FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Siggen9.10927

Added to the Dr.Web virus database: 2020-02-12

Virus description added:

Technical Information

Modifies file system
Creates the following files
  • %ProgramFiles%\main.7z
  • %ProgramFiles%\youwobox\skins\youwocommon\minipage2.png
  • %ProgramFiles%\youwobox\skins\youwocommon\minipagebt.png
  • %ProgramFiles%\youwobox\skins\youwocommon\morebg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\msgbg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\msgbtn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\msgtip_checkbox.png
  • %ProgramFiles%\youwobox\skins\youwocommon\msgtip_continue.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mydelete.png
  • %ProgramFiles%\youwobox\skins\youwocommon\msgtip_copy.png
  • %ProgramFiles%\youwobox\skins\youwocommon\msgtip_face2.png
  • %ProgramFiles%\youwobox\skins\youwocommon\msgtip_ok.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mtitle.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mycover.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mydeclare.png
  • %ProgramFiles%\youwobox\skins\youwocommon\minipage.png
  • %ProgramFiles%\youwobox\skins\youwocommon\msgtip_close.png
  • %ProgramFiles%\youwobox\skins\youwocommon\min2.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ln_nav_c.png
  • %ProgramFiles%\youwobox\skins\youwocommon\install_apk.png
  • %ProgramFiles%\youwobox\skins\youwocommon\left_bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ln_bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ln_navbtn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ln_nav_a.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ln_nav_b.png
  • %ProgramFiles%\youwobox\skins\youwocommon\loading.png
  • %ProgramFiles%\youwobox\skins\youwocommon\meok.png
  • %ProgramFiles%\youwobox\skins\youwocommon\loadpage.png
  • %ProgramFiles%\youwobox\skins\youwocommon\logo.png
  • %ProgramFiles%\youwobox\skins\youwocommon\main.ico
  • %ProgramFiles%\youwobox\skins\youwocommon\mecancle.png
  • %ProgramFiles%\youwobox\skins\youwocommon\megtip.png
  • %ProgramFiles%\youwobox\skins\youwocommon\menu.png
  • %ProgramFiles%\youwobox\skins\youwocommon\message.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mygametool\bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mygametool\close.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mygametool\fn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ques.png
  • %ProgramFiles%\youwobox\skins\youwocommon\radio.png
  • %ProgramFiles%\youwobox\skins\youwocommon\recheck.png
  • %ProgramFiles%\youwobox\skins\youwocommon\refresh.png
  • %ProgramFiles%\youwobox\skins\youwocommon\right_big.png
  • %ProgramFiles%\youwobox\skins\youwocommon\progressbk.png
  • %ProgramFiles%\youwobox\skins\youwocommon\protype.png
  • %ProgramFiles%\youwobox\skins\youwocommon\right_ico.png
  • %ProgramFiles%\youwobox\skins\youwocommon\search_ph.png
  • %ProgramFiles%\youwobox\skins\youwocommon\service.png
  • %ProgramFiles%\youwobox\skins\youwocommon\seting.png
  • %ProgramFiles%\youwobox\skins\youwocommon\settab.png
  • %ProgramFiles%\youwobox\skins\youwocommon\settitle.png
  • %ProgramFiles%\youwobox\skins\youwocommon\search.png
  • %ProgramFiles%\youwobox\skins\youwocommon\search_btn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\progress.png
  • %ProgramFiles%\youwobox\skins\youwocommon\option_main.png
  • %ProgramFiles%\youwobox\skins\youwocommon\opengame.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mygametool\new.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mygametool\remove.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mygametool\tit.png
  • %ProgramFiles%\youwobox\skins\youwocommon\myleft.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mymore.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mypage.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mygametool\navbg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\mypostion.png
  • %ProgramFiles%\youwobox\skins\youwocommon\nav_bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\nav_hover.png
  • %ProgramFiles%\youwobox\skins\youwocommon\net.png
  • %ProgramFiles%\youwobox\skins\youwocommon\new.png
  • %ProgramFiles%\youwobox\skins\youwocommon\newtag.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ok.png
  • %ProgramFiles%\youwobox\skins\youwocommon\myright.png
  • %ProgramFiles%\youwobox\skins\youwocommon\installgame.png
  • %ProgramFiles%\youwobox\skins\youwocommon\set_menu.png
  • %ProgramFiles%\youwobox\skins\youwocommon\igame.png
  • %ProgramFiles%\youwobox\skins\youwocommon\iconshadow.png
  • %ProgramFiles%\youwobox\skins\youwocommon\cno.png
  • %ProgramFiles%\youwobox\skins\youwocommon\cok.png
  • %ProgramFiles%\youwobox\skins\youwocommon\continupay.png
  • %ProgramFiles%\youwobox\skins\youwocommon\cusclose.png
  • %ProgramFiles%\youwobox\skins\youwocommon\cusmore.png
  • %ProgramFiles%\youwobox\skins\youwocommon\cussmall.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ddele.png
  • %ProgramFiles%\youwobox\skins\youwocommon\downbg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\defaultico.png
  • %ProgramFiles%\youwobox\skins\youwocommon\dlprior.png
  • %ProgramFiles%\youwobox\skins\youwocommon\dl_menu_gray.png
  • %ProgramFiles%\youwobox\skins\youwocommon\dl_menu_hover.png
  • %ProgramFiles%\youwobox\skins\youwocommon\dopen.png
  • %ProgramFiles%\youwobox\skins\youwocommon\down-btb.png
  • %ProgramFiles%\youwobox\skins\youwocommon\close_tag.png
  • %ProgramFiles%\youwobox\skins\youwocommon\customers.png
  • %ProgramFiles%\youwobox\skins\youwocommon\closepage.png
  • %ProgramFiles%\youwobox\skins\youwocommon\canclepay.png
  • %ProgramFiles%\youwobox\skins\youwocommon\back_pl.png
  • %ProgramFiles%\youwobox\skins\youwocommon\big.png
  • %ProgramFiles%\youwobox\skins\youwocommon\bigwarn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\bottom_bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\cancle.png
  • %ProgramFiles%\youwobox\skins\youwocommon\canclebox.png
  • %ProgramFiles%\youwobox\skins\youwocommon\cancletip.png
