbaujwW8ohPERJ0mP/HzuiFfY4lO8k:r/YvfbaujUop+J7P/zuiFfY4lO8
MD5:	66FCD00C42F531862B56F54C63DC570E
SHA1:	1276EF902AFE4545A258AC5268B451AA33D50D2A
SHA-256:	6A174DD0F98B986C7B3DE250CA6E325E003003E36F6C84BAC1948AC246C4ED13
SHA-512:	4500984A3432330EC619C2B601623E7F2396A530C5F515AD3C5928AFBFD952111F146F693608398FC0A2D6DAB3086D1503A98431A9D334022DD8949478114DAF
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.8.2.8.0.1.4.2.2.0.5.9.1.4.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.F.l.a.g.s.=.5.2.4.2.8.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.b.0.7.d.4.a.2.-.a.4.b.d.-.4.5.b.c.-.8.f.3.a.-.4.d.b.3.7.2.7.e.d.1.d.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.c.b.1.4.7.2.d.-.a.8.4.1.-.4.e.6.2.-.b.4.c.8.-.a.1.a.e.3.a.a.8.3.c.f.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.E.x.p.l.o.r.e.r...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.X.P.L.O.R.E.R...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.0.4.-.0.0.0.1.-.0.0.1.4.-.3.1.9.9.-.3.d.7.f.d.7.3.9.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.9.0.b.0.8.0.e.0.6.5.5.7.2.0.c.a.d.8.c.1.c.a.e.4.b.8.1.9.3.c.9.3.8.2.c.9.a.c.9.2.!.e.x.p.l.o.r.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.0.2././.1.2././.2.1.:.2.0.:.5.

Process:	C:\Program Files (x86)\360\360Desktop\modules\GBInst.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	724600
Entropy (8bit):	6.515371619339392
Encrypted:	false
SSDEEP:	12288:xnFslNsHuR4pg6uEBj/jRK5nYg2DNfMC+zFXTX94/wo9Tm5KO1f:5FslNsO6yft2JfMjzFXTt4V9To1f
MD5:	640F33B0059ED6EB89AA5133263846D3
SHA1:	F1BC1491BBF6DAEC1FB2B1AA3437BBA4C3D3D0BA
SHA-256:	677C9F6A9DF66F0F086931AD46B28B4C94BFF7A28960B8E9970B84801D633AD8
SHA-512:	14E3A419C0A75B3780903889A0D4921AB7487ECF53272C10042DB4D211D15C226A10CF8C25AA23E143EBFE77C15A7A9D6FAE3BD2F4EAA5A701295A8AA6405313
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^i..^i..^i..y..._i..v..Vi..@;..[i...&..[i..W...~i..y...Ci..^i..i..W....i..W...*i..W..._i..@;.._i..W..._i..Rich^i..........PE..L......P...........!.....v..........<Y..............................................-.....@.........................pX.......D..,....0..................x....@...S..`................................................................................text...,t.......v.................. ..`.rdata..B............z..............@..@.data...@....`...:...F..............@....rsrc........0......................@..@.reloc...q...@...r..................@..B........................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	111744
Entropy (8bit):	4.01246373231805
Encrypted:	false
SSDEEP:	768:xlr5kJGFj3W0jk0VDYcsmoH40RNWLyIujyHH0PO2kVR1vN/3lFJmyyp13ceWhtil:dkwj1Ycsmoi5htibGCnaGF1Kncmc8a
MD5:	54F68C036160F2F38BB8EB280E6E8CF9
SHA1:	6236043FA9C556651407E764FFE1A7ABF5DC3288
SHA-256:	626535BEF03D0B9238E1C4B2352D42D045B97D41652CD4E267467D2A463EE40E
SHA-512:	EE0B980E400B9A7A632414432FFE058217EB2135A0F367702F17A1A829F49390348234A1FD8BDBDF9945B222D84DE54A0F9E024D261AC02976BE1B6EA67D79F0
Malicious:	false
Preview:	....h... ...............P...............[...x...a..........h...........Y.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.992113234589977
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe
File size:	22'004'296 bytes
MD5:	aae3eedbdc1b1a99f7c2844f85352692
SHA1:	8025c689f73816e6c275e38002649d91244d6db2
SHA256:	2c1d65f58f07ad391492f0c0b1c335321f7b0d6e9f41218e04404e7b58692ddb
SHA512:	85572587d270bd81180ef6f71bd7ea67ef68e043d2938cf44821efa8f448141f821219fc5f9eef5896c92098e0cb1c49c2a094cf52dae5dc9bfdca0b69f67766
SSDEEP:	393216:MM29LTLRF5Aqahe8A6+M5JnOHz15dDaYqZJRPcVxkbnpIwpmXhd99lEuts:Mn9LBF5AiDzM5OzndDfwJRPUepfmxbot
TLSH:	E9273322BBCAC0BAEBD2233545A99B1F6975F6324B505DCBB3E50B5C4E216C06D36313
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7I.OV'.OV'.OV'.....KV'.F...SV'.Q...JV'.F....V'.F...\V'.h.J.KV'.h.\.hV'.OV&..W'.F....V'.Q...NV'.F...NV'.RichOV'................

