Technical Information
- [<HKLM>\SYSTEM\ControlSet001\services\ImageOpt] 'Start' = '00000002'
- '%TEMP%\GLJE4B4.tmp' %PROGRAM_FILES%\ymLevel2_Taste\Coder2.dll
- '%TEMP%\a989\setup3029.exe'
- '%TEMP%\GLJE4B4.tmp' %PROGRAM_FILES%\ymLevel2_Taste\DownLoad.dll
- '%TEMP%\GLJE4B4.tmp' %PROGRAM_FILES%\ymLevel2_Taste\UnzipDll.dll
- '%TEMP%\GLJE4B4.tmp' %PROGRAM_FILES%\ymLevel2_Taste\MFC71.dll
- '%TEMP%\a989\winRun.exe'
- '<SYSTEM32>\gins.exe' /p-90911/s-9782/leoaedo
- '%TEMP%\a989\LavaGame_2.2_2051.exe'
- '%TEMP%\GLBE37B.tmp' 4736 %TEMP%\a989\WL0421~1.EXE
- '%TEMP%\a989\wl0421290.EXE'
- '%PROGRAM_FILES%\Internet Explorer\iexplore.exe' http://www.qq##.info/cjtest/conf.jsp?v=#######################################
- '%PROGRAM_FILES%\Internet Explorer\iexplore.exe' http://www.em##ey.cn/salesinfo/sales/dcwj/index.html?si###############
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnZoneCrossing' = '00000000'
- %TEMP%\~DF162B4AF89A05F22A.TMP
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\{4F52E142-DA11-11E4-B006-98FCA8AD23F3}.dat
- %TEMP%\~DF2B95A2DFBFA4D260.TMP
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F52E140-DA11-11E4-B006-98FCA8AD23F3}.dat
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\dnserror[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\NewErrorPageTemplate[1]
- %TEMP%\~DF4652F435ABA31E9C.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\INSTALL.LOG
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\{4E627646-DA11-11E4-B006-98FCA8AD23F3}.dat
- %HOMEPATH%\Desktop\ТжГЛІЩЕМКЦ.lnk
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ТжГЛИнјю\ТжГЛІЩЕМКЦ\Р¶ФШТжГЛІЩЕМКЦ.lnk
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH000f.TMP
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ТжГЛИнјю\ТжГЛІЩЕМКЦ\ТжГЛІЩЕМКЦ.lnk
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E627644-DA11-11E4-B006-98FCA8AD23F3}.dat
- %TEMP%\~DF605902688BF619B0.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\UNWISE.INI
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ТжГЛІЩЕМКЦ.lnk
- %TEMP%\~DFF9FFD02E06473A55.TMP
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\NewErrorPageTemplate[1]
- <LS_APPDATA>\Microsoft\Internet Explorer\imagestore\g1bfg6d\imagestore.dat
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\{81417EBF-DA11-11E4-B006-98FCA8AD23F3}.dat
- <LS_APPDATA>\Microsoft\Internet Explorer\Recovery\High\Active\{8A81F7EF-DA11-11E4-B006-98FCA8AD23F3}.dat
- %TEMP%\~DF449BC7851C574FFD.TMP
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\httpErrorPagesScripts[1]
- %APPDATA%\Roaming\Microsoft\Protect\S-1-5-21-2832440558-3064306045-1455513625-1000\ebb613d7-71fd-43f2-83be-4a4c934e791d
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\dnserror[2]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\NewErrorPageTemplate[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\httpErrorPagesScripts[1]
- <Auxiliary element>
- %TEMP%\a989\PPTV(pplive)_forgy_0004.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\httpErrorPagesScripts[1]
- %TEMP%\nsxDE9D.tmp\System.dll
- %TEMP%\djhist.log
- %TEMP%\nsxDE9D.tmp\djcomm.dll
- %TEMP%\djruncon.log
- %TEMP%\nsxDE9D.tmp\io3.ini
- %TEMP%\nsxDE9D.tmp\licenseDNA.rtf
- %TEMP%\nsxDE9D.tmp\ad.bmp
- %TEMP%\nsxDE9D.tmp\left.bmp
- %TEMP%\nsxDE9C.tmp
- %TEMP%\a989\stpcfgf.pdf
- %TEMP%\a989\wl0421290.EXE
- <SYSTEM32>\gins.exe
- <SYSTEM32>\JeepImage.sys
- %TEMP%\a989\winRun.exe
- %TEMP%\myothello.exe
- %TEMP%\a989\setup3029.exe
- %TEMP%\a989\LavaGame_2.2_2051.exe
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0004.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0006.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0002.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\temp.000
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH000b.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH000d.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0007.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0009.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0001.TMP
- %TEMP%\GLBE37B.tmp
- %TEMP%\GLCE474.tmp
- %TEMP%\nsxDE9D.tmp\license.rtf
- %TEMP%\nsxDE9D.tmp\NSISdl.dll
- %TEMP%\GLGEF03.tmp
- %TEMP%\~GLH0000.TMP
- %TEMP%\GLJE4B4.tmp
- %TEMP%\GLKE6B8.tmp
- %TEMP%\GLJE4B4.tmp
- %TEMP%\GLKE6B8.tmp
- %TEMP%\GLGEF03.tmp
- %TEMP%\GLBE37B.tmp
- %TEMP%\GLCE474.tmp
- %TEMP%\GLFEF23.tmp
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0007.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0004.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0002.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH000d.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH000b.TMP
- %PROGRAM_FILES%\ymLevel2_Taste\~GLH0009.TMP
- from %PROGRAM_FILES%\ymLevel2_Taste\~GLH0003.TMP to %PROGRAM_FILES%\ymLevel2_Taste\Coder2.dll
- from %PROGRAM_FILES%\ymLevel2_Taste\~GLH0006.TMP to %PROGRAM_FILES%\ymLevel2_Taste\L2Host.dat
- from %PROGRAM_FILES%\ymLevel2_Taste\~GLH000f.TMP to %PROGRAM_FILES%\ymLevel2_Taste\offLogo.mht
- from %TEMP%\~GLH0000.TMP to %TEMP%\GLFEF23.tmp
- from %PROGRAM_FILES%\ymLevel2_Taste\~GLH0001.TMP to %PROGRAM_FILES%\ymLevel2_Taste\UNWISE.EXE
- from %PROGRAM_FILES%\ymLevel2_Taste\temp.000 to %PROGRAM_FILES%\ymLevel2_Taste\~GLH0003.TMP
- DNS ASK dn#.##ftncsi.com
- DNS ASK www.qq##.info
- DNS ASK ie#####e.microsoft.com
- DNS ASK ie#####t.microsoft.com
- DNS ASK d2.###rotect.net
- DNS ASK do####ad.lava.cn
- DNS ASK www.em##ey.cn
- DNS ASK go.###rosoft.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Run'