  • %ProgramFiles%\youwobox\skins\youwocommon\close2.png
  • %ProgramFiles%\youwobox\skins\youwocommon\capaciity.png
  • %ProgramFiles%\youwobox\skins\youwocommon\chat.png
  • %ProgramFiles%\youwobox\skins\youwocommon\chatnew.png
  • %ProgramFiles%\youwobox\skins\youwocommon\checkbox.png
  • %ProgramFiles%\youwobox\skins\youwocommon\close.png
  • %ProgramFiles%\youwobox\skins\youwocommon\close1.png
  • %ProgramFiles%\youwobox\skins\youwocommon\close3.png
  • %ProgramFiles%\youwobox\skins\youwocommon\downbk.png
  • %ProgramFiles%\youwobox\skins\youwocommon\downing.png
  • %ProgramFiles%\youwobox\skins\youwocommon\downloadmore.png
  • %ProgramFiles%\youwobox\skins\youwocommon\flashloadingbg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\forward.png
  • %ProgramFiles%\youwobox\skins\youwocommon\fresh.png
  • %ProgramFiles%\youwobox\skins\youwocommon\gameback.png
  • %ProgramFiles%\youwobox\skins\youwocommon\gamecover.png
  • %ProgramFiles%\youwobox\skins\youwocommon\fk.png
  • %ProgramFiles%\youwobox\skins\youwocommon\flashloading.png
  • %ProgramFiles%\youwobox\skins\youwocommon\gametag.png
  • %ProgramFiles%\youwobox\skins\youwocommon\help_menu_gray.png
  • %ProgramFiles%\youwobox\skins\youwocommon\home.png
  • %ProgramFiles%\youwobox\skins\youwocommon\homepage.png
  • %ProgramFiles%\youwobox\skins\youwocommon\horn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\hotspot.png
  • %ProgramFiles%\youwobox\skins\youwocommon\game_bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\help.png
  • %ProgramFiles%\youwobox\skins\youwocommon\finish.png
  • %ProgramFiles%\youwobox\skins\youwocommon\filepath.png
  • %ProgramFiles%\youwobox\skins\youwocommon\expedspeed.png
  • %ProgramFiles%\youwobox\skins\youwocommon\downtab.png
  • %ProgramFiles%\youwobox\skins\youwocommon\down_ads.png
  • %ProgramFiles%\youwobox\skins\youwocommon\drop.png
  • %ProgramFiles%\youwobox\skins\youwocommon\drop_menu.png
  • %ProgramFiles%\youwobox\skins\youwocommon\dstar.png
  • %ProgramFiles%\youwobox\skins\youwocommon\dstop.png
  • %ProgramFiles%\youwobox\skins\youwocommon\downstu.png
  • %ProgramFiles%\youwobox\skins\youwocommon\editborder.png
  • %ProgramFiles%\youwobox\skins\youwocommon\expedbtn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\expeddowning.png
  • %ProgramFiles%\youwobox\skins\youwocommon\expedfree.png
  • %ProgramFiles%\youwobox\skins\youwocommon\expedingbtn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\expedpause.png
  • %ProgramFiles%\youwobox\skins\youwocommon\expedpay.png
  • %ProgramFiles%\youwobox\skins\youwocommon\error_ico.png
  • %ProgramFiles%\youwobox\skins\youwocommon\icon_delete.png
  • %ProgramFiles%\youwobox\skins\youwocommon\set_menu1.png
  • %ProgramFiles%\youwobox\skins\youwocommon\set_menu_gray.png
  • %ProgramFiles%\youwobox\skins\youwocommon\set_menu_hover.png
  • %ProgramFiles%\youwobox\pthreadvc2.dll
  • %ProgramFiles%\youwobox\standby\speed.exe
  • %ProgramFiles%\youwobox\uninst.exe
  • %ProgramFiles%\youwobox\unrar.dll
  • %ProgramFiles%\youwobox\xldl.dll
  • %ProgramFiles%\youwobox\libcurl_ssl_r.dll
  • %ProgramFiles%\youwobox\msvcr100.dll
  • %ProgramFiles%\youwobox\ygbrowser.exe
  • %ProgramFiles%\youwobox\我的游戏.lnk
  • %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\我的游戏.lnk
  • %HOMEPATH%\desktop\游窝游戏盒.lnk
  • %ProgramFiles%\youwobox\log.dat
  • %ProgramFiles%\youwobox\skins\dzzv4.zip
  • %ProgramFiles%\youwobox\youwo.exe
  • %ProgramFiles%\youwobox\youwopc.exe
  • %ProgramFiles%\youwobox\skins\dzzv4\bar.png
  • %ProgramFiles%\youwobox\skins\dzzv4\background.png
  • %ProgramFiles%\youwobox\download\xlcrypto.dll
  • %ProgramFiles%\youwobox\standby\waitback.png
  • %ProgramFiles%\youwobox\7z.dll
  • %ProgramFiles%\youwobox\download\atl71.dll
  • %ProgramFiles%\youwobox\download\dl_lib.dll
  • %ProgramFiles%\youwobox\download\zlib1.dll
  • %ProgramFiles%\youwobox\standby\sleeplowdownlodspeed_text.png
  • %ProgramFiles%\youwobox\libcurl_ssl_d.dll
  • %ProgramFiles%\youwobox\download\dl_peer_id.dll
  • %ProgramFiles%\youwobox\download\msvcp71.dll
  • %ProgramFiles%\youwobox\download\msvcr71.dll
  • %ProgramFiles%\youwobox\download\xlbughandler.dll
  • %ProgramFiles%\youwobox\download\xlbugreport.exe
  • %ProgramFiles%\youwobox\download\download_engine.dll
  • %ProgramFiles%\youwobox\download\minithunderplatform.exe
  • %ProgramFiles%\youwobox\download\minizip.dll
  • %TEMP%\yw_8152.png
  • %ProgramFiles%\youwobox\skins\dzzv4\baryellow.png
  • %ProgramFiles%\youwobox\skins\dzzv4\sleeplowdownlodspeed_ico.png
  • %ProgramFiles%\youwobox\skins\dzzv4\sleeplowdownlodspeed_text.png
  • %ProgramFiles%\youwobox\skins\dzzv4\speed.exe
  • %ProgramFiles%\youwobox\data\imgcache\gametool5.jpg
  • %ProgramFiles%\youwobox\skins\dzzv4\waitclose.png
  • %ProgramFiles%\youwobox\skins\dzzv4\repairnew.png
  • %ProgramFiles%\youwobox\data\imgcache\gametool14.jpg
  • %ProgramFiles%\youwobox\skins\dzzv4\sleeplowdownlodspeed_service.png
  • %ProgramFiles%\youwobox\data\imgcache\gametool8.jpg
  • %ProgramFiles%\youwobox\data\localgametool.json
  • %ProgramFiles%\youwobox\data\gamestart.json
  • %TEMP%\yw_7f3f.png
  • %ProgramFiles%\youwobox\data\unistall.json
  • %ProgramFiles%\youwobox\data\imgcache\gametool3.jpg
  • %ProgramFiles%\youwobox\skins\dzzv4\repair.png
  • %ProgramFiles%\youwobox\data\onlinegametool.json
  • %ProgramFiles%\youwobox\skins\dzzv4\red_closing.png
  • %ProgramFiles%\youwobox\skins\dzzv4\patch.png
  • %ProgramFiles%\youwobox\skins\dzzv4\buynew.png
  • %ProgramFiles%\youwobox\skins\dzzv4\close_redpacket.png
  • %ProgramFiles%\youwobox\skins\dzzv4\customer.png
  • %ProgramFiles%\youwobox\skins\dzzv4\dark1.png
  • %ProgramFiles%\youwobox\skins\dzzv4\dark3.png
  • %ProgramFiles%\youwobox\skins\dzzv4\folder.png
  • %ProgramFiles%\youwobox\skins\dzzv4\installfaild_installhelp.png
  • %ProgramFiles%\youwobox\skins\dzzv4\close.png
  • %ProgramFiles%\youwobox\skins\dzzv4\installfaild_selfinstall.png
  • %ProgramFiles%\youwobox\skins\dzzv4\installfaild_text.png
  • %ProgramFiles%\youwobox\skins\dzzv4\loading.png
  • %ProgramFiles%\youwobox\skins\dzzv4\login.png