Entrypoint:	0x469a9a
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x51947733 [Thu May 16 06:05:39 2013 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	404cf80e26b57b92c5197972a37704a5

Signature Valid:	true
Signature Issuer:	CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	11/03/2013 01:00:00 11/03/2016 00:59:59
Subject Chain	CN=Qihoo 360 Software (Beijing) Company Limited, OU=Tech. Dev. Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Qihoo 360 Software (Beijing) Company Limited, L=Beijing, S=Beijing, C=CN
Version:	3
Thumbprint MD5:	3CA61B8826F65521BFB360E9053FC4F7
Thumbprint SHA-1:	1E5BB77FCB63F26277F95AAE09B852699327A08A
Thumbprint SHA-256:	BF14AC18F94AB836E88591B971FA00AC7A690A22E1354016059FBC12351558C8
Serial:	51BD5D8E45B82A0210F17FE4C5233468

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa3e90	0x190	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xae000	0xec0a0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x14fa798	0x1ab0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x19b000	0x7444	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x8b6f0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x98270	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8b000	0x618	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8912c	0x89200	False	0.5042445305378305	data	6.57735167781926	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8b000	0x1b082	0x1b200	False	0.3235527073732719	data	4.5992220814652605	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa7000	0x69b8	0x3e00	False	0.248046875	data	4.123195216012852	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xae000	0xec0a0	0xec200	False	0.9657505211090525	data	7.960227616232132	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x19b000	0xa2b6	0xa400	False	0.5201505335365854	data	5.496479285816793	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
DLL	0xaebb0	0x5ff01	7-zip archive data, version 0.4	Chinese	China	1.0002468438343755
DLL	0x10eab4	0x341b3	Microsoft Cabinet archive data, Windows 2000/XP setup, 213427 bytes, 1 file, at 0x2c +A "7z.dll", number 1, 12 datablocks, 0x1 compression	Chinese	China	1.0003373518814396
LICENCE	0x142c68	0x1ad8	Unicode text, UTF-16, little-endian text, with CRLF line terminators	Chinese	China	0.539871944121071
OEMDATA	0x144740	0x56	7-zip archive data, version 0.3	Chinese	China	0.9069767441860465
SETUPCONFIG	0x144798	0x2f0a	7-zip archive data, version 0.4	Chinese	China	1.000913469523335
SETUPDATA	0x1476a4	0x18	data	Chinese	China	1.3333333333333333
SETUPPLUGIN	0x1476bc	0x10	data	Chinese	China	0.6875
SKIN	0x1476cc	0x254df	7-zip archive data, version 0.4	Chinese	China	1.0003664945451214
RT_ICON	0x16cbac	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Chinese	China	0.582089552238806
RT_ICON	0x16da54	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Chinese	China	0.730595667870036
RT_ICON	0x16e2fc	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Chinese	China	0.5541907514450867
RT_ICON	0x16e864	0xfda7	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9992145992145992
RT_ICON	0x17e60c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Chinese	China	0.5579875518672199
RT_ICON	0x180bb4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Chinese	China	0.5956848030018762
RT_ICON	0x181c5c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Chinese	China	0.7384751773049646
RT_ICON	0x1820c4	0x10a77	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9740966063182585
RT_ICON	0x192b3c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Chinese	China	0.4276970954356846
RT_ICON	0x1950e4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Chinese	China	0.4896810506566604
RT_ICON	0x19618c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Chinese	China	0.40691489361702127
RT_DIALOG	0x1965f4	0x2c	data	Chinese	China	0.8409090909090909
RT_DIALOG	0x196620	0x350	data	Chinese	China	0.5176886792452831
RT_DIALOG	0x196970	0xdc	data	Chinese	China	0.7227272727272728
RT_DIALOG	0x196a4c	0x1da	data	Chinese	China	0.5780590717299579
RT_DIALOG	0x196c28	0x1ac	data	Chinese	China	0.5677570093457944
RT_DIALOG	0x196dd4	0xde	data	Chinese	China	0.7117117117117117
RT_DIALOG	0x196eb4	0x1ce	data	Chinese	China	0.5735930735930735
RT_DIALOG	0x197084	0x412	data	Chinese	China	0.5239923224568138
RT_DIALOG	0x197498	0x6c	data	Chinese	China	0.75
RT_DIALOG	0x197504	0x152	data	Chinese	China	0.4940828402366864
RT_STRING	0x197658	0x2d8	data	Chinese	China	0.49175824175824173
RT_STRING	0x197930	0x49a	data	Chinese	China	0.6239388794567062
RT_STRING	0x197dcc	0x5a4	data	Chinese	China	0.5706371191135734
RT_STRING	0x198370	0x1aa	data	Chinese	China	0.755868544600939
RT_STRING	0x19851c	0x1d4	data	Chinese	China	0.7243589743589743
RT_STRING	0x1986f0	0x49c	data	Chinese	China	0.4872881355932203
RT_STRING	0x198b8c	0x294	data	Chinese	China	0.7090909090909091
RT_STRING	0x198e20	0x19a	data	Chinese	China	0.8512195121951219
RT_STRING	0x198fbc	0x17e	data	Chinese	China	0.6387434554973822
RT_STRING	0x19913c	0x86	data	Chinese	China	0.7985074626865671
RT_STRING	0x1991c4	0xf4	data	Chinese	China	0.6844262295081968
RT_STRING	0x1992b8	0x68	AmigaOS bitmap font "egSb \220\250`\352\201\361]\204v3", 60255 elements	Chinese	China	0.8076923076923077
RT_STRING	0x199320	0x24	data	Chinese	China	0.4444444444444444
RT_STRING	0x199344	0x56	data	Chinese	China	0.6627906976744186
RT_STRING	0x19939c	0x2c	data	Chinese	China	0.5454545454545454
RT_STRING	0x1993c8	0x128	data	Chinese	China	0.597972972972973
RT_STRING	0x1994f0	0x22	data	Chinese	China	0.38235294117647056
RT_ACCELERATOR	0x199514	0x70	data	Chinese	China	0.6785714285714286
RT_RCDATA	0x199584	0x80	OpenPGP Public Key	English	United States	1.0859375
RT_GROUP_ICON	0x199604	0x68	data	Chinese	China	0.6923076923076923
RT_GROUP_ICON	0x19966c	0x3e	Targa image data - Map 32 x 2679 x 1 +1	Chinese	China	0.8548387096774194
RT_VERSION	0x1996ac	0x5ac	data	Chinese	China	0.3409090909090909
RT_MANIFEST	0x199c58	0x448	ASCII text, with very long lines (612), with CRLF line terminators	English	United States	0.47354014598540145

