Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'ilmc6dhl' = 'RunDll32 "%WINDIR%\Downlo~1\ilmc6dhl.dll",Run'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdnup.exe] 'Debugger' = '<SYSTEM32>\rundll32.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'SearchNet_Up' = '%WINDIR%\Downlo~1\SearchNet\ServeUp.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'CdnCtr' = ''
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'CnsMin' = ''
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'SrvNet32' = 'RunDll32 "%WINDIR%\Downlo~1\SearchNet\SrvNet32.dll",Run'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- %APPDATA%\microsoft\windows\start menu\programs\startup\µøö·à ¸ëñë÷.lnk
- [<HKLM>\System\CurrentControlSet\Services\faks] 'ImagePath' = '<DRIVERS>\faks.sys'
- [<HKLM>\System\CurrentControlSet\Services\FAD] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\FAD] 'ImagePath' = 'system32\DRIVERS\FAD.sys'
- [<HKLM>\System\CurrentControlSet\Services\Anfad] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\Anfad] 'ImagePath' = 'system32\drivers\Anfad.sys'
- 'faks' <DRIVERS>\faks.sys
- 'FAD' system32\DRIVERS\FAD.sys
- 'Anfad' system32\drivers\Anfad.sys
- Handler for all processes: %WINDIR%\Downloaded Program Files\searchnet\srvnet32.dll
- %TEMP%\vaa29he\setup.tmp
- %TEMP%\vaa29he\uninstall.exe.tmp
- %TEMP%\vaa29he\uninstall.exe
- %TEMP%\vaa29he\_uninstall
- %TEMP%\vaa29he\faks.sys
- %WINDIR%\syswow64\drivers\faks.sys
- %TEMP%\temp3
- %WINDIR%\syswow64\servehost.dat
- %WINDIR%\Downloaded Program Files\faks.dll
- %WINDIR%\Downloaded Program Files\searchnet\allverx.dat
- %WINDIR%\syswow64\drivers\fad.sys
- %WINDIR%\Downloaded Program Files\searchnet\anfad.sys
- %WINDIR%\Downloaded Program Files\searchnet\fad.inf
- %WINDIR%\Downloaded Program Files\searchnet\fad.sys
- %WINDIR%\Downloaded Program Files\searchnet\serveup.exe
- %WINDIR%\Downloaded Program Files\searchnet\snhpr.dll
- %WINDIR%\Downloaded Program Files\searchnet\srvnet32.dll
- %WINDIR%\Downloaded Program Files\searchnet\uninstall.exe
- %WINDIR%\Downloaded Program Files\searchnet\_uninstall
- %TEMP%\vaa29he\srvnet32.dll.zgx
- %WINDIR%\Downloaded Program Files\ilmc6dhl.dll
- %TEMP%\vaa29he\srvnet32.dll.zgx.tmp
- %TEMP%\vaa29he\temp3.tmp
- %TEMP%\vaa29he\anfad.sys.tmp
- %TEMP%\vaa29he\anfad.sys
- %TEMP%\vaa29he\fad.inf.tmp
- %TEMP%\vaa29he\fad.inf
- %TEMP%\vaa29he\fad.sys.tmp
- %TEMP%\vaa29he\fad.sys
- %TEMP%\vaa29he\kc3q.tmp
- %TEMP%\vaa29he\kc3q
- %TEMP%\vaa29he\temp3
- %TEMP%\vaa29he\snhpr.dll.zgx.tmp
- %TEMP%\vaa29he\allverx.dat.tmp
- %TEMP%\vaa29he\allverx.dat
- %TEMP%\vaa29he\gladiator.dll.zgx.tmp
- %TEMP%\vaa29he\gladiator.dll.zgx
- %TEMP%\vaa29he\iehpr.dll.zgx.tmp
- %TEMP%\vaa29he\iehpr.dll.zgx
- %TEMP%\vaa29he\serveup.exe.tmp
- %TEMP%\vaa29he\serveup.exe
- %TEMP%\vaa29he\snhpr.dll.zgx
- %WINDIR%\syswow64\drivers\anfad.sys
- %TEMP%\vaa29he\anfad.sys.tmp
- %WINDIR%\Downloaded Program Files\searchnet\fad.sys
- %WINDIR%\Downloaded Program Files\searchnet\_uninstall
- %WINDIR%\Downloaded Program Files\searchnet\allverx.dat
- %TEMP%\vaa29he\_uninstall
- %TEMP%\vaa29he\uninstall.exe
- %TEMP%\vaa29he\srvnet32.dll
- %TEMP%\vaa29he\snhpr.dll
- %TEMP%\vaa29he\serveup.exe
- %TEMP%\vaa29he\fad.sys
- %TEMP%\vaa29he\fad.inf
- %TEMP%\vaa29he\anfad.sys
- %TEMP%\vaa29he\allverx.dat
- %TEMP%\vaa29he\gladiator.dll
- %TEMP%\vaa29he\iehpr.dll
- %WINDIR%\Downloaded Program Files\searchnet\fad.inf
- %TEMP%\vaa29he\temp3
- %TEMP%\vaa29he\faks.sys
- %TEMP%\vaa29he\kc3q
- %TEMP%\vaa29he\setup.tmp
- %TEMP%\vaa29he\uninstall.exe.tmp
- %TEMP%\vaa29he\srvnet32.dll.zgx.tmp
- %TEMP%\vaa29he\snhpr.dll.zgx.tmp
- %TEMP%\vaa29he\serveup.exe.tmp