  • %ProgramFiles%\youwobox\skins\dzzv4\money_picture.png
  • %ProgramFiles%\youwobox\skins\dzzv4\ok.png
  • %ProgramFiles%\youwobox\standby\sleeplowdownlodspeed_service.png
  • %ProgramFiles%\youwobox\skins\dzzv4\installfaild_service.png
  • %ProgramFiles%\youwobox\standby\start.png
  • %ProgramFiles%\youwobox\standby\sleeplowdownlodspeed_ico.png
  • %ProgramFiles%\youwobox\standby\repairnew.png
  • %ProgramFiles%\youwobox\standby\repair.png
  • %ProgramFiles%\youwobox\skins\youwocommon\tickling.png
  • %ProgramFiles%\youwobox\skins\youwocommon\tray_menu.png
  • %ProgramFiles%\youwobox\skins\youwocommon\tray_menu_hover.png
  • %ProgramFiles%\youwobox\skins\youwocommon\tsbox.png
  • %ProgramFiles%\youwobox\skins\youwocommon\thumbs.db
  • %ProgramFiles%\youwobox\skins\youwocommon\task_menu_hover.png
  • %ProgramFiles%\youwobox\skins\youwocommon\thunderbg.jpg
  • %ProgramFiles%\youwobox\skins\youwocommon\tsbox_btn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\update_tip_btn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\update_tip_check.png
  • %ProgramFiles%\youwobox\skins\youwocommon\warn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\weixin.png
  • %ProgramFiles%\youwobox\skins\youwocommon\tsbox_close.png
  • %ProgramFiles%\youwobox\skins\youwocommon\ts_bottom_bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\update_tip_bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\temp.png
  • %ProgramFiles%\youwobox\skins\youwocommon\task_menu_gray.png
  • %ProgramFiles%\youwobox\skins\youwocommon\xiufu_btn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\shaomatip.png
  • %ProgramFiles%\youwobox\skins\youwocommon\share.png
  • %ProgramFiles%\youwobox\skins\youwocommon\small.png
  • %ProgramFiles%\youwobox\skins\youwocommon\star.png
  • %ProgramFiles%\youwobox\skins\youwocommon\starbg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\start.png
  • %ProgramFiles%\youwobox\skins\youwocommon\shadow.png
  • %ProgramFiles%\youwobox\skins\youwocommon\startgame.png
  • %ProgramFiles%\youwobox\skins\youwocommon\staybox.png
  • %ProgramFiles%\youwobox\skins\youwocommon\stop.png
  • %ProgramFiles%\youwobox\skins\youwocommon\tag.png
  • %ProgramFiles%\youwobox\skins\youwocommon\tagbk.png
  • %ProgramFiles%\youwobox\skins\youwocommon\tag_bg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\task_menu.png
  • %ProgramFiles%\youwobox\skins\youwocommon\status.png
  • %ProgramFiles%\youwobox\skins\youwocommon\backpg.png
  • %ProgramFiles%\youwobox\skins\youwocommon\xiufu_ico.png
  • %ProgramFiles%\youwobox\skins\youwocommon\xiufu_btn2.png
  • %ProgramFiles%\youwobox\skins\youwocommon\zxbg.png
  • %ProgramFiles%\youwobox\standby\customer.png
  • %ProgramFiles%\youwobox\standby\dark.png
  • %ProgramFiles%\youwobox\standby\expire-bg.png
  • %ProgramFiles%\youwobox\standby\folder.png
  • %ProgramFiles%\youwobox\standby\baryellow.png
  • %ProgramFiles%\youwobox\standby\loading.png
  • %ProgramFiles%\youwobox\standby\buynew.png
  • %ProgramFiles%\youwobox\standby\money_picture.png
  • %ProgramFiles%\youwobox\standby\open-red.png
  • %ProgramFiles%\youwobox\standby\patch.png
  • %ProgramFiles%\youwobox\standby\red-packet.png
  • %ProgramFiles%\youwobox\standby\red_closing.png
  • %ProgramFiles%\youwobox\standby\login.png
  • %ProgramFiles%\youwobox\skins\youwocommon\thunder.png
  • %ProgramFiles%\youwobox\standby\ok.png
  • %ProgramFiles%\youwobox\standby\buy.png
  • %ProgramFiles%\youwobox\standby\bar.png
  • %ProgramFiles%\youwobox\standby\background.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\back.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\btn_cq.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\btn_ime.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\cxksbtn.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\gbsybtn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\zizhen.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\ksbtn.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\qp_sq.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\screen.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\sqqpbtn.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\sybtn.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\ztbtn.png
  • %ProgramFiles%\youwobox\standby\atlj.png
  • %ProgramFiles%\youwobox\skins\yxphonegame\nav_bg.png
  • %ProgramFiles%\youwobox\standby\atonce-btn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\xztool.png
  • %ProgramFiles%\youwobox\skins\dzzv4\buy.png
  • %ProgramFiles%\youwobox\skins\youwocommon\back.png
  • %ProgramFiles%\youwobox\cache\images\px-right.png
  • %ProgramFiles%\youwobox\cache\box_new\images\jp_ts.png
  • %ProgramFiles%\youwobox\cache\box_new\images\left_nav_bg.jpg
  • %ProgramFiles%\youwobox\cache\box_new\images\left_nav_pl.jpg
  • %ProgramFiles%\youwobox\cache\box_new\images\line_x760.png
  • %ProgramFiles%\youwobox\cache\box_new\images\list_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\list_c_tb.png
  • %ProgramFiles%\youwobox\cache\box_new\images\list_newbg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\loading_down.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\list_pl.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\list_tjbg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\list_zz.png
  • %ProgramFiles%\youwobox\cache\box_new\images\li_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\loader.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\loading.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\jjfa_btn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\list_img.png
  • %ProgramFiles%\youwobox\cache\box_new\images\i_img.png
  • %ProgramFiles%\youwobox\cache\box_new\images\img-wx.png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon_rate_detail (1).png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon_rate_detail.png
  • %ProgramFiles%\youwobox\cache\box_new\images\im-down.png
  • %ProgramFiles%\youwobox\cache\box_new\images\im-tt.png
  • %ProgramFiles%\youwobox\cache\box_new\images\imagezz.png
  • %ProgramFiles%\youwobox\cache\box_new\images\imagezz_yaz.png