DLL	Import
KERNEL32.dll	FindFirstFileW, FormatMessageW, CopyFileW, GetVolumeInformationW, OpenProcess, CompareFileTime, SetThreadPriority, GetCurrentThread, SetPriorityClass, GetEnvironmentVariableW, GetSystemInfo, InitializeCriticalSection, DeleteCriticalSection, GetLongPathNameW, lstrcmpiW, CreateMutexW, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceW, LoadLibraryExW, GetCommandLineW, QueryDosDeviceW, GetLogicalDriveStringsW, GetSystemDirectoryW, CreateProcessW, FindAtomW, GlobalAddAtomW, GetTickCount, QueryPerformanceCounter, QueryPerformanceFrequency, CreateFileA, GetTempPathA, GlobalUnlock, GlobalLock, GlobalAlloc, GetPrivateProfileStringW, CreateThread, TerminateProcess, FindResourceExW, GetDiskFreeSpaceExW, LockResource, GetFileTime, ReadProcessMemory, GetFileSizeEx, GetFullPathNameW, GetPrivateProfileIntW, FindClose, FindNextFileW, lstrcpyW, CreateToolhelp32Snapshot, LocalAlloc, LocalFree, GetTempFileNameW, GetFileAttributesW, LoadLibraryW, GetCurrentProcessId, CreateFileW, DeviceIoControl, GlobalFindAtomW, GetVersionExW, CreateDirectoryW, lstrcmpiA, Process32FirstW, WriteConsoleW, GetConsoleOutputCP, WritePrivateProfileStringW, GetDriveTypeA, GetCurrentDirectoryA, FlushFileBuffers, SetStdHandle, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetConsoleMode, GetConsoleCP, GetModuleHandleA, GetStartupInfoA, SetHandleCount, IsValidCodePage, GetOEMCP, GetModuleFileNameA, HeapCreate, GetCPInfo, LCMapStringW, LCMapStringA, GetStartupInfoW, ExitProcess, ExitThread, RtlUnwind, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, SystemTimeToFileTime, LocalFileTimeToFileTime, InitializeCriticalSectionAndSpinCount, GetACP, SetEnvironmentVariableW, TlsFree, TlsAlloc, Process32NextW, WriteFile, GetDriveTypeW, SetLastError, GetCurrentThreadId, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, lstrcatW, Sleep, GetLocalTime, GetModuleFileNameW, GetShortPathNameW, MoveFileW, MoveFileExW, DeleteFileW, GetProcAddress, FreeLibrary, SetFileAttributesW, RemoveDirectoryW, GetTempPathW, lstrlenA, OutputDebugStringW, DebugBreak, InterlockedIncrement, lstrlenW, InterlockedDecrement, WaitForSingleObject, CloseHandle, EnterCriticalSection, MulDiv, RaiseException, GetModuleHandleW, CreateEventW, SetEvent, GetLocaleInfoW, GetLastError, ResetEvent, LockFile, GetFileSize, OpenThread, TlsSetValue, TlsGetValue, ReleaseMutex, SetFilePointerEx, GetFileType, lstrcmpA, GetSystemTime, ReadFile, UnlockFile, CreateFileMappingW, GetSystemTimeAsFileTime, HeapSize, HeapReAlloc, HeapDestroy, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, GetStdHandle, SetEndOfFile, SetFileTime, GetFileAttributesExW, UnmapViewOfFile, SetFilePointer, WriteConsoleA, WideCharToMultiByte, MapViewOfFile, GetExitCodeProcess