- %TEMP%\vaa29he\iehpr.dll.zgx.tmp
- %TEMP%\vaa29he\gladiator.dll.zgx.tmp
- %TEMP%\vaa29he\allverx.dat.tmp
- %TEMP%\vaa29he\temp3.tmp
- %TEMP%\vaa29he\kc3q.tmp
- %TEMP%\vaa29he\fad.sys.tmp
- %TEMP%\vaa29he\fad.inf.tmp
- %WINDIR%\syswow64\drivers\faks.sys
- %WINDIR%\Downloaded Program Files\searchnet\anfad.sys
- from %TEMP%\vaa29he\gladiator.dll.zgx to %TEMP%\vaa29he\gladiator.dll
- from %TEMP%\vaa29he\iehpr.dll.zgx to %TEMP%\vaa29he\iehpr.dll
- from %TEMP%\vaa29he\snhpr.dll.zgx to %TEMP%\vaa29he\snhpr.dll
- from %TEMP%\vaa29he\srvnet32.dll.zgx to %TEMP%\vaa29he\srvnet32.dll
- %LOCALAPPDATA%\microsoft\windows\explorer\explorerstartuplog_runonce.etl
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\Downloaded Program Files\searchnet\serveup.exe'
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\SearchNet\SNHpr.dll"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' setupapi,InstallHinfSection DefaultInstall 132 .\fad.inf' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\Downlo~1\SearchNet\SNHpr.dll"' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\cdnns.dll"' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\CNNIC\Cdn\wmhlpr.dll"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\Downlo~1\SearchNet\SrvNet32.dll",Run' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\cdn.dll"' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\CNNIC\Cdn\iesrch.dll"' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\CNNIC\Cdn\cdnforie.dll"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\Downlo~1\ilmc6dhl.dll",Run' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\Downlo~1\faks.dll"' (with hidden window)
- '%WINDIR%\syswow64\regedit.exe' /s "%TEMP%\temp3"' (with hidden window)
- '%WINDIR%\syswow64\cacls.exe' "%ProgramFiles%\HuaCi" /T /E /P "everyone":f' (with hidden window)
- '%WINDIR%\syswow64\cacls.exe' "%WINDIR%\Downlo~1\SearchNet" /T /E /P "everyone":f' (with hidden window)
- '%WINDIR%\syswow64\cacls.exe' "%ProgramFiles(x86)%\CNNIC\Cdn" /T /E /D "everyone"' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s %WINDIR%\Downlo~1\' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\CNNIC\Cdn\cdniehlp.dll"' (with hidden window)
- '%WINDIR%\Downloaded Program Files\searchnet\serveup.exe' ' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\SearchNet\SNHpr.dll"
- '%WINDIR%\syswow64\rundll32.exe' setupapi,InstallHinfSection DefaultInstall 132 .\fad.inf
- '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\Downlo~1\SearchNet\SNHpr.dll"
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\cdnns.dll"
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\CNNIC\Cdn\wmhlpr.dll"
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\Downlo~1\SearchNet\SrvNet32.dll",Run
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\cdn.dll"
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\CNNIC\Cdn\iesrch.dll"
- '%WINDIR%\syswow64\runonce.exe' -r
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\CNNIC\Cdn\cdnforie.dll"
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\Downlo~1\ilmc6dhl.dll",Run
- '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\Downlo~1\faks.dll"
- '%WINDIR%\syswow64\regedit.exe' /s "%TEMP%\temp3"
- '%WINDIR%\syswow64\cacls.exe' "%ProgramFiles%\HuaCi" /T /E /P "everyone":f
- '%WINDIR%\syswow64\cacls.exe' "%WINDIR%\Downlo~1\SearchNet" /T /E /P "everyone":f
- '%WINDIR%\syswow64\cacls.exe' "%ProgramFiles(x86)%\CNNIC\Cdn" /T /E /D "everyone"
- '%WINDIR%\syswow64\regsvr32.exe' /u /s %WINDIR%\Downlo~1\
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ProgramFiles(x86)%\CNNIC\Cdn\cdniehlp.dll"
- '%WINDIR%\syswow64\grpconv.exe' -o