Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\bandac] 'ImagePath' = '%APPDATA%\122359\bandac.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\bandac] 'Start' = '00000002'
- '%APPDATA%\122359\bandac.exe' -i
- '%APPDATA%\122359\bandac.exe'
- '%APPDATA%\122359\RLServiceB.exe' BootDoThings
- '%TEMP%\is-9E794.tmp\<File name>.tmp' /SL5="$30092,1076840,56832,<Full path to file>"
- '%APPDATA%\122359\awdec.exe' <Full path to file>
- '%APPDATA%\122359\bandac.exe' -u
- '<SYSTEM32>\net.exe' start bandac
- '<SYSTEM32>\net1.exe' start bandac
- '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\122359\DataView.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\122359\DataView64.dll"
- %APPDATA%\122359\resource\is-E6AL9.tmp
- %APPDATA%\122359\resource\is-327KA.tmp
- %APPDATA%\122359\resource\is-KFLJR.tmp
- %APPDATA%\122359\resource\is-VBBFN.tmp
- %APPDATA%\122359\resource\is-V7RKT.tmp
- %APPDATA%\122359\resource\is-V17PF.tmp
- %APPDATA%\122359\resource\is-P25VO.tmp
- %APPDATA%\122359\resource\is-D09A8.tmp
- %APPDATA%\122359\resource\is-CA8LN.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\is-27U11.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\is-TDB5Q.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\en\is-NLMDA.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\zh_CN\is-JNMJN.tmp
- %APPDATA%\122359\resource\is-DTVIT.tmp
- %APPDATA%\122359\resource\is-L6PQ5.tmp
- %APPDATA%\122359\resource\is-GNT8V.tmp
- %APPDATA%\122359\resource\is-QDHH3.tmp
- %APPDATA%\122359\resource\is-8OUSI.tmp
- %APPDATA%\122359\xmlconfig\is-VQ61P.tmp
- %APPDATA%\122359\xmlconfig\is-196GC.tmp
- %APPDATA%\122359\resource\DirectUI\is-VASKD.tmp
- %APPDATA%\122359\resource\DirectUI\is-BQ1BT.tmp
- %ALLUSERSPROFILE%\Desktop\јтФјИХАъ.lnk
- %TEMP%\2b5b9\mainClient.exe
- %APPDATA%\122359\is-Q4TVJ.tmp
- %APPDATA%\122359\is-DH5AT.tmp
- %APPDATA%\122359\resource\DirectUI\is-FHQJH.tmp
- %APPDATA%\122359\resource\is-L9RDV.tmp
- %APPDATA%\122359\resource\is-K1JM0.tmp
- %APPDATA%\122359\resource\is-PVU97.tmp
- %APPDATA%\122359\resource\is-FPUQQ.tmp
- %APPDATA%\122359\resource\is-4PVEH.tmp
- %APPDATA%\122359\resource\DirectUI\is-R6CRQ.tmp
- %APPDATA%\122359\resource\is-JI37D.tmp
- %APPDATA%\122359\resource\is-1M8CN.tmp
- %APPDATA%\122359\is-SMDRT.tmp
- %APPDATA%\122359\extensions\is-KBSQM.tmp
- %APPDATA%\122359\is-CDGNK.tmp
- %APPDATA%\122359\is-F4EPP.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-2UM0R.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-S276F.tmp
- %APPDATA%\122359\extensions\is-PTHPQ.tmp
- %APPDATA%\122359\extensions\is-52LFP.tmp
- %APPDATA%\122359\is-IUDA1.tmp
- %TEMP%\is-TT8EB.tmp\ISTask.dll
- %APPDATA%\122359\is-5Q24N.tmp
- %TEMP%\is-9E794.tmp\<File name>.tmp
- %TEMP%\is-TT8EB.tmp\_isetup\_shfoldr.dll
- %APPDATA%\122359\is-80VCI.tmp
- %APPDATA%\122359\is-CT2IP.tmp
- %APPDATA%\122359\is-K66GP.tmp
- %APPDATA%\122359\is-2JNQC.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-F1DJN.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-I0BN5.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-PUDED.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-7BFA6.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-E2PE5.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\is-876RB.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\is-NP6UF.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-RPTLV.tmp
- %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-MOSRV.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\is-D093R.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-GP7L4.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\is-CG4C2.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-EQ8C9.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-74RMC.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\zh_CN\is-2F0IE.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\is-C3PTK.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\is-2T0H2.tmp
- %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\en\is-GRK58.tmp
- %APPDATA%\122359\DataView64.dll
- %APPDATA%\122359\DataView.dll
- from %APPDATA%\122359\resource\is-VBBFN.tmp to %APPDATA%\122359\resource\btn_cancel.png
- from %APPDATA%\122359\resource\is-KFLJR.tmp to %APPDATA%\122359\resource\btn_alpha.png
- from %APPDATA%\122359\resource\is-CA8LN.tmp to %APPDATA%\122359\resource\btnBK.png
- from %APPDATA%\122359\resource\is-E6AL9.tmp to %APPDATA%\122359\resource\btn_close.png
- from %APPDATA%\122359\resource\is-D09A8.tmp to %APPDATA%\122359\resource\btn_today.png
- from %APPDATA%\122359\resource\is-P25VO.tmp to %APPDATA%\122359\resource\btn_ok.png
- from %APPDATA%\122359\resource\is-327KA.tmp to %APPDATA%\122359\resource\btn_min.png
- from %APPDATA%\122359\resource\is-L6PQ5.tmp to %APPDATA%\122359\resource\browser.png
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\is-27U11.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\computed_hashes.json
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\zh_CN\is-JNMJN.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\zh_CN\messages.json
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\en\is-NLMDA.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\en\messages.json
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\is-TDB5Q.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\verified_contents.json
- from %APPDATA%\122359\resource\is-DTVIT.tmp to %APPDATA%\122359\resource\box_check.png
- from %APPDATA%\122359\resource\is-QDHH3.tmp to %APPDATA%\122359\resource\arrow_right.png
- from %APPDATA%\122359\resource\is-GNT8V.tmp to %APPDATA%\122359\resource\arrow_left.png
