Technical Information
- [<HKLM>\SOFTWARE\Classes\https\shell\open\command] '' = '"%ProgramFiles%\SaaYaa\SaaYaa.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ftp\shell\open\command] '' = '"%ProgramFiles%\SaaYaa\SaaYaa.exe" "%1"'
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\SaaYaa.exe\shell\open\command] '' = '"%ProgramFiles%\SaaYaa\SaaYaa.exe"'
- [<HKLM>\SOFTWARE\Classes\HTTP\shell\open\command] '' = '"%ProgramFiles%\SaaYaa\SaaYaa.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\htmlfile\shell\open\command] '' = '"%ProgramFiles%\SaaYaa\SaaYaa.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\InternetShortcut\shell\open\command] '' = '"%ProgