Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\bluebox] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] '%TEMP%\LGPacket\bivatg_70081.exe' = '%TEMP%\LGPacket\bivatg_70081.exe:*:Enabled:百度卫士在线安装程序'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\LGPacket\bivatg_70081.exe' = '%TEMP%\LGPacket\bivatg_70081.exe:*:Enabled:百度卫士在线安装程序'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] '%TEMP%\LGPacket\xpdgu_30742.exe' = '%TEMP%\LGPacket\xpdgu_30742.exe:*:Enabled:百度杀毒在线安装程序'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\LGPacket\xpdgu_30742.exe' = '%TEMP%\LGPacket\xpdgu_30742.exe:*:Enabled:百度杀毒在线安装程序'
- '%TEMP%\LGPacket\xpdgu_30742.exe'
- '%TEMP%\LGPacket\bivatg_70081.exe'
- '%PROGRAM_FILES%\BlueBox\BlueBox.exe' hide
- '%TEMP%\BlueSoftSetup_bsrlgngw_87872_.exe'
- '%TEMP%\LGPacket\BlueBox_bsrlgngw_87872_Setup.exe' /S
- NtEnumerateValueKey, handler: bluebox.sys
- NtQueryValueKey, handler: bluebox.sys
- NtSetValueKey, handler: bluebox.sys
- NtDeleteKey, handler: bluebox.sys
- NtDeleteValueKey, handler: bluebox.sys
- NtEnumerateKey, handler: bluebox.sys
- [<HKCU>\Software\Microsoft\Internet Explorer\Main] 'Window Title' = 'Чч±ЧБъёЁЦъ№Щ·ЅЈє www.zblwg.com'
- %PROGRAM_FILES%\BlueBox\res_bluebox\wait.gif
- %PROGRAM_FILES%\BlueBox\res_bluebox\wait.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\topright_bk.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\topbk.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\topright.png
- %APPDATA%\BlueBox\list_soft.xml
- %PROGRAM_FILES%\BlueBox\setting.ini
- %APPDATA%\BlueBox\config_update.xml
- %PROGRAM_FILES%\BlueBox\res_bluebox\warning.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\xuanqu_img1.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\progress_textbk.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\prompt.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\progress_fore.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\logo.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\progress_bk.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\scroll_thumb.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\success.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\scroll_bkgnd.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\refresh.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\roundbk.png
- %PROGRAM_FILES%\BlueBox\bbfixer.exe
- %TEMP%\nsg9.tmp\dl.dll
- %TEMP%\nsg9.tmp\hu.dll
- %TEMP%\nsg9.tmp\BDMDownload.dll
- %TEMP%\nsg9.tmp\res\onlineWnd.zip
- %TEMP%\nsg9.tmp\BDMSkin.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\update.u.gsie[1].1&softid=0&hid=11000000000000000001&macadd=00-00-00-00-00-01&md5=5E8CF0724013AA9F5A143908FC6B6709&rand=310359
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\install[1].1&softid=0&hid=11000000000000000001&macadd=00-00-00-00-00-01&md5=5E8CF0724013AA9F5A143908FC6B6709&rand=386031
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\70081[1]
- %TEMP%\nsg9.tmp\BDMNetGetInfo.dll
- %TEMP%\nsg9.tmp\tmpv8e1mi.dll
- %HOMEPATH%\Start Menu\Programs\蓝光宝盒\蓝光宝盒.lnk
- %HOMEPATH%\Start Menu\Programs\蓝光宝盒\卸载 蓝光宝盒.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\bluebox[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install[1].1&softid=0&hid=11000000000000000001&macadd=00-00-00-00-00-01&md5=5E8CF0724013AA9F5A143908FC6B6709&rand=243703
- %APPDATA%\BlueBox\soft_installed.xml
- %TEMP%\nsl8.tmp
- %TEMP%\nsg9.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\30742[1]
- %TEMP%\nsu5.tmp
- %ALLUSERSPROFILE%\Application Data\Baidu\Common\Global.db
- %PROGRAM_FILES%\BlueBox\res_bluebox\listtop.png
- %PROGRAM_FILES%\BlueBox\bbcomm.dll