  • %ProgramFiles%\youwobox\cache\box_new\images\imgbtn.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\info_pl.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\imgnext_btn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\imgprev_btn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\imgview.png
  • %ProgramFiles%\youwobox\cache\box_new\images\imgview_lbtn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\imgview_rbtn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\indexleft_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\i_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\loading_pz.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\l_bg.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\morefn_pl.png
  • %ProgramFiles%\youwobox\cache\box_new\images\pfsussce.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\pgbg.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\ph_mub.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\pit1.png
  • %ProgramFiles%\youwobox\cache\box_new\images\pit2.png
  • %ProgramFiles%\youwobox\cache\box_new\images\page_pl.png
  • %ProgramFiles%\youwobox\cache\box_new\images\patch_hbg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\pit3.png
  • %ProgramFiles%\youwobox\cache\box_new\images\prev.png
  • %ProgramFiles%\youwobox\cache\box_new\images\prev_page.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\prev_page_hover.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\proimg_yy.png
  • %ProgramFiles%\youwobox\cache\box_new\images\pro_zz.png
  • %ProgramFiles%\youwobox\cache\box_new\images\pit4.png
  • %ProgramFiles%\youwobox\cache\box_new\images\pop-tbg.jpg
  • %ProgramFiles%\youwobox\cache\box_new\images\page_m_btn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\page_button_bg.jpg
  • %ProgramFiles%\youwobox\cache\box_new\images\pageboxdowntitle.png
  • %ProgramFiles%\youwobox\cache\box_new\images\morepx_hover.png
  • %ProgramFiles%\youwobox\cache\box_new\images\more_tb.png
  • %ProgramFiles%\youwobox\cache\box_new\images\nav_hoverbg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\nav_pl.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\new_tb.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\next.png
  • %ProgramFiles%\youwobox\cache\box_new\images\morepx_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\next_page.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\no-patch-img.jpg
  • %ProgramFiles%\youwobox\cache\box_new\images\nosy.png
  • %ProgramFiles%\youwobox\cache\box_new\images\no_game_ts.png
  • %ProgramFiles%\youwobox\cache\box_new\images\no_img.jpg
  • %ProgramFiles%\youwobox\cache\box_new\images\no_img_m.jpg
  • %ProgramFiles%\youwobox\cache\box_new\images\opa75.png
  • %ProgramFiles%\youwobox\cache\box_new\images\next_page_hover.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\icon_keys.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\pstch_icocs.png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon_comm.png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon-right.png
  • %ProgramFiles%\youwobox\cache\box_new\images\120x120.png
  • %ProgramFiles%\youwobox\cache\box_new\images\120x170.png
  • %ProgramFiles%\youwobox\cache\box_new\images\80x80.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\80x80.png
  • %ProgramFiles%\youwobox\cache\box_new\images\a1.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\adbag.png
  • %ProgramFiles%\youwobox\cache\box_new\images\add_next.png
  • %ProgramFiles%\youwobox\cache\box_new\images\bannr_yy.png
  • %ProgramFiles%\youwobox\cache\box_new\images\add_prev.png
  • %ProgramFiles%\youwobox\cache\box_new\images\ad_next.png
  • %ProgramFiles%\youwobox\cache\box_new\images\ad_prev.png
  • %ProgramFiles%\youwobox\cache\box_new\images\ad_scroll_back.png
  • %ProgramFiles%\youwobox\cache\box_new\images\ad_scroll_forward.png
  • %ProgramFiles%\youwobox\cache\box_new\images\b1.gif
  • %ProgramFiles%\youwobox\cache\box_new\gl_item.html
  • %ProgramFiles%\youwobox\cache\box_new\images\adbg_close.png
  • %ProgramFiles%\youwobox\cache\box_new\flash_game_right.html
  • %ProgramFiles%\youwobox\cache\box_new\css\downpage_wl.css
  • %ProgramFiles%\youwobox\cache\box_new\config.ini
  • %ProgramFiles%\youwobox\cache\box_new\config.json
  • %ProgramFiles%\youwobox\cache\box_new\css\box.css
  • %ProgramFiles%\youwobox\cache\box_new\css\boxdown_pl.css
  • %ProgramFiles%\youwobox\cache\box_new\css\box_gl.css
  • %ProgramFiles%\youwobox\cache\box_new\css\downpage.css
  • %ProgramFiles%\youwobox\cache\box_new\css\item.css
  • %ProgramFiles%\youwobox\cache\box_new\css\psearch.css
  • %ProgramFiles%\youwobox\cache\box_new\css\item_dj.css
  • %ProgramFiles%\youwobox\cache\box_new\css\item_fl.css
  • %ProgramFiles%\youwobox\cache\box_new\css\item_sy.css
  • %ProgramFiles%\youwobox\cache\box_new\css\jscrollpane.css
  • %ProgramFiles%\youwobox\cache\box_new\css\normalize.css
  • %ProgramFiles%\youwobox\cache\box_new\css\patch_index.css
  • %ProgramFiles%\youwobox\cache\box_new\css\search_con.css
  • %ProgramFiles%\youwobox\cache\box_new\images\boxitem_img.png
  • %ProgramFiles%\youwobox\cache\box_new\images\box_fimg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\deful_gamehj.png
  • %ProgramFiles%\youwobox\cache\box_new\images\gl_dbtn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\gl_dbtn_sy.png
  • %ProgramFiles%\youwobox\cache\box_new\images\gl_tb.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\go_end.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\go_end_hover.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\game_tj_zz.png
  • %ProgramFiles%\youwobox\cache\box_new\images\gl_dbtn.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\go_star.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\icon-collection1.png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon-collection2.png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon-p.png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon-popclose.png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon-poptit.png
