Technical Information
Modifies file system
Creates the following files
- %TEMP%\7za.dll
- %LOCALAPPDATA%\theworld6\user data\default\shortcuts
- %LOCALAPPDATA%\theworld6\user data\default\secure preferences
- %LOCALAPPDATA%\theworld6\user data\default\quotamanager
- %LOCALAPPDATA%\theworld6\user data\default\preferences
- %LOCALAPPDATA%\theworld6\user data\default\history
- %LOCALAPPDATA%\theworld6\user data\default\bookmarks
- %LOCALAPPDATA%\tencent\qqbrowser\user data\default\web data
- %LOCALAPPDATA%\tencent\qqbrowser\user data\default\top sites
- %LOCALAPPDATA%\tencent\qqbrowser\user data\default\shortcuts
- %LOCALAPPDATA%\tencent\qqbrowser\user data\default\secure preferences
- %LOCALAPPDATA%\theworld6\user data\default\top sites
- %LOCALAPPDATA%\tencent\qqbrowser\user data\default\preferences
- %LOCALAPPDATA%\tencent\qqbrowser\user data\default\bookmarks
- %LOCALAPPDATA%\google\chrome\user data\default\bookmarks
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\manifest-000001
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\log.old
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\log
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\current
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\000012.ldb
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\000011.log
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\000009.ldb
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\000007.ldb
- %LOCALAPPDATA%\tencent\qqbrowser\user data\default\config bookmarks
- %LOCALAPPDATA%\liebao\user data\default\quotamanager
- %HOMEPATH%\favorites\links\à ïã«ìò¹ùГГё.url
- %LOCALAPPDATA%\ucbrowser\user data\default\bookmarks
- %HOMEPATH%\favorites\links\Гøö·µ¼º½.url
- %HOMEPATH%\favorites\links\°ù¶èëñë÷.url
- %HOMEPATH%\favorites\links\èèµãðâîå.url
- %HOMEPATH%\favorites\links\óîï·óéà ö.url
- %HOMEPATH%\favorites\links\ìô±¦ГГё.url
- %HOMEPATH%\favorites\links\ììã¨.url
- %HOMEPATH%\favorites\links\¾©¶«¹ºîï.url
- %TEMP%\nsod9ba.tmp\system.dll
- %LOCALAPPDATA%\liebao\user data\default\usertyped
- %LOCALAPPDATA%\liebao\user data\default\web data
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\000005.ldb
- %LOCALAPPDATA%\liebao\user data\default\top sites
- %LOCALAPPDATA%\liebao\user data\default\preferences
- %LOCALAPPDATA%\liebao\user data\default\login data
- %LOCALAPPDATA%\liebao\user data\default\bookmarks
- %LOCALAPPDATA%\ucbrowser\user data\default\web data.67
- %LOCALAPPDATA%\ucbrowser\user data\default\top sites.3
- %LOCALAPPDATA%\ucbrowser\user data\default\secure preferences
- %LOCALAPPDATA%\ucbrowser\user data\default\retailer
- %LOCALAPPDATA%\ucbrowser\user data\default\quotamanager.5
- %LOCALAPPDATA%\ucbrowser\user data\default\preferences
- %LOCALAPPDATA%\ucbrowser\user data\default\omnibox
- %LOCALAPPDATA%\theworld6\user data\default\web data
- %LOCALAPPDATA%\ucbrowser\user data\local state
- %LOCALAPPDATA%\360chrome\chrome\user data\default\local storage\leveldb\000003.log
- %APPDATA%\baidu\baidubrowser\user_data\default\settings\settings.db
- %APPDATA%\baidu\baidubrowser\user_data\default\data_misc\data_misc.db
- %APPDATA%\baidu\baidubrowser\user_data\default\bookmark\bookmark.db.bak
- %APPDATA%\baidu\baidubrowser\user_data\default\bookmark\bookmark.db