USER32.dll	IsWindow, SendMessageW, CharNextW, CharUpperW, LoadStringW, PostMessageW, FindWindowW, SendMessageTimeoutW, wvsprintfW, EnableWindow, GetDlgItem, IsWindowEnabled, ShowWindow, SetDlgItemTextW, IsWindowVisible, EndDialog, GetWindowLongW, SetWindowTextW, EnumWindows, GetClassNameW, GetWindowThreadProcessId, EmptyClipboard, SetClipboardData, CloseClipboard, SetCursor, PtInRect, OpenClipboard, MessageBoxW, wsprintfW, WaitForInputIdle, DialogBoxParamW, OffsetRect, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, BringWindowToTop, RegisterClassExW, LoadCursorW, GetClassInfoExW, GetSystemMetrics, LoadImageW, IsIconic, PostQuitMessage, InflateRect, IsDialogMessageW, GetSystemMenu, EnableMenuItem, GetActiveWindow, CharLowerW, EndPaint, BeginPaint, CallWindowProcW, DefWindowProcW, CopyRect, KillTimer, SetTimer, CreateDialogParamW, GetWindowTextLengthW, MessageBeep, SetFocus, RedrawWindow, InvalidateRect, DestroyWindow, CreateWindowExW, FindWindowExW, GetWindowTextW, ReleaseDC, GetDC, SetWindowLongW, GetParent, GetWindow, GetWindowRect, ExitWindowsEx, UnregisterClassA, MonitorFromWindow, GetMonitorInfoW, MapWindowPoints, SetWindowPos, ScreenToClient, GetClientRect, MoveWindow
GDI32.dll	CreateCompatibleDC, DeleteDC, CreateCompatibleBitmap, DeleteObject, BitBlt, SetViewportOrgEx, SelectObject
ADVAPI32.dll	LookupAccountSidW, RegQueryInfoKeyW, RegDeleteValueW, RegDeleteKeyW, RegOpenKeyExW, RegCreateKeyExW, RegSetValueExW, GetUserNameW, GetNamedSecurityInfoW, BuildExplicitAccessWithNameW, SetEntriesInAclW, SetNamedSecurityInfoW, GetExplicitEntriesFromAclW, EqualSid, GetTrusteeNameW, DeleteAce, RegOpenKeyExA, LookupAccountNameW, RegOpenKeyW, RegEnumKeyExW, RegCloseKey, RegEnumKeyExA, RegQueryValueExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegQueryValueExA
SHELL32.dll	ShellExecuteW, ShellExecuteExW, SHCreateDirectoryExW, SHChangeNotify, SHGetSpecialFolderPathW, SHGetSpecialFolderLocation, SHGetMalloc, SHGetFolderPathW, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW
ole32.dll	OleRun, CoInitialize, CoUninitialize, CoCreateGuid, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoTaskMemRealloc
OLEAUT32.dll	VariantClear, SysAllocStringByteLen, SysStringByteLen, VarUI4FromStr, VariantInit, SysStringLen, SysFreeString, SysAllocString
SHLWAPI.dll	SHGetValueA, PathFileExistsW, SHGetValueW, PathCombineW, PathFindFileNameW, SHDeleteValueW, SHDeleteKeyW, PathIsRelativeW, PathAppendW, PathAddBackslashW, PathRemoveFileSpecW, PathIsPrefixW, wnsprintfW, PathRemoveBackslashW, PathAppendA, SHSetValueA, PathFindExtensionW, StrCmpIW, PathIsDirectoryW, PathIsURLW, PathIsNetworkPathW, StrRetToStrW, PathMatchSpecW, PathRemoveExtensionW, SHSetValueW
COMCTL32.dll	InitCommonControlsEx
MSIMG32.dll	AlphaBlend
VERSION.dll	GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
PSAPI.DLL	GetProcessImageFileNameW, EnumProcesses, GetModuleFileNameExW
urlmon.dll	URLDownloadToFileW, URLDownloadToCacheFileW
IPHLPAPI.DLL	GetAdaptersInfo
WININET.dll	InternetGetConnectedState
NETAPI32.dll	Netbios
SETUPAPI.dll	SetupIterateCabinetW
CRYPT32.dll	CryptMsgClose, CertCloseStore, CryptMsgUpdate, CryptMsgOpenToDecode, CertOpenStore, CertGetNameStringW, CertGetCertificateContextProperty
WINTRUST.dll	WTHelperGetProvSignerFromChain, WTHelperProvDataFromStateData