  • %ProgramFiles%\youwobox\cache\box_new\images\go_star_hover.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\hinfo_pl.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\game_pxbtn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\gameinfo_pl.png
  • %ProgramFiles%\youwobox\cache\box_new\images\gameinfo_bg_pl_b.png
  • %ProgramFiles%\youwobox\cache\box_new\images\dj_btn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\dj_more.png
  • %ProgramFiles%\youwobox\cache\box_new\images\dj_more1.png
  • %ProgramFiles%\youwobox\cache\box_new\images\downimg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\downmub.png
  • %ProgramFiles%\youwobox\cache\box_new\images\down_btn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\detail_spt_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\down_btn_loading.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\down_rank_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\down_rank_pl.png
  • %ProgramFiles%\youwobox\cache\box_new\images\error.png
  • %ProgramFiles%\youwobox\cache\box_new\images\fn_tb.png
  • %ProgramFiles%\youwobox\cache\box_new\images\gameinfo_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\gameinfo_bg_pl_a.png
  • %ProgramFiles%\youwobox\cache\box_new\images\down_page_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\icon.png
  • %ProgramFiles%\youwobox\cache\box_new\images\qrod_box_826.png
  • %ProgramFiles%\youwobox\cache\box_new\images\rank_pl.png
  • %ProgramFiles%\youwobox\cache\box_new\images\right_bg.png
  • %ProgramFiles%\youwobox\cache\images\fx-btn.png
  • %ProgramFiles%\youwobox\cache\images\fxcg_bg.png
  • %ProgramFiles%\youwobox\cache\images\gamestartimg.png
  • %ProgramFiles%\youwobox\cache\images\img_loading.gif
  • %ProgramFiles%\youwobox\cache\images\jt-ts.gif
  • %ProgramFiles%\youwobox\cache\images\ck_btn.png
  • %ProgramFiles%\youwobox\cache\images\close-btn.png
  • %ProgramFiles%\youwobox\cache\images\khd-pzimg.png
  • %ProgramFiles%\youwobox\cache\images\left_tool.png
  • %ProgramFiles%\youwobox\cache\images\left_tool_hover.png
  • %ProgramFiles%\youwobox\cache\images\loading.gif
  • %ProgramFiles%\youwobox\cache\images\loading_text.gif
  • %ProgramFiles%\youwobox\cache\images\pl2.png
  • %ProgramFiles%\youwobox\cache\images\left_comment.png
  • %ProgramFiles%\youwobox\cache\images\left_comment_hover.png
  • %ProgramFiles%\youwobox\cache\images\px-noinfo.png
  • %ProgramFiles%\youwobox\cache\images\px-error.png
  • %ProgramFiles%\youwobox\cache\css\peizi.css
  • %ProgramFiles%\youwobox\cache\box_new\layer-v2.1\layer\skin\default\loading-1.gif
  • %ProgramFiles%\youwobox\cache\box_new\layer-v2.1\layer\skin\default\loading-2.gif
  • %ProgramFiles%\youwobox\cache\box_new\layer-v2.1\layer\skin\layer.css
  • %ProgramFiles%\youwobox\cache\box_new\patch.html
  • %ProgramFiles%\youwobox\cache\images\bg.jpg
  • %ProgramFiles%\youwobox\cache\box_new\layer-v2.1\layer\skin\default\icon.png
  • %ProgramFiles%\youwobox\cache\images\bottompz-bg.png
  • %ProgramFiles%\youwobox\cache\box_new\psearch.html
  • %ProgramFiles%\youwobox\cache\box_new\set_url_temp.js
  • %ProgramFiles%\youwobox\cache\box_new\specialgames.json
  • %ProgramFiles%\youwobox\cache\check.html
  • %ProgramFiles%\youwobox\cache\css\gamestart_con.css
  • %ProgramFiles%\youwobox\cache\box_new\search.html
  • %ProgramFiles%\youwobox\cache\box_new\set_swf.js
  • %ProgramFiles%\youwobox\cache\box_new\set_url.js
  • %ProgramFiles%\youwobox\skins\youwocommon\autorunhint\arh_checkbox.png
  • %ProgramFiles%\youwobox\cache\images\px-ok.png
  • %ProgramFiles%\youwobox\cache\loading.html
  • %ProgramFiles%\youwobox\cache\share.html
  • %ProgramFiles%\youwobox\cache\tc.css
  • %ProgramFiles%\youwobox\config.ini
  • %ProgramFiles%\youwobox\data\allgameleft.json
  • %ProgramFiles%\youwobox\cache\js\pztc_con.js
  • %ProgramFiles%\youwobox\download\id.dat
  • %ProgramFiles%\youwobox\cache\loading_con.html
  • %ProgramFiles%\youwobox\mygame.ico
  • %ProgramFiles%\youwobox\skins\youwocommon\allgame.png
  • %ProgramFiles%\youwobox\skins\youwocommon\allgame_btn.png
  • %ProgramFiles%\youwobox\skins\youwocommon\animate.png
  • %ProgramFiles%\youwobox\skins\youwocommon\autorunhint\arh_btn_ok.png
  • %ProgramFiles%\youwobox\maininstancecfg.json
  • %ProgramFiles%\youwobox\cache\js\jquery.1.9.1.min.js
  • %ProgramFiles%\youwobox\skins\youwocommon\aclose.png
  • %ProgramFiles%\youwobox\cache\js\get_con.js
  • %ProgramFiles%\youwobox\cache\images\zzpz.gif
  • %ProgramFiles%\youwobox\cache\images\pz-bg-img.png
  • %ProgramFiles%\youwobox\cache\images\pz-jiao.png
  • %ProgramFiles%\youwobox\cache\images\pz-tc-pl.png
  • %ProgramFiles%\youwobox\cache\images\pzdf-pl.png
  • %ProgramFiles%\youwobox\cache\images\pzwin_close.png
  • %ProgramFiles%\youwobox\cache\images\tb-amd.png
  • %ProgramFiles%\youwobox\cache\images\tb-ati.png
  • %ProgramFiles%\youwobox\cache\images\pz-df.png
  • %ProgramFiles%\youwobox\cache\images\tb-intel.png
  • %ProgramFiles%\youwobox\cache\images\tb-vista.png
  • %ProgramFiles%\youwobox\cache\images\tb-win7.png
  • %ProgramFiles%\youwobox\cache\images\tb-winxp.png
  • %ProgramFiles%\youwobox\cache\images\win-32.png
  • %ProgramFiles%\youwobox\cache\images\win-64.png
  • %ProgramFiles%\youwobox\cache\box_new\layer-v2.1\layer\skin\default\icon-ext.png
  • %ProgramFiles%\youwobox\cache\images\tb-nvidia.png
  • %ProgramFiles%\youwobox\cache\box_new\layer-v2.1\layer\skin\default\loading-0.gif
  • %ProgramFiles%\youwobox\cache\box_new\layer-v2.1\layer\layer.js
  • %ProgramFiles%\youwobox\cache\box_new\js\search1.js
  • %ProgramFiles%\youwobox\cache\box_new\js\search.js
  • %ProgramFiles%\youwobox\cache\box_new\images\title_bom_search.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\tit_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\tit_tb.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\tj_tb.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\title_bg.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\tab_pl.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\title_bom_bg_a.png
  • %ProgramFiles%\youwobox\cache\box_new\images\tj_zz.png
  • %ProgramFiles%\youwobox\cache\box_new\images\tp_bg_c.png