- %PROGRAM_FILES%\BlueBox\bbhelper.dll
- %PROGRAM_FILES%\BlueBox\BlueBox.exe
- %TEMP%\setupplugins.dll
- %PROGRAM_FILES%\BlueBox\bluebox.sys
- %PROGRAM_FILES%\BlueBox\license.txt
- %PROGRAM_FILES%\BlueBox\main.ico
- %PROGRAM_FILES%\BlueBox\install.ico
- %PROGRAM_FILES%\BlueBox\dsui.dll
- %PROGRAM_FILES%\BlueBox\hgcounter.dll
- %TEMP%\LGPacket\list_soft.xml
- %TEMP%\LGPacket\BlueBox_bsrlgngw_87872_Setup.exe
- C:\BlueSoftSetup.log
- %TEMP%\BlueSoftSetup_bsrlgngw_87872_.res
- %TEMP%\BlueSoftSetup_bsrlgngw_87872_.exe
- %TEMP%\nss3.tmp\System.dll
- %PROGRAM_FILES%\BlueBox\install.log
- %TEMP%\nsx2.tmp
- %TEMP%\LGPacket\xpdgu_30742.exe
- %TEMP%\LGPacket\bivatg_70081.exe
- %PROGRAM_FILES%\BlueBox\selfdestructor.bat
- %PROGRAM_FILES%\BlueBox\res_bluebox\deficon.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\dividing_line.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\corner.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\btnbk4.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\checkbox.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\groupcapbk.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\grouptop.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\frame.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\editbk.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\fail.png
- %PROGRAM_FILES%\BlueBox\uninst.ico
- %PROGRAM_FILES%\BlueBox\res_bluebox\arrow.png
- %PROGRAM_FILES%\BlueBox\uninst.exe
- %PROGRAM_FILES%\BlueBox\setupplugins.dll
- %PROGRAM_FILES%\BlueBox\statmgr.dll
- %PROGRAM_FILES%\BlueBox\res_bluebox\btnbk2_old.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\btnbk3.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\btnbk2.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\bottombk.png
- %PROGRAM_FILES%\BlueBox\res_bluebox\btnbk1.png
- %TEMP%\LGPacket\BlueBox_bsrlgngw_87872_Setup.exe
- %TEMP%\LGPacket\bivatg_70081.exe
- %TEMP%\LGPacket\xpdgu_30742.exe
- %TEMP%\LGPacket\list_soft.xml
- %TEMP%\nss3.tmp\System.dll
- %TEMP%\setupplugins.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\70081[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\30742[1]
- '12#.#25.114.144':80
- 'up####.safe.my.iedun.cn':80
- 'localhost':1048
- 'ap#.gsie.cn':80
- 'localhost':1035
- 'up####.u.gsie.cn':80
- '12###.iboluo.cc':80
- 12#.#25.114.144/api/openapi/json_get_full_down_url_v4/30742
- 12#.#25.114.144/api/openapi/json_get_weishi_down_url_v1/70081
- up####.u.gsie.cn/?ve###########################################################################################################################################
- up####.u.gsie.cn/install/?ve###########################################################################################################################################
- 12###.iboluo.cc/bluebox.html?ac##################################################################################
- ap#.gsie.cn/boxUpVer?ui#################################################################################################################
- DNS ASK p.#.#aidu.com
- DNS ASK sh###.baidu.com
- DNS ASK we####.baidu.com
- DNS ASK up####.safe.my.iedun.cn
- DNS ASK up####.u.gsie.cn
- DNS ASK 12###.iboluo.cc
- DNS ASK ap#.gsie.cn
- ClassName: '#32770' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'BDMOnLineWnd' WindowName: '(null)'
- ClassName: 'BlueBoxFrame' WindowName: '(null)'
- ClassName: 'abc' WindowName: 'abc'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'zuobilong' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'OnLineWnd' WindowName: '(null)'
- ClassName: 'Internet Explorer_TridentDlgFrame' WindowName: '(null)'