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2023 00:34:52.424222946 CET	55501	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:34:52.546715975 CET	53	55501	1.1.1.1	192.168.2.5
Dec 29, 2023 00:34:59.393486977 CET	61275	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:34:59.690332890 CET	53	61275	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:07.910032034 CET	61902	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:08.108989000 CET	53	61902	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:14.376072884 CET	54722	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:14.574985981 CET	53	54722	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:20.866801977 CET	64212	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:21.028163910 CET	53	64212	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:27.533402920 CET	58898	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:27.694840908 CET	53	58898	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:32.006818056 CET	49718	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:32.293349981 CET	53	49718	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:35.271931887 CET	55690	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:35.394740105 CET	53	55690	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:35.457041025 CET	56820	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:35.581958055 CET	53	56820	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:39.595143080 CET	61467	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:40.116090059 CET	53	61467	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:46.100716114 CET	65462	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:46.260241985 CET	53	65462	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:54.598541021 CET	63874	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:35:54.938333035 CET	53	63874	1.1.1.1	192.168.2.5
Dec 29, 2023 00:35:55.880462885 CET	61451	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:03.196747065 CET	58657	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:03.358181000 CET	53	58657	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:09.764420033 CET	51141	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:10.109539986 CET	53	51141	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:16.522806883 CET	59708	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:16.557292938 CET	57490	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:16.872802019 CET	53	59708	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:16.891089916 CET	53	57490	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:18.824274063 CET	49972	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:19.174588919 CET	53	49972	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:23.677791119 CET	62648	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:24.048126936 CET	53	62648	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:30.692054987 CET	51272	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:30.853666067 CET	53	51272	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:37.294974089 CET	59680	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:37.329951048 CET	53810	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:37.417396069 CET	53	59680	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:37.528902054 CET	53	53810	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:39.216873884 CET	57680	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:39.585937023 CET	53	57680	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:45.539473057 CET	52638	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:45.661875963 CET	53	52638	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:52.078049898 CET	62474	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:52.365875006 CET	53	62474	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:57.018208981 CET	59351	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:57.140573978 CET	53	59351	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:58.000639915 CET	61969	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:58.122908115 CET	53	61969	1.1.1.1	192.168.2.5
Dec 29, 2023 00:36:58.535912991 CET	60165	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:36:58.889364958 CET	53	60165	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:06.969841957 CET	61521	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:07.091922998 CET	53	61521	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:09.163017035 CET	53580	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:09.481801033 CET	53	53580	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:10.546330929 CET	58727	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:11.051595926 CET	53	58727	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:13.790438890 CET	58009	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:14.097212076 CET	53	58009	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:24.187844992 CET	55988	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:24.309628963 CET	53	55988	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:26.898228884 CET	52913	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:27.058644056 CET	53	52913	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:28.250849962 CET	55930	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:28.595143080 CET	53	55930	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:31.216830015 CET	57219	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:31.338923931 CET	53	57219	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:37.990406990 CET	54930	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:38.112497091 CET	53	54930	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:42.173470020 CET	49262	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:42.202017069 CET	63030	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:42.295922995 CET	53	49262	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:42.556293964 CET	53	63030	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:44.150000095 CET	62774	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:44.549844027 CET	62774	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:44.652440071 CET	53	62774	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:44.672530890 CET	53	62774	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:47.651221991 CET	63081	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:47.773412943 CET	53	63081	1.1.1.1	192.168.2.5
Dec 29, 2023 00:37:55.511190891 CET	58794	53	192.168.2.5	1.1.1.1
Dec 29, 2023 00:37:55.634242058 CET	53	58794	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:34:52.909001112 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=1&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=6648 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:34:53.244698048 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:34:53 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:31 GMT Connection: keep-alive ETag: "5bd6a4cf-0" Accept-Ranges: bytes
Dec 29, 2023 00:34:59.390960932 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29968 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:34:59.738418102 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:34:59 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:31 GMT Connection: keep-alive ETag: "5bd6a4cf-0" Accept-Ranges: bytes
Dec 29, 2023 00:35:07.913032055 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24957 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:08.248414040 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:08 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:31 GMT Connection: keep-alive ETag: "5bd6a4cf-0" Accept-Ranges: bytes
Dec 29, 2023 00:35:14.374689102 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=13209 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:14.710832119 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:14 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:31 GMT Connection: keep-alive ETag: "5bd6a4cf-0" Accept-Ranges: bytes