  • %ProgramFiles%\youwobox\cache\box_new\images\ts_bg.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\user.png
  • %ProgramFiles%\youwobox\cache\box_new\images\xx_pl.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\tj_zz_hover.png
  • %ProgramFiles%\youwobox\cache\box_new\images\top_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\tp_bg_b.png
  • %ProgramFiles%\youwobox\cache\box_new\images\tab_pl_b.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\s_tb.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\yanbg.png
  • %ProgramFiles%\youwobox\cache\box_new\images\sbtn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\searchbtn_0707.png
  • %ProgramFiles%\youwobox\cache\box_new\images\search_con_zz.png
  • %ProgramFiles%\youwobox\cache\box_new\images\search_loading.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\search_title_pl.png
  • %ProgramFiles%\youwobox\cache\box_new\images\search_title_tab_.png
  • %ProgramFiles%\youwobox\cache\box_new\images\right_bg_index.png
  • %ProgramFiles%\youwobox\cache\box_new\images\sptit.gif
  • %ProgramFiles%\youwobox\cache\box_new\images\star.png
  • %ProgramFiles%\youwobox\cache\box_new\images\start.png
  • %ProgramFiles%\youwobox\cache\box_new\images\star_off.png
  • %ProgramFiles%\youwobox\cache\box_new\images\star_on.png
  • %ProgramFiles%\youwobox\cache\box_new\images\sydown_btn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\sy_btn.png
  • %ProgramFiles%\youwobox\cache\box_new\images\sptit.png
  • %ProgramFiles%\youwobox\skins\youwocommon\autorunhint\arh_main_text.png
  • %ProgramFiles%\youwobox\cache\box_new\images\zz_pl.png
  • %ProgramFiles%\youwobox\cache\box_new\images\yanbg_small.png
  • %ProgramFiles%\youwobox\cache\box_new\item_newwl.html
  • %ProgramFiles%\youwobox\cache\box_new\js\jquery.cookie.js
  • %ProgramFiles%\youwobox\cache\box_new\js\jquery.jscrollpane.min.js
  • %ProgramFiles%\youwobox\cache\box_new\js\jquery.mousewheel.js
  • %ProgramFiles%\youwobox\cache\box_new\js\jquery.raty.min.js
  • %ProgramFiles%\youwobox\cache\box_new\js\jcarousellite.js
  • %ProgramFiles%\youwobox\cache\box_new\js\lightbox.js
  • %ProgramFiles%\youwobox\cache\box_new\js\jquery.ba-resize.min.js
  • %ProgramFiles%\youwobox\cache\box_new\js\patch_index.js
  • %ProgramFiles%\youwobox\cache\box_new\js\pl.js
  • %ProgramFiles%\youwobox\cache\box_new\js\psearch.js
  • %ProgramFiles%\youwobox\cache\box_new\js\qrcode.min.js
  • %ProgramFiles%\youwobox\cache\box_new\js\responsiveslides.min.js
  • %ProgramFiles%\youwobox\cache\box_new\js\move6.js
  • %ProgramFiles%\youwobox\cache\box_new\images\title_bom_bg.png
  • %ProgramFiles%\youwobox\cache\box_new\js\pinglun.js
  • %ProgramFiles%\youwobox\cache\box_new\js\jquery.1.9.1.min.js
  • %ProgramFiles%\youwobox\cache\box_new\js\i_con.js
  • %ProgramFiles%\youwobox\cache\box_new\js\item_wl.js
  • %ProgramFiles%\youwobox\cache\box_new\item_sy.html
  • %ProgramFiles%\youwobox\cache\box_new\item_wl.html
  • %ProgramFiles%\youwobox\cache\box_new\item_wy.html
  • %ProgramFiles%\youwobox\cache\box_new\js\box2.js
  • %ProgramFiles%\youwobox\cache\box_new\js\box2_noad.js
  • %ProgramFiles%\youwobox\cache\box_new\item_dj.html
  • %ProgramFiles%\youwobox\cache\box_new\js\box2_set.js
  • %ProgramFiles%\youwobox\cache\box_new\js\imagesloaded.pkgd.min.js
  • %ProgramFiles%\youwobox\cache\box_new\js\item_dj.js
  • %ProgramFiles%\youwobox\cache\box_new\js\item_dj1.js
  • %ProgramFiles%\youwobox\cache\box_new\js\item_fl.js
  • %ProgramFiles%\youwobox\cache\box_new\js\item_gl.js
  • %ProgramFiles%\youwobox\cache\box_new\js\item_newwl.js
  • %ProgramFiles%\youwobox\cache\box_new\js\html5.js
  • %ProgramFiles%\youwobox\cache\box_new\js\item_sy.js
  • %ProgramFiles%\youwobox\cache\box_new\index.html
  • %ProgramFiles%\youwobox\data\localsimulatortool.json
Sets the 'hidden' attribute to the following files
  • %ProgramFiles%\youwobox\skins\youwocommon\thumbs.db
Deletes the following files
  • %ProgramFiles%\main.7z
Network activity
Connects to
  • 'gg#.#2kfly.com':443
TCP
HTTP GET requests
  • http://ce####.hz.52kfly.com/count.do?sc##########################################################################################################################################################...
  • http://st####.yxdown.com/js/swfobject.2.2.js
  • http://s3#.#zwgs.com/galileo/836087-ca4c37a2094b685c4bbff5cccde31ce5.jpg
  • http://s3#.#zwgs.com/galileo/836085-e29f42c7f54ab88e98f4056a1e86f928.jpg
  • http://ma###.mediav.com/rtb?ty###################################################################################################################################################################...
  • http://pa###.#ox.yxdown.com/static/js/box_userhome_1126.js?xx
  • http://bo#####ig.yxdown.com/open/yx_yxzx.js
  • http://sh##.#.mediav.com/s?ty#######################################################################################################################################################
  • http://s3.##bdw.com/s?ty#########################################################################################################################################################################...
  • http://s3#.#zwgs.com/galileo/825886-471d40a744f6b5ca34154c531c0190a2.jpg
  • http://s3#.#zwgs.com/galileo/742025-e8443bb4f42cb465fe7c8c41248cd7cd.jpg
  • http://js.###tian001.com/js/c/9484_1817.js
  • http://js.###tian001.com/js/c/9484_1819.js
  • http://i.###fly.com/api/op.ashx/yxdownboxinfo?ve#########
  • http://i.###fly.com/static/js/jquery.1.9.1.min.js
  • http://ne##.7654.com/api/hot/limit/2?qi####
  • http://tt##.#uangsuss.com/image/1b8ce7e7cfc5d48215f4bf8f2e9feb47?im###################
  • http://sh##.#.mediav.com/s?ty######################################################################################################################################################
  • http://cd##.mns3.cn/mini/statics/assets/js/index.js?v=####
  • http://cd##.mns3.cn/mini/statics/common/js/jquery.xDomain.js
  • http://ap#.##owingio.com/v2/88cfd81cb67f3b0f/web/pv?da###########################################################################################################################################...
