Technical Information
- 'C:\qingyuge\Additional\updater.exe' /silent
- 'C:\qingyuge\qingyuge.exe'
- '%WINDIR%\Installer\MSI5.tmp' http://x1.####zone.com:8816/install.html
- '<SYSTEM32>\msiexec.exe' -Embedding 5FE1A3220024767B38C0B63120241BC7
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' /i "%APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\qyg.msi" AI_SETUPEXEPATH=<Full path to virus> SETUPEXEDIR=<Current directory>\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
- C:\qingyuge\Graphics\back_press.bmp
- C:\qingyuge\Graphics\back_touched.bmp
- C:\qingyuge\Graphics\bg.bmp
- C:\qingyuge\qingyuge.exe
- C:\qingyuge\Config.BOB
- C:\qingyuge\Graphics\back.bmp
- C:\qingyuge\Graphics\forward.bmp
- C:\qingyuge\Graphics\forward_press.bmp
- C:\qingyuge\Graphics\forward_touched.bmp
- C:\qingyuge\Graphics\close.bmp
- C:\qingyuge\Graphics\close_press.bmp
- C:\qingyuge\Graphics\close_touched.bmp
- C:\Config.Msi\617b4.rbs
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- %WINDIR%\Installer\MSI3.tmp
- C:\qingyuge\情 欲 阁 网页版.html
- %ALLUSERSPROFILE%\Desktop\情 欲 阁 网页版.html.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\情欲阁\情 欲 阁 网页版.html.lnk
- C:\qingyuge\Graphics\update_touched.bmp
- C:\qingyuge\Additional\updater.exe
- C:\qingyuge\Additional\qygstart.html
- %WINDIR%\Installer\MSI5.tmp
- %TEMP%\URL6.url
- %WINDIR%\Installer\MSI7.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\情欲阁\情 欲 阁 客户端.lnk
- %ALLUSERSPROFILE%\Desktop\情 欲 阁 客户端.lnk
- C:\qingyuge\Additional\updater.ini
- C:\qingyuge\Graphics\update_press.bmp
- C:\qingyuge\Graphics\minimize.bmp
- C:\qingyuge\Graphics\minimize_press.bmp
- C:\qingyuge\Graphics\minimize_touched.bmp
- C:\qingyuge\Graphics\maximize.bmp
- C:\qingyuge\Graphics\maximize_press.bmp
- C:\qingyuge\Graphics\maximize_touched.bmp
- C:\qingyuge\Graphics\resize_normal.bmp
- C:\qingyuge\Graphics\resize_pressed.bmp
- C:\qingyuge\Graphics\update.bmp
- C:\qingyuge\Graphics\refresh.bmp
- C:\qingyuge\Graphics\refresh_press.bmp
- C:\qingyuge\Graphics\refresh_touched.bmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\minimize_touched.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\refresh.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\refresh_press.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\maximize_touched.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\minimize.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\minimize_press.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\update.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\update_press.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\update_touched.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\refresh_touched.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\resize_normal.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\resize_pressed.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\maximize_press.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\back_touched.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\bg.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\close.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\decoder.dll
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\back.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\back_press.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\forward_press.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\forward_touched.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\maximize.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\close_press.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\close_touched.bmp
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Graphics\forward.bmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Additional\updater.exe
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Config.BOB
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\qyg.msi
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\Additional\qygstart.html
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\情 欲 阁 网页版.html
- %APPDATA%\QingYuGe\QingYuGe 1.2.0\install\01CC0D0\qingyuge.exe
- %WINDIR%\Installer\MSI2.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- %TEMP%\60429.msi
- %WINDIR%\Installer\617b1.msi
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI3.tmp
- C:\Config.Msi\617b4.rbs
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI2.tmp
- 'localhost':1039
- 'in##.#deal-age.com':7512
- 'www.ni###lan.com':7758
- 'localhost':1035
- 'x1.##s-zone.com':8816
- 'localhost':1038
- DNS ASK www.ni###lan.com
- DNS ASK in##.#deal-age.com
- DNS ASK x1.##s-zone.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'