Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HXNotify' = '%PROGRAM_FILES%\HXNotify\HXNotify.exe'
- %TEMP%\GLJ2.tmp %PROGRAM_FILES%\HXNotify\HXDesktopShow.scr
- %PROGRAM_FILES%\HXNotify\HXNotify.exe /REGSERVER
- %PROGRAM_FILES%\HXNotify\HXNotify.exe
- %TEMP%\GLJ2.tmp <SYSTEM32>\Comctl32.ocx
- %TEMP%\GLJ2.tmp <SYSTEM32>\actskin4.ocx
- %TEMP%\GLJ2.tmp <SYSTEM32>\shdocvw.dll
- %TEMP%\GLJ2.tmp <SYSTEM32>\Msinet.ocx
- %PROGRAM_FILES%\HXNotify\images\~GLH0034.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0035.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0033.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0031.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0032.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0039.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH003a.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0038.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0036.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0037.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH002a.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH002b.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0029.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0027.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0028.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH002f.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0030.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH002e.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH002c.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH002d.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH003b.TMP
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\ИнјюЛµГч.lnk
- %HOMEPATH%\Start Menu\Programs\ЕЭЕЭОчЦчТі.lnk
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\ЕЭЕЭОчЦчТі.lnk
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\ПµНіёЁЦъЈЖБД»·Еґуѕµ.lnk
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\ПµНіёЁЦъЈРйДвУІЕМ.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\notifyconfig2.popocy[1]
- <SYSTEM32>\INSTALL.LOG
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\№Ш»ъёЁЦъ-ЧФ¶ЁТе№Ш»ъ.lnk
- %TEMP%\RGI7.tmp
- %PROGRAM_FILES%\HXNotify\~GLH003f.TMP
- %HOMEPATH%\Desktop\єЈРҐИнјюґуМь.lnk
- %PROGRAM_FILES%\HXNotify\images\~GLH003e.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH003c.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH003d.TMP
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\ПµНіёЁЦъЈCPUјаКУЖч.lnk
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\ПµНіёЁЦъЈНтДкАъ.lnk
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\ПµНіёЁЦъЈ¶ЇёРЧАГжРг.lnk
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\єЈРҐИнјюґуМь.lnk
- %HOMEPATH%\Start Menu\Programs\єЈРҐИнјюґуМь\ЙПНшёЁЦъЈдЇААЖчЙПНшјЗВјІйСЇ.lnk
- <SYSTEM32>\~GLH000b.TMP
- %PROGRAM_FILES%\HXNotify\skins\~GLH000c.TMP
- <SYSTEM32>\~GLH000a.TMP
- <SYSTEM32>\~GLH0007.TMP
- <SYSTEM32>\~GLH0009.TMP
- %PROGRAM_FILES%\HXNotify\skins\~GLH0010.TMP
- %PROGRAM_FILES%\HXNotify\skins\~GLH0011.TMP
- %PROGRAM_FILES%\HXNotify\skins\~GLH000f.TMP
- %PROGRAM_FILES%\HXNotify\skins\~GLH000d.TMP
- %PROGRAM_FILES%\HXNotify\skins\~GLH000e.TMP
- %TEMP%\GLG5.tmp
- %TEMP%\~GLH0000.TMP
- %TEMP%\GLK3.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLJ2.tmp
- <SYSTEM32>\~GLH0004.TMP
- <SYSTEM32>\~GLH0005.TMP
- <SYSTEM32>\temp.000
- <SYSTEM32>\~GLH0001.TMP
- <SYSTEM32>\~GLH0002.TMP
- %PROGRAM_FILES%\HXNotify\skins\~GLH0012.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0020.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0021.TMP