  • http://cd##.mns3.cn/mini/statics/common/js/jquery.base64.js
  • http://cd##.mns3.cn/mini/statics/common/js/jquery.cookie.js
  • http://as####.giocdn.com/2.1/gio.js
  • http://cd##.mns3.cn/mini/statics/common/js/jquery.min.js
  • http://yx.##mini.cn/mini/index.html?si#########################################
  • http://wc##.#mgouwu.com/Install/image/37_02_1219.gif
  • http://cd##.mns3.cn/mini/statics/assets/images/toggle_nav.png
  • http://cd##.mns3.cn/mini/statics/assets/css/index.css?v=#
  • http://yx.##mini.cn/mini/index.html?si####
  • http://i.###fly.com/static/css/box_userhome_1207.css
  • http://i-#.#xdown.com/2018/1/26/3d1e97a3-2a7e-41f6-bfe0-b02887c4f2aa.jpg
  • http://ap#.##.52kfly.com/open/box/config.do?ve#########################################
  • http://s3#.#zwgs.com/galileo/825698-10ab149d14e66758bae3a0cb26fa9700.jpg
  • http://s3#.#zwgs.com/galileo/820728-424ca381cc945f7d1f9f8ce9a46b427b.jpg
  • http://s3#.#zwgs.com/galileo/834823-2c5c8f6988981fe4c84f62a7b8580448.jpg
  • http://s3#.#zwgs.com/galileo/819320-3ce926c638bce6159c0df96b7124b6a4.jpg
  • http://gg#.#2kfly.com/redirect/box/tanchuang_kw.url?en######
  • http://tt###g.7654.com/image/985a464bab16b395e201d1e6fd727df5?im#############################
  • http://tt###g.7654.com/image/18075c92157e98c615d1a7d3737beae6?im#############################
  • http://tt###g.7654.com/image/8fde0c51222f539455330561ade5d1c3?im#############################
  • http://tt###g.7654.com/image/61738edb50cdbba7a9a5dc7aaad9cf1e?im#############################
  • http://tt###g.7654.com/image/1d5041abd6021596d1d3bc1c2f5451e2?im#############################
  • http://tt###g.7654.com/image/924475f32efc68177542193f8200bfae?im#############################
  • http://tt###g.7654.com/image/dcb6d62484cb009a702a44a988f01e2e?im#############################
  • http://tt###g.7654.com/image/84166c7f2881304af47cdfff9060be6a?im#############################
  • http://tt###g.7654.com/image/7f2ada3c770d6a839467abdf833f356a?im#############################
  • http://i.###fly.com/api/cebian_wdl.aspx
  • http://tt##.#uangsuss.com/image/28fccfafed8bbd33ed5d90a74ef9202c?im###################
  • http://i-#####own.715083.com/2018/4/24/8f4e8688-2994-423c-8268-6687ed5e6479.png?im###############
  • http://i-#####own.715083.com/2016/9/14/8547a5e1-7427-45ec-ae3f-f59a2c6cc246.png?im###############
  • http://i-#.#xdown.com/2016/9/14/8547a5e1-7427-45ec-ae3f-f59a2c6cc246.png
  • http://i-#####own.715083.com/2018/4/24/674ac902-001b-4598-87a3-668644e7874e.png?im###############
  • http://i-#.#xdown.com/2018/4/24/8f4e8688-2994-423c-8268-6687ed5e6479.png
  • http://i-#####own.715083.com/2016/9/14/f2ee6597-3a54-4137-93df-db1322ab72db.png?im###############
  • http://i-#.#xdown.com/2016/9/14/f2ee6597-3a54-4137-93df-db1322ab72db.png
  • http://i.###fly.com/static/images/xx_pl.png
  • http://i-#.#xdown.com/2018/4/24/674ac902-001b-4598-87a3-668644e7874e.png
  • http://ne##.##utiaobashi.com/api/tpop/list_new/bz/1/93/6
  • http://s3#.#zwgs.com/galileo/836087-fcbaec07545100b5fe476f1856733a85.jpg
  • http://s3#.#zwgs.com/galileo/836085-30d1493b0a2fd32bc0860db1fed432ac.jpg
  • http://bo#####ig.yxdown.com/open/yx.pcbox.cebian2.wdl?ca####################
  • http://i.###fly.com/static/images/box_userhomeImg.png
  • http://p1.##imgs3.com/t019454abe38d922dcd.png
  • http://i.###fly.com/static/images/wdl_login_bg.png
  • http://dn###.52kfly.com/yxh/sjsetting.dat
  • http://ap#.##.52kfly.com/open/pc/yxsoft/catalogs/list.json
  • http://oh##.jdypf.com/yxh/img/ding_0115_902.png
  • http://i-#.#xdown.com/2016/4/27/391f8be7-c471-420d-9614-e8b40a549601.png
  • http://i-#.#xdown.com/2018/1/17/a95102e9-c9f8-445f-b85f-34cd7a0b91a2.jpg
  • http://i-#.#xdown.com/2017/10/16/70df536b-6abf-4702-8829-ddc42ced2fe0.png
  • http://i-#.#xdown.com/2018/1/27/378798c4-51a1-41a9-afab-cf6700100231.jpg
  • http://ap#.##.52kfly.com/open/qp/game/list.json?op###############################
  • http://ap#.##.52kfly.com/open/ng/game/list.json?ci##########################################################
  • http://ap#.##.52kfly.com/open/wg/game/list.json?op#############################
  • http://ap#.##.52kfly.com/open/pc/soft/list.json?ci#########################################################
  • http://gg#####.hz.52kfly.com/pinforesults.do?sc#########################################################################################
  • http://kl.##kfly.com/cgi/FavoritesCheckConfiguration.ashx/favoritescheckconfig/getconfig
  • http://oh##.jdypf.com/Install/image/tiepian1107.jpg
  • http://gg.##down.com/gif/fad_close.gif
  • http://i-#####own.715083.com/2016/4/26/ac44e9a2-eca8-4e06-996d-cb1306de423c.png?im###############
  • http://i-#.#xdown.com/2016/4/26/ac44e9a2-eca8-4e06-996d-cb1306de423c.png
  • http://s3#.#zwgs.com/galileo/771595-8a9c86ac120170370ea2e6d13040fa5e.jpg
  • http://i-#.#xdown.com/2018/1/26/c0d29883-bebf-459f-9ea3-782093064866.jpg
  • http://i-#####own.715083.com/2016/6/28/b1abd90b-8bd7-4805-9eb9-aabe23d6fa0e.png?im###############
  • http://i-#.#xdown.com/2016/6/28/b1abd90b-8bd7-4805-9eb9-aabe23d6fa0e.png
  • http://i-#####own.715083.com/2016/4/26/814950eb-6624-474b-87b5-36c13af3df53.png?im###############
  • http://i-#.#xdown.com/2016/4/26/814950eb-6624-474b-87b5-36c13af3df53.png
  • http://i-#.#xdown.com/2016/4/26/e363306b-c40d-4d2a-950d-1e6782334868.png
  • http://dn###.52kfly.com/yxh/paget/setting/msettingv1_yw.json
  • http://hz####ig.52kfly.com/open/new_tiepian.js
  • http://dn###.52kfly.com/yxh/gamestart/dzzv4.zip
  • http://ap#.##.52kfly.com/open/gt/soft/list.json?so#########
  • http://ap#.##.52kfly.com/open/box/config.do?ve############################################
  • http://ap#.##.52kfly.com/open/group/data.json?ke#################################################################################################################################################...
  • http://i.###fly.com/api/op.ashx/login/islogin.js?ca##############################