- %APPDATA%\baidu\baidubrowser\user_data\default\blank_tab\new_tab.db
- %APPDATA%\baidu\baidubrowser\user_data\default\ad_block\ad_block.db
- %APPDATA%\baidu\baidubrowser\rpt.dat
- %APPDATA%\360se6\user data\default\local storage\chrome_newtab_0.localstorage
- %APPDATA%\360se6\user data\default\web data
- %APPDATA%\360se6\user data\default\top sites
- %APPDATA%\360se6\user data\default\quotamanager
- %APPDATA%\baidu\baidubrowser\user_data\default\plugin_setting\plugin_setting.db
- %APPDATA%\360se6\user data\default\preferences
- %APPDATA%\360se6\user data\default\bookmarks
- %TEMP%\nsrd544.tmp
- %TEMP%\d35f.tmp
- %ProgramFiles(x86)%\360\360safe\softmgr\somextrainfo.ini
- %ProgramFiles(x86)%\360\360safe\deepscan\speedmem2.hg
- %ProgramFiles(x86)%\360\360sd\sl2plugin.db
- %ProgramFiles(x86)%\360\360sd\sl2.db
- %ProgramFiles(x86)%\360\360safe\ipc\kpuaf.dat
- %ProgramFiles(x86)%\360\360safe\360ss2.dat
- %TEMP%\360safe.dll
- %APPDATA%\360se6\user data\default\history
- %APPDATA%\sogouexplorer\favicon\favoricon.db
- %LOCALAPPDATA%\360chrome\chrome\user data\default\top sites
- %APPDATA%\baidu\baidubrowser\user_data\default\settings\user_setting.db
- %LOCALAPPDATA%\360chrome\chrome\user data\default\secure preferences
- %LOCALAPPDATA%\360chrome\chrome\user data\default\quotamanager
- %LOCALAPPDATA%\360chrome\chrome\user data\default\preferences
- %LOCALAPPDATA%\360chrome\chrome\user data\default\history
- %LOCALAPPDATA%\360chrome\chrome\user data\default\bookmarks
- %LOCALAPPDATA%\2345explorer\user data\default\page_file.dat
- %LOCALAPPDATA%\2345explorer\user data\default\web datav3
- %LOCALAPPDATA%\2345explorer\user data\default\top sites
- %LOCALAPPDATA%\2345explorer\user data\default\secure preferences
- %LOCALAPPDATA%\2345explorer\user data\default\preferencesv2
- %LOCALAPPDATA%\360chrome\chrome\user data\default\web data
- %LOCALAPPDATA%\2345explorer\user data\default\bookmarks
- %APPDATA%\sogouexplorer\favorite3mob.dat
- %APPDATA%\sogouexplorer\favorite3.dat
- %APPDATA%\sogouexplorer\config.xml
- %APPDATA%\sogouexplorer\commcfg.xml
- %APPDATA%\sogouexplorer\misc.db
- %APPDATA%\sogouexplorer\historyurl3.db
- %APPDATA%\mozilla\firefox\profiles\default\xulstore.json
- %APPDATA%\mozilla\firefox\profiles\default\prefs.js
- %APPDATA%\mozilla\firefox\profiles\default\places.sqlite
- %APPDATA%\baidu\baidubrowser\user_data\default\suggestion\suggestion.db
- %APPDATA%\baidu\baidubrowser\user_data\default\render_info\web_compatability2.db
- %HOMEPATH%\favorites\links\»æà úГГё.url
Deletes the following files
- %TEMP%\7za.dll
- %TEMP%\360safe.dll
- %TEMP%\nsod9ba.tmp\system.dll
- %TEMP%\d35f.tmp
Moves the following files
- from <Full path to file> to %TEMP%\e821.tmp
Deletes itself.
Miscellaneous
Creates and executes the following
- '%TEMP%\7za.dll' x "%TEMP%\360Safe.dll" -o"%ProgramFiles(x86)%\360" -r -y
- '%TEMP%\d35f.tmp'
- '<Full path to file>' ' (with hidden window)
- '%TEMP%\7za.dll' x "%TEMP%\360Safe.dll" -o"%ProgramFiles(x86)%\360" -r -y' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C WMIC BIOS get Manufacturer' (with hidden window)
- '%TEMP%\d35f.tmp' ' (with hidden window)
Executes the following
- '<SYSTEM32>\cmd.exe' /C WMIC BIOS get Manufacturer
- '<SYSTEM32>\wbem\wmic.exe' BIOS get Manufacturer
