Technical Information
Modifies file system
Creates the following files
- %WINDIR%\temp\cab85b2.tmp
- <Current directory>\data\模版\秦皇地宫四层c点.xml
- <Current directory>\data\模版\秦皇地宫四层d点.xml
- <Current directory>\data\模版\迷宫1号点.xml
- <Current directory>\data\模版\迷宫2号点.xml
- <Current directory>\data\模版\迷宫3号点.xml
- <Current directory>\data\物品.ini
- <Current directory>\main
- <Current directory>\data\模版\秦皇地宫三层d点.xml
- <Current directory>\script\数据\坐标刷马.lua
- <Current directory>\script\数据\坐标天降奇兽.lua
- <Current directory>\script\数据\坐标摆摊.lua
- <Current directory>\script\数据\坐标清剿九黎余孽.lua
- <Current directory>\script\数据\科举.lua
- <Current directory>\script\数据\请勿修改这里的lua文件,到c盘私有设置修改.txt
- <Current directory>\data\模版\秦皇地宫四层b点.xml
- <Current directory>\data\模版\秦皇地宫四层boss点.xml
- <Current directory>\data\模版\秦皇地宫四层a点.xml
- <Current directory>\data\模版\秦皇地宫二层e点.xml
- <Current directory>\data\模版\秦皇地宫二层d点.xml
- <Current directory>\data\模版\秦皇地宫二层c点.xml
- <Current directory>\data\模版\秦皇地宫二层b点.xml
- <Current directory>\data\模版\秦皇地宫二层boss点.xml
- <Current directory>\data\模版\秦皇地宫二层a点.xml
- <Current directory>\data\符号.txt
- <Current directory>\data\模版\秦皇地宫三层c点.xml
- <Current directory>\data\模版\秦皇地宫三层b点.xml
- <Current directory>\data\模版\秦皇地宫三层boss点.xml
- <Current directory>\data\模版\秦皇地宫三层a点.xml
- <Current directory>\data\模版\秦皇地宫一层c点.xml
- <Current directory>\data\模版\秦皇地宫一层b点.xml
- <Current directory>\data\模版\秦皇地宫一层boss点.xml
- <Current directory>\script\自定义\[例] 等待到时间.lua
- <Current directory>\script\自定义\扫荡三神.lua
- <Current directory>\dfz.vmp.dll
- <Current directory>\script\自定义\仓库取钱.lua
- <Current directory>\script\自定义\扫荡福地.lua
- <Current directory>\script\自定义\扫荡福地困难.lua
- <Current directory>\script\自定义\每日签到.lua
- <Current directory>\script\自定义\波斯玫瑰换强化.lua
- <Current directory>\script\自定义\离开藏经阁.lua
- <Current directory>\script\自定义\窗口闪烁报警.lua
- <Current directory>\script\自定义\虚空交任务.lua
- <Current directory>\script\自定义\[例] 等待队伍人数.lua
- <Current directory>\script\自定义\许愿果换强化.lua
- <Current directory>\script\自定义\锦囊宝箱消化.lua
- <Current directory>\script\自定义\领取五行法帖.lua
- <Current directory>\点我运行.bat
- <Current directory>\data\报警.wav
- <Current directory>\data\zydd.dll
- <Current directory>\script\自定义\扫荡王陵.lua
- <Current directory>\script\自定义\扫荡燕子.lua
- <Current directory>\script\自定义\扫荡杀星.lua
- <Current directory>\script\自定义\扫荡少室.lua
- <Current directory>\script\自定义\扫荡小缥.lua
- <Current directory>\script\自定义\扫荡大缥.lua
- <Current directory>\script\自定义\扫荡四绝.lua
- <Current directory>\script\自定义\扫荡兵圣困难.lua
- <Current directory>\script\自定义\扫荡兵圣.lua
- <Current directory>\data\模版\秦皇地宫一层a点.xml
- <Current directory>\script\自定义\商会取钱.lua
- <Current directory>\script\自定义\合成宝石(绑定).lua
- <Current directory>\script\自定义\合成宝石(混合).lua
- <Current directory>\script\自定义\合成宝石(不绑).lua
- <Current directory>\script\自定义\古兰玉换宝石.lua
- <Current directory>\script\自定义\兑换元宝票.lua
- <Current directory>\script\自定义\仓库存钱.lua
- <Current directory>\script\自定义\[自定义] 接口说明.lua
- <Current directory>\script\自定义\自动组队(例).lua
- <Current directory>\data\模版\火焰谷3号点.xml
- <Current directory>\data\模版\昆仑山a点.xml
- <Current directory>\data\坐标\10级塔里木.txt
- <Current directory>\data\坐标\10级大宛.txt
- <Current directory>\data\坐标\10级撒马尔罕.txt
- <Current directory>\data\坐标\10级昆仑山.txt
- <Current directory>\data\坐标\10级梅岭.txt
- <Current directory>\data\坐标\10级火焰山.txt
- <Current directory>\data\坐标\10级草原.txt
- <Current directory>\¸üðâ°ü.7z
- <Current directory>\data\坐标\1级剑阁.txt