Dec 29, 2023 00:35:20.866072893 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=1772 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:21.201472044 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:21 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:31 GMT Connection: keep-alive ETag: "5bd6a4cf-0" Accept-Ranges: bytes
Dec 29, 2023 00:35:27.532919884 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23407 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:27.868343115 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:27 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:31 GMT Connection: keep-alive ETag: "5bd6a4cf-0" Accept-Ranges: bytes
Dec 29, 2023 00:35:32.793870926 CET	389	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7933&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:33.129270077 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:32 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:31 GMT Connection: keep-alive ETag: "5bd6a4cf-0" Accept-Ranges: bytes
Dec 29, 2023 00:35:35.272314072 CET	381	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=37062&r2=15793 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:35.609736919 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:35 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:31 GMT Connection: keep-alive ETag: "5bd6a4cf-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:35:35.920334101 CET	377	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=17067 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:36.241269112 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:36 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:09 GMT Connection: keep-alive ETag: "5bd6a405-0" Accept-Ranges: bytes
Dec 29, 2023 00:35:46.099939108 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=18640 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:35:35.930074930 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:35:36.263149977 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:36 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:55 GMT Connection: close ETag: "6295d27b-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:35:37.039297104 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=1&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:35:37.356605053 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:37 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:52 GMT Connection: close ETag: "6295d278-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:35:46.600261927 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=18640 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:46.914726019 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:46 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:32 GMT Connection: keep-alive ETag: "5bd6a4d0-0" Accept-Ranges: bytes
Dec 29, 2023 00:35:54.571779966 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=13322 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:35:54.886162996 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:35:54 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:32 GMT Connection: keep-alive ETag: "5bd6a4d0-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:03.198215961 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=8772 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:03.512296915 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:03 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:32 GMT Connection: keep-alive ETag: "5bd6a4d0-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:09.766801119 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=30407 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:10.083152056 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:09 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:32 GMT Connection: keep-alive ETag: "5bd6a4d0-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:16.991801977 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=20906 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:17.306067944 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:17 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:32 GMT Connection: keep-alive ETag: "5bd6a4d0-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:17.622956038 CET	952	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:17.937134027 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:17 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:32 GMT Connection: keep-alive ETag: "5bd6a4d0-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:17.965435982 CET	940	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:18.279565096 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:18 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:32 GMT Connection: keep-alive ETag: "5bd6a4d0-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:18.328989029 CET	382	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=105189&r2=24629 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:18.643044949 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:18 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:32 GMT Connection: keep-alive ETag: "5bd6a4d0-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:36:17.964256048 CET	864	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23303&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:18.274997950 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:18 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:18.328845024 CET	390	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23355&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:18.639628887 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:18 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:18.641706944 CET	377	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=25445 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:18.952501059 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:18 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:23.677452087 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=10282 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:23.988179922 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:23 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:30.690320969 CET	374	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=474 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:31.002459049 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:30 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:38.131787062 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24763 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:38.442481041 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:38 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:38.458472013 CET	864	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:38.769887924 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:38 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:38.772625923 CET	940	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:39.083666086 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:38 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:39.093909979 CET	382	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=152251&r2=26191 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:39.404639006 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:39 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:53 GMT Connection: keep-alive ETag: "5d36b951-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:36:18.690186977 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:36:18.992338896 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:18 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 07:45:56 GMT Connection: close ETag: "6295c7b4-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:36:19.408819914 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:36:19.728250980 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:19 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:33 GMT Connection: close ETag: "6295d265-0" Accept-Ranges: bytes

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Cryptography

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\360\360Desktop\360Common.dll (copy)

C:\Program Files (x86)\360\360Desktop\360P2SP.dll (copy)

C:\Program Files (x86)\360\360Desktop\360Preview.ui (copy)

C:\Program Files (x86)\360\360Desktop\360Preview.xml (copy)

C:\Program Files (x86)\360\360Desktop\360Ver.dll (copy)

C:\Program Files (x86)\360\360Desktop\360dtpreview.exe (copy)

C:\Program Files (x86)\360\360Desktop\360net.dll (copy)

C:\Program Files (x86)\360\360Desktop\360verify.dll (copy)

C:\Program Files (x86)\360\360Desktop\7z.dll

C:\Program Files (x86)\360\360Desktop\Bin\360Apns.dll (copy)

C:\Program Files (x86)\360\360Desktop\Bin\360AppCenter.exe (copy)

C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe (copy)

C:\Program Files (x86)\360\360Desktop\Bin\360DTFence.dll (copy)

C:\Program Files (x86)\360\360Desktop\Bin\360DTNotify.exe (copy)

Windows Analysis Report
SecuriteInfo.com.Trojan.Click2.57467.3204.14689.exe

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:36:38.505110979 CET	952	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24812&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:38.820633888 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:38 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:38.821916103 CET	390	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24865&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:39.137329102 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:38 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:39.139195919 CET	377	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=26498 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:39.454684019 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:39 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:45.538108110 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=16128 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:45.853878975 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:45 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:52.077105045 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=4740 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:52.392759085 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:52 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:57.442926884 CET	952	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:57.758431911 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:57 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:57.776842117 CET	864	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:58.092227936 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:57 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:58.098139048 CET	390	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22292&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:58.413696051 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:58 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:58.417661905 CET	377	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=24539 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:58.733025074 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:58 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:58.810522079 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=26734 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:59.126010895 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:58 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:06.967778921 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=20600 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:07.283323050 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:07 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:09.569399118 CET	952	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:09.884973049 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:09 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:09.923795938 CET	940	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:10.239078999 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:10 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:10.239940882 CET	382	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=203246&r2=29887 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:10.555207014 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:10 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:36:38.980153084 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:36:39.284059048 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:39 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:21 GMT Connection: close ETag: "6295d259-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:36:39.698844910 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:36:40.019849062 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:39 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:21 GMT Connection: close ETag: "6295d259-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:36:57.777416945 CET	940	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22243&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:58.101587057 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:57 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes
Dec 29, 2023 00:36:58.105714083 CET	382	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=179645&r2=23925 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:36:58.430932999 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:58 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 23 Jul 2019 07:37:50 GMT Connection: keep-alive ETag: "5d36b94e-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:36:58.391282082 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:36:58.694575071 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:36:58 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:55 GMT Connection: close ETag: "6295d27b-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:37:09.892112017 CET	864	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29120&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:10.212546110 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:10 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:08 GMT Connection: keep-alive ETag: "5bd6a404-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:10.222560883 CET	390	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=29172&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:10.542962074 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:10 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:08 GMT Connection: keep-alive ETag: "5bd6a404-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:10.544148922 CET	377	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=30243 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:10.864629984 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:10 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:08 GMT Connection: keep-alive ETag: "5bd6a404-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:13.786082029 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=10129 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:14.106503963 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:13 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:08 GMT Connection: keep-alive ETag: "5bd6a404-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:37:10.544284105 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=0&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:37:10.865390062 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:10 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:52 GMT Connection: close ETag: "6295d278-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:37:11.341151953 CET	180	OUT	GET /bizhi/s.html?action=wpinst&from=2&appver=2.1.0.1026&pid=zhuomian&m=59cd53708ed730f0ef42bb01f668d936 HTTP/1.0 Host: s.360.cn User-Agent: NSISDL/1.2 (Mozilla) Accept: /
Dec 29, 2023 00:37:11.643367052 CET	235	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:11 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Tue, 31 May 2022 08:31:45 GMT Connection: close ETag: "6295d271-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:37:24.500675917 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=11343 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:24.812469959 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:24 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:27.286772013 CET	952	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:27.599111080 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:27 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:27.611183882 CET	864	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:27.923193932 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:27 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:27.926593065 CET	390	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21499&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:28.239698887 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:28 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:28.240330935 CET	377	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22619 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:28.552372932 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:28 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:31.216882944 CET	375	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=1538 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:31.529124022 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:31 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:37.990012884 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=23630 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:38.302226067 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:38 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:43.052628040 CET	951	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7343&ext=defaultskin.zip_3\|SwitchBarCloud.xml_3\|360seNotify.RS_2\|360AppCenter.EXE_2\|360AppCore.EXE_2\|360Desktop.EXE_2\|360DesktopSwitch.EXE_2\|360DesktopSwitch64.EXE_2\|360DTNotify.EXE_2\|360dtpreview.EXE_2\|360FeedBack.EXE_2\|360GameBox.EXE_2\|360GbApp.EXE_2\|360Inst.EXE_2\|360mwapp.EXE_2\|360seNotify.EXE_2\|360TopBar.EXE_2\|360TopbarASS.EXE_2\|360wapp.EXE_2\|360weibo.EXE_2\|360wpappInstaller_zhuomian.EXE_2\|CatchScreenTray.EXE_2\|desktoptool.EXE_2\|DTCrashReport.EXE_2\|dtfilm.EXE_2\|DTQuickInstProxy.EXE_2\|dtwebbrowser.EXE_2\|DumpReport.EXE_2\|flashApp.EXE_2\|GBInst.EXE_2\|ImportFavHelper.EXE_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:43.364913940 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:43 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:43.411056995 CET	863	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7343&ext=dtswitcher.DLL_2\|dtswitcher64.DLL_2\|dtwebframe.DLL_2\|ExtNetIncrement.DLL_2\|GameBox.DLL_2\|GameBoxCore.DLL_2\|img_reader.DLL_2\|LiveUpd360.DLL_2\|MsgBox.DLL_2\|NotifyDown.DLL_2\|PDown.DLL_2\|RegularShutdown.DLL_2\|Safelive.DLL_2\|Shell360dt.DLL_2\|Shell360dt64.DLL_2\|SMWebProxydt.DLL_2\|SoftMgrLiteBase.DLL_2\|somcoredt.DLL_2\|somkernldt.DLL_2\|somQuickInstdt.DLL_2\|SomSoftMgrdt.DLL_2\|sqlite3.DLL_2\|UiFeature360Control.DLL_2\|UiFeatureKernel.DLL_2\|UiPluginCake.DLL_2\|urlproc.DLL_2\|urlprocnet.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:43.723146915 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:43 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:43.731295109 CET	389	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=10&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=7395&r3=1280x1024 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:44.043236017 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:43 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:44.056545973 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=11&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=9384 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:44.368494987 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:44 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:47.651221037 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=22394 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:47.963289976 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:47 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:55.510549068 CET	376	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=2&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=15343 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:55.822606087 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:55 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:09:19 GMT Connection: keep-alive ETag: "5bd6a40f-0" Accept-Ranges: bytes