  • http://us####.hz.52kfly.com/count.do?sc##########################################################################################################################################################...
  • http://dn###.52kfly.com/yxh/game_buy.json
  • http://i-#####own.715083.com/2016/4/27/391f8be7-c471-420d-9614-e8b40a549601.png?im###############
  • http://ss##.mediav.com/s?ty######################################################################################################################################################################...
  • http://i-#.#xdown.com/2019/2/19/298fdf9e-93e0-4597-888e-ad84d3ebbdfc.bmp
  • http://i-#.#xdown.com/2018/1/26/a0bb825d-f2a7-4415-97fa-90ffc4869454.jpg
  • http://eo##.dgygpx.com/yxh/img/91y_0416.jpg
  • http://bl######kgame.52kfly.com/api/Search.ashx/bluestackgame/searchCategory
  • http://oh##.jdypf.com/Install/image/youwheng_1024.png
  • http://ma####.52kfly.com/api/tempip.ashx?ac###############################
  • http://wc##.#mgouwu.com/Install/image/hyrz.png
  • http://wc##.#mgouwu.com/Install/image/jinghong.gif
  • http://wc##.#mgouwu.com/Install/image/hecheng.gif
  • http://i-#####own.715083.com/2018/1/26/3d1e97a3-2a7e-41f6-bfe0-b02887c4f2aa.jpg?im###############
  • http://i-#####own.715083.com/2016/7/7/363927b4-006d-48ea-a9c1-e4c0d7a4281c.jpg?im###############
  • http://i-#####own.715083.com/2018/1/31/14df1341-0e78-48e4-a108-81b61d4a9396.jpg?im###############
  • http://wc##.#mgouwu.com/Install/image/1.76gb.gif
  • http://i-#####own.715083.com/2018/1/26/f5c5593b-23bc-4424-baf4-3728704fe248.jpg?im###############
  • http://wc##.#mgouwu.com/Install/image/wdsj.png
  • http://i-#.#xdown.com/2016/7/7/363927b4-006d-48ea-a9c1-e4c0d7a4281c.jpg
  • http://i-#.#xdown.com/2019/2/15/91e279b2-fa51-434d-8259-45eb993933ff.jpg
  • http://i-#####own.715083.com/2018/1/29/7966e16d-4f69-4a2f-94f9-77f15ce96f21.jpg?im###############
  • http://wc##.#mgouwu.com/Install/image/37_01_1219.gif
  • http://i-#####own.715083.com/2018/1/26/a0bb825d-f2a7-4415-97fa-90ffc4869454.jpg?im###############
  • http://i-#.#xdown.com/2018/1/31/14df1341-0e78-48e4-a108-81b61d4a9396.jpg
  • http://wc##.#mgouwu.com/Install/image/cbtcq.gif
  • http://i-#####own.715083.com/2019/2/15/91e279b2-fa51-434d-8259-45eb993933ff.jpg?im###############
  • http://i-#####own.715083.com/2019/2/19/298fdf9e-93e0-4597-888e-ad84d3ebbdfc.bmp?im###############
  • http://i-#####own.715083.com/2018/1/26/c0d29883-bebf-459f-9ea3-782093064866.jpg?im###############
  • http://wc##.#mgouwu.com/Install/image/hsjn.gif
  • http://i-#####own.715083.com/2017/10/16/70df536b-6abf-4702-8829-ddc42ced2fe0.png?im###############
  • http://i-#.#xdown.com/2018/1/26/f5c5593b-23bc-4424-baf4-3728704fe248.jpg
  • http://i-#.#xdown.com/2018/1/29/7966e16d-4f69-4a2f-94f9-77f15ce96f21.jpg
  • http://i-#####own.715083.com/2018/1/27/378798c4-51a1-41a9-afab-cf6700100231.jpg?im###############
  • http://i-#####own.715083.com/2018/1/17/a95102e9-c9f8-445f-b85f-34cd7a0b91a2.jpg?im###############
  • http://wc##.#mgouwu.com/Install/image/2019tlcq.gif
  • http://wc##.#mgouwu.com/Install/image/37_03_1219.gif
  • http://s3#.#zwgs.com/galileo/820731-877a8e2db025cabc1453a414e134bd20.jpg
HTTP POST requests
  • http://ce####.hz.52kfly.com/count.do?sc##########################################################################################################################################################...
  • http://kl.##kfly.com/cgi/IconDeleteConfiguration.ashx/icondelete/getconfig?sc#################################################################################
  • 's4.#nzz.com':443
  • 'ce####.hz.52kfly.com':443
    • UDP
    • DNS ASK ce####.hz.52kfly.com
    • DNS ASK ne##.##utiaobashi.com
    • DNS ASK sh##.#.mediav.com
    • DNS ASK ne##.7654.com
    • DNS ASK s4.#nzz.com
    • DNS ASK s3#.#zwgs.com
    • DNS ASK ma###.mediav.com
    • DNS ASK s3.##bdw.com
    • DNS ASK pa###.#ox.yxdown.com
    • DNS ASK tt###g.7654.com
    • DNS ASK bo#####ig.yxdown.com
    • DNS ASK s5.#nzz.com
    • DNS ASK tt##.#uangsuss.com
    • DNS ASK st####.yxdown.com
    • DNS ASK im#.#a9t.com
    • DNS ASK p1.##imgs3.com
    • DNS ASK ss##.mediav.com
    • DNS ASK ap#.##owingio.com
    • DNS ASK js.###tian001.com
    • DNS ASK as####.giocdn.com
    • DNS ASK oh##.jdypf.com
    • DNS ASK dn###.52kfly.com
    • DNS ASK ap#.##.52kfly.com
    • DNS ASK us####.hz.52kfly.com
    • DNS ASK hz####ig.52kfly.com
    • DNS ASK i.###fly.com
    • DNS ASK ba##u.com
    • DNS ASK i-#.#xdown.com
    • DNS ASK gg.##down.com
    • DNS ASK yx.##mini.cn
    • DNS ASK i-#####own.715083.com
    • DNS ASK kl.##kfly.com
    • DNS ASK gg#####.hz.52kfly.com
    • DNS ASK wc##.#mgouwu.com
    • DNS ASK eo##.dgygpx.com
    • DNS ASK ma####.52kfly.com
    • DNS ASK bl######kgame.52kfly.com
    • DNS ASK cd##.mns3.cn
    • DNS ASK gg#.#2kfly.com
    Miscellaneous
    Searches for the following windows
    • ClassName: 'MS_AutodialMonitor' WindowName: ''
    • ClassName: 'MS_WebCheckMonitor' WindowName: ''
    Creates and executes the following
    • '%ProgramFiles%\youwobox\youwo.exe'
    • '%ProgramFiles%\youwobox\youwopc.exe' "a0204||½ñÈÕ×ÊѶ|http://yx.##mini.cn/mini/index.html?si###################################################################

    Curing recommendations

    1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
    2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
    Free trial

     

    Download Dr.Web

    Download by serial number

    Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

    Free trial

     

    Download Dr.Web

    Download by serial number

    Download on App Store

    After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

    Free trial

     

    Download Dr.Web

    Download by serial number

    1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
    2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
      • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
      • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
      • Switch off your device and turn it on as normal.

    Find out more about Dr.Web for Android

    Free trial

    14 days

    Download now
    Get it on Google Play