- from %APPDATA%\122359\resource\is-V7RKT.tmp to %APPDATA%\122359\resource\Calendar.ico
- from %APPDATA%\122359\resource\DirectUI\is-FHQJH.tmp to %APPDATA%\122359\resource\DirectUI\scrollArrowUp.bmp
- from %APPDATA%\122359\resource\DirectUI\is-R6CRQ.tmp to %APPDATA%\122359\resource\DirectUI\scrollArrowDown.bmp
- from %APPDATA%\122359\resource\is-4PVEH.tmp to %APPDATA%\122359\resource\wtl.exe.manifest
- from %APPDATA%\122359\resource\DirectUI\is-VASKD.tmp to %APPDATA%\122359\resource\DirectUI\scrollBar.bmp
- from %APPDATA%\122359\xmlconfig\is-196GC.tmp to %APPDATA%\122359\xmlconfig\riliclient.xml
- from %APPDATA%\122359\xmlconfig\is-VQ61P.tmp to %APPDATA%\122359\xmlconfig\install.xml
- from %APPDATA%\122359\resource\DirectUI\is-BQ1BT.tmp to %APPDATA%\122359\resource\DirectUI\srollBk.bmp
- from %APPDATA%\122359\resource\is-1M8CN.tmp to %APPDATA%\122359\resource\return.png
- from %APPDATA%\122359\resource\is-PVU97.tmp to %APPDATA%\122359\resource\logo.png
- from %APPDATA%\122359\resource\is-8OUSI.tmp to %APPDATA%\122359\resource\License.txt
- from %APPDATA%\122359\resource\is-V17PF.tmp to %APPDATA%\122359\resource\comboxBk.png
- from %APPDATA%\122359\resource\is-FPUQQ.tmp to %APPDATA%\122359\resource\mainBk.png
- from %APPDATA%\122359\resource\is-JI37D.tmp to %APPDATA%\122359\resource\radio.png
- from %APPDATA%\122359\resource\is-K1JM0.tmp to %APPDATA%\122359\resource\now_start.png
- from %APPDATA%\122359\resource\is-L9RDV.tmp to %APPDATA%\122359\resource\menuButton.png
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\is-NP6UF.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\icon.gif
- from %APPDATA%\122359\extensions\is-PTHPQ.tmp to %APPDATA%\122359\extensions\sec_setting.json
- from %APPDATA%\122359\extensions\is-KBSQM.tmp to %APPDATA%\122359\extensions\jySougou.sext
- from %APPDATA%\122359\is-SMDRT.tmp to %APPDATA%\122359\RLServiceB.exe
- from %APPDATA%\122359\extensions\is-52LFP.tmp to %APPDATA%\122359\extensions\setting.json
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-F1DJN.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\calmath.js
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-S276F.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\background.js
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-2UM0R.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\background.html
- from %APPDATA%\122359\is-F4EPP.tmp to %APPDATA%\122359\mainClient.exe
- from %APPDATA%\122359\is-2JNQC.tmp to %APPDATA%\122359\DataView.dll
- from %APPDATA%\122359\is-K66GP.tmp to %APPDATA%\122359\bandac.exe
- from %APPDATA%\122359\is-5Q24N.tmp to %APPDATA%\122359\awdec.exe
- from %APPDATA%\122359\is-80VCI.tmp to %APPDATA%\122359\DataView64.dll
- from %APPDATA%\122359\is-CDGNK.tmp to %APPDATA%\122359\jywebHelper.dll
- from %APPDATA%\122359\is-IUDA1.tmp to %APPDATA%\122359\istask.dll
- from %APPDATA%\122359\is-CT2IP.tmp to %APPDATA%\122359\fixfunction.dll
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-EQ8C9.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\contentscript.js
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-I0BN5.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\calmath.js
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-E2PE5.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\background.js
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-7BFA6.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\background.html
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-PUDED.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\contentscript.js
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\is-876RB.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\crx.png
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-MOSRV.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\popup.html
- from %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-RPTLV.tmp to %APPDATA%\122359\extensions\int2\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\manifest.json
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\is-D093R.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\verified_contents.json
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\is-CG4C2.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\crx.png
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-GP7L4.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\popup.html
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\is-74RMC.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\manifest.json
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\is-2T0H2.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\res\icon.gif
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\is-C3PTK.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_metadata\computed_hashes.json
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\zh_CN\is-2F0IE.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\zh_CN\messages.json
- from %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\en\is-GRK58.tmp to %APPDATA%\122359\extensions\chrome\ccikkllbpgbmnpajbjkjipmopnhfonnp\4.0.2_0\_locales\en\messages.json
- %APPDATA%\122359\DataView64.dll
- %APPDATA%\122359\DataView.dll
- 'www.jy##li.com':80
- http://www.jy##li.com/client.do/?me#######################################################################################
- http://www.jy##li.com/client.do/?&m##############################################################################################################################################################...
- DNS ASK www.jy##li.com
- ClassName: 'Shell_TrayWnd' WindowName: ''