Timestamp	Bytes transferred	Direction	Data
Dec 29, 2023 00:37:27.609848976 CET	940	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=810&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=0&r2=21446&ext=LiveUpdate360.EXE_2\|MusicIEFrame.EXE_2\|oauthlogin.EXE_2\|RegSMWebProxy.EXE_2\|SetupUtilDT.EXE_2\|Uninstall.EXE_2\|UpdateTool.EXE_2\|360Apns.DLL_2\|360Common.DLL_2\|360DesktopAssistant.DLL_2\|360DesktopMenu.DLL_2\|360DesktopUi.DLL_2\|360DTFence.DLL_2\|360DTSwitchBar.DLL_2\|360Login.DLL_2\|360MsgPushCore.DLL_2\|360net.DLL_2\|360NetUL.DLL_2\|360P2SP.DLL_2\|360Ver.DLL_2\|360verify.DLL_2\|360ZMUDetail.DLL_2\|AppCenterCore.DLL_2\|AppcenterData.DLL_2\|AppcenterDataGb.DLL_2\|AppUpdate.DLL_2\|BizPluginCake.DLL_2\|BoxUI.DLL_2\|CloudTaskCenter_naive.DLL_2\|dtappcore.DLL_2\|DTShutdown.DLL_2 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:27.926127911 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:27 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:27 GMT Connection: keep-alive ETag: "5bd6a4cb-0" Accept-Ranges: bytes
Dec 29, 2023 00:37:27.929008007 CET	382	OUT	GET /dt/s.htm?pid=h_home&fun=inst&act=1000&res=13&mid=59cd53708ed730f0ef42bb01f668d936&ver=2.6.0.1110&r1=228113&r2=22263 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: s.360.cn Connection: Keep-Alive
Dec 29, 2023 00:37:28.246242046 CET	240	IN	HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Thu, 28 Dec 2023 23:37:28 GMT Content-Type: text/html Content-Length: 0 Last-Modified: Mon, 29 Oct 2018 06:12:27 GMT Connection: keep-alive ETag: "5bd6a4cb-0" Accept-Ranges: bytes