- %PROGRAM_FILES%\HXNotify\~GLH001f.TMP
- %PROGRAM_FILES%\HXNotify\~GLH001d.TMP
- %PROGRAM_FILES%\HXNotify\~GLH001e.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0025.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0026.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0024.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0022.TMP
- %PROGRAM_FILES%\HXNotify\images\~GLH0023.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0016.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0017.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0015.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0013.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0014.TMP
- %PROGRAM_FILES%\HXNotify\~GLH001b.TMP
- %PROGRAM_FILES%\HXNotify\~GLH001c.TMP
- %PROGRAM_FILES%\HXNotify\~GLH001a.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0018.TMP
- %PROGRAM_FILES%\HXNotify\temp.000
- %TEMP%\GLK3.tmp
- %TEMP%\GLG5.tmp
- %TEMP%\RGI7.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLF6.tmp
- %TEMP%\GLJ2.tmp
- <SYSTEM32>\~GLH0004.TMP
- <SYSTEM32>\temp.000
- <SYSTEM32>\~GLH0002.TMP
- %PROGRAM_FILES%\HXNotify\~GLH0018.TMP
- <SYSTEM32>\~GLH0007.TMP
- <SYSTEM32>\~GLH0005.TMP
- from %PROGRAM_FILES%\HXNotify\images\~GLH002c.TMP to %PROGRAM_FILES%\HXNotify\images\new.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH002b.TMP to %PROGRAM_FILES%\HXNotify\images\newicon.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH002a.TMP to %PROGRAM_FILES%\HXNotify\images\news.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH002d.TMP to %PROGRAM_FILES%\HXNotify\images\new2.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0030.TMP to %PROGRAM_FILES%\HXNotify\images\hxadno2.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH002f.TMP to %PROGRAM_FILES%\HXNotify\images\Logo3030.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH002e.TMP to %PROGRAM_FILES%\HXNotify\images\msn.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0029.TMP to %PROGRAM_FILES%\HXNotify\images\oicq.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0024.TMP to %PROGRAM_FILES%\HXNotify\images\software.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0023.TMP to %PROGRAM_FILES%\HXNotify\images\support_icon.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0022.TMP to %PROGRAM_FILES%\HXNotify\images\update.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0025.TMP to %PROGRAM_FILES%\HXNotify\images\softad2.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0028.TMP to %PROGRAM_FILES%\HXNotify\images\phone.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0027.TMP to %PROGRAM_FILES%\HXNotify\images\reply.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0026.TMP to %PROGRAM_FILES%\HXNotify\images\small.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH003b.TMP to %PROGRAM_FILES%\HXNotify\images\email.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH003a.TMP to %PROGRAM_FILES%\HXNotify\images\down1.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0039.TMP to %PROGRAM_FILES%\HXNotify\images\dian.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH003c.TMP to %PROGRAM_FILES%\HXNotify\images\face.gif
- from %PROGRAM_FILES%\HXNotify\~GLH003f.TMP to %PROGRAM_FILES%\HXNotify\popocy.com.url