- <Current directory>\data\坐标\1级太湖.txt
- <Current directory>\data\坐标\1级嵩山.txt
- <Current directory>\data\坐标\1级敦煌.txt
- <Current directory>\data\坐标\1级无量山.txt
- <Current directory>\data\坐标\1级镜湖.txt
- <Current directory>\data\坐标\10-9级银皑雪原.txt
- <Current directory>\data\坐标\10-9级漠南青原.txt
- <Current directory>\data\坐标\10-9级林海溪谷.txt
- <Current directory>\data\坐标\10-9级忘川花海.txt
- <Current directory>\data\坐标\10-9级天岐南淮.txt
- <Current directory>\data\record2.dat
- <Current directory>\data\record1.dat
- <Current directory>\data\gameserver.txt
- <Current directory>\data\default.ini
- <Current directory>\data\坐标\10级盐湖.txt
- %WINDIR%\temp\taree5b.tmp
- %WINDIR%\temp\cabee5a.tmp
- %WINDIR%\temp\tard84a.tmp
- %WINDIR%\temp\cabd849.tmp
- %WINDIR%\temp\tard6f0.tmp
- %WINDIR%\temp\cabd6ef.tmp
- %WINDIR%\temp\tar85b3.tmp
- <Current directory>\data\坐标\2级西湖.txt
- <Current directory>\data\坐标\昆吾В·天岐南淮.txt
- <Current directory>\data\模版\火焰谷1号点.xml
- <Current directory>\data\坐标\5级龙泉.txt
- <Current directory>\data\模版\塔克2号点.xml
- <Current directory>\data\模版\撒马尔罕a点.xml
- <Current directory>\data\模版\撒马尔罕b点.xml
- <Current directory>\data\模版\撒马尔罕c点.xml
- <Current directory>\data\模版\撒马尔罕d点.xml
- <Current directory>\data\模版\撒马尔罕e点.xml
- <Current directory>\data\模版\昆仑山b点.xml
- <Current directory>\data\坐标\3级洱海.txt
- <Current directory>\data\模版\昆仑福地a点.xml
- <Current directory>\data\模版\昆仑福地b点.xml
- <Current directory>\data\模版\汗血岭1点.xml
- <Current directory>\data\模版\汗血岭2点.xml
- <Current directory>\data\模版\汗血岭3点.xml
- <Current directory>\data\模版\汗血岭4点.xml
- <Current directory>\data\模版\塔克1号点.xml
- <Current directory>\data\模版\圣火宫b点.xml
- <Current directory>\data\模版\圣火宫a点.xml
- <Current directory>\data\坐标\药材.ini
- <Current directory>\data\坐标\矿物.ini
- <Current directory>\data\坐标\昆吾В·漠南青原.txt
- <Current directory>\data\坐标\昆吾В·沁水丹林.txt
- <Current directory>\data\坐标\昆吾В·林海溪谷.txt
- <Current directory>\data\坐标\昆吾В·忘川花海.txt
- <Current directory>\data\模版\火焰谷2号点.xml
- <Current directory>\data\坐标\昆吾В·云遥鹊岭.txt
- <Current directory>\data\坐标\9级高昌.txt
- <Current directory>\data\坐标\9级石林.txt
- <Current directory>\data\坐标\8级武夷.txt
- <Current directory>\data\坐标\7级雁北.txt
- <Current directory>\data\坐标\7级清源.txt
- <Current directory>\data\坐标\6级苍山.txt
- <Current directory>\data\坐标\4级雁南.txt
- C:\tlzz\config.ini
Deletes the following files
- %WINDIR%\temp\cab85b2.tmp
- %WINDIR%\temp\tar85b3.tmp
- %WINDIR%\temp\cabd6ef.tmp
- %WINDIR%\temp\tard6f0.tmp
- %WINDIR%\temp\cabd849.tmp
- %WINDIR%\temp\tard84a.tmp
- %WINDIR%\temp\cabee5a.tmp
- %WINDIR%\temp\taree5b.tmp
Moves the following files
- from <Current directory>\dfz.vmp.dll to <Current directory>\dfz.dll
Substitutes the following executable files
- <Full path to file>
Moves itself
- from <Full path to file> to <Current directory>\jt_back
Deletes itself.
Network activity
Connects to
- 'pa#.#2e9.com':80
- 'up.#2e9.com':80
- 'do##.52e9.com':80
- '2c#.#####.directlink.tv002.com':80
- 'ch#####-bb.tv002.com':443
- 'microsoft.com':80
TCP
HTTP POST requests
- http://up.#2e9.com/update.php
UDP
- DNS ASK pa#.#2e9.com
- DNS ASK up.#2e9.com
- DNS ASK do##.52e9.com
- DNS ASK 2c#.#####.directlink.tv002.com
- DNS ASK ch#####-bb.tv002.com
- DNS ASK microsoft.com
Miscellaneous
Searches for the following windows
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'TianLongBaBu WndClass' WindowName: ''
Creates and executes the following
- '<Full path to file>'