- from %PROGRAM_FILES%\HXNotify\images\~GLH003e.TMP to %PROGRAM_FILES%\HXNotify\images\SetupCOMSEL.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH003d.TMP to %PROGRAM_FILES%\HXNotify\images\softdating.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0038.TMP to %PROGRAM_FILES%\HXNotify\images\d_star.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0033.TMP to %PROGRAM_FILES%\HXNotify\images\hot.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0032.TMP to %PROGRAM_FILES%\HXNotify\images\hoticon.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0031.TMP to %PROGRAM_FILES%\HXNotify\images\hxadno1.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0034.TMP to %PROGRAM_FILES%\HXNotify\images\item.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0037.TMP to %PROGRAM_FILES%\HXNotify\images\homepage.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0036.TMP to %PROGRAM_FILES%\HXNotify\images\HXHead.gif
- from %PROGRAM_FILES%\HXNotify\images\~GLH0035.TMP to %PROGRAM_FILES%\HXNotify\images\hxyw.gif
- from %PROGRAM_FILES%\HXNotify\~GLH0021.TMP to %PROGRAM_FILES%\HXNotify\webdef.htm
- from %PROGRAM_FILES%\HXNotify\skins\~GLH000d.TMP to %PROGRAM_FILES%\HXNotify\skins\skin2.skn
- from %PROGRAM_FILES%\HXNotify\skins\~GLH000c.TMP to %PROGRAM_FILES%\HXNotify\skins\skin1.skn
- from <SYSTEM32>\~GLH000b.TMP to <SYSTEM32>\URLHIST.tlb
- from %PROGRAM_FILES%\HXNotify\skins\~GLH000e.TMP to %PROGRAM_FILES%\HXNotify\skins\skin3.skn
- from %PROGRAM_FILES%\HXNotify\skins\~GLH0011.TMP to %PROGRAM_FILES%\HXNotify\skins\skin6.skn
- from %PROGRAM_FILES%\HXNotify\skins\~GLH0010.TMP to %PROGRAM_FILES%\HXNotify\skins\skin5.skn
- from %PROGRAM_FILES%\HXNotify\skins\~GLH000f.TMP to %PROGRAM_FILES%\HXNotify\skins\skin4.skn
- from <SYSTEM32>\~GLH000a.TMP to <SYSTEM32>\Urlmon.idl
- from <SYSTEM32>\temp.000 to <SYSTEM32>\~GLH0003.TMP
- from <SYSTEM32>\~GLH0001.TMP to <SYSTEM32>\UNWISE.EXE
- from %TEMP%\~GLH0000.TMP to %TEMP%\GLF6.tmp
- from <SYSTEM32>\~GLH0003.TMP to <SYSTEM32>\actskin4.ocx
- from <SYSTEM32>\~GLH0009.TMP to <SYSTEM32>\urlmon.tlb
- from <SYSTEM32>\~GLH0008.TMP to <SYSTEM32>\Comctl32.ocx
- from <SYSTEM32>\temp.000 to <SYSTEM32>\~GLH0008.TMP
- from %PROGRAM_FILES%\HXNotify\~GLH001c.TMP to %PROGRAM_FILES%\HXNotify\HXNotify.exe
- from %PROGRAM_FILES%\HXNotify\~GLH001b.TMP to %PROGRAM_FILES%\HXNotify\HXIEView.exe
- from %PROGRAM_FILES%\HXNotify\~GLH001a.TMP to %PROGRAM_FILES%\HXNotify\HXVDrive.exe
- from %PROGRAM_FILES%\HXNotify\~GLH001d.TMP to %PROGRAM_FILES%\HXNotify\readme.txt
- from %PROGRAM_FILES%\HXNotify\~GLH0020.TMP to %PROGRAM_FILES%\HXNotify\web2.htm
- from %PROGRAM_FILES%\HXNotify\~GLH001f.TMP to %PROGRAM_FILES%\HXNotify\web1.htm
- from %PROGRAM_FILES%\HXNotify\~GLH001e.TMP to %PROGRAM_FILES%\HXNotify\readme.htm
- from %PROGRAM_FILES%\HXNotify\~GLH0019.TMP to %PROGRAM_FILES%\HXNotify\HXShutDown.exe
- from %PROGRAM_FILES%\HXNotify\~GLH0014.TMP to %PROGRAM_FILES%\HXNotify\HXDesktopShow.scr
- from %PROGRAM_FILES%\HXNotify\~GLH0013.TMP to %PROGRAM_FILES%\HXNotify\HXScreenZoom.ini
- from %PROGRAM_FILES%\HXNotify\skins\~GLH0012.TMP to %PROGRAM_FILES%\HXNotify\skins\skinno.skn
- from %PROGRAM_FILES%\HXNotify\~GLH0015.TMP to %PROGRAM_FILES%\HXNotify\HXRiLi.htm
- from %PROGRAM_FILES%\HXNotify\temp.000 to %PROGRAM_FILES%\HXNotify\~GLH0019.TMP
- from %PROGRAM_FILES%\HXNotify\~GLH0017.TMP to %PROGRAM_FILES%\HXNotify\HXCPUMonitor.exe
- from %PROGRAM_FILES%\HXNotify\~GLH0016.TMP to %PROGRAM_FILES%\HXNotify\HXScreenZoom.exe
- 'no######nfig2.popocy.com':80
- 'localhost':1038
- 'www.16#.com':80
- no######nfig2.popocy.com/
- www.16#.com/
- DNS ASK no######nfig2.popocy.com
- DNS ASK www.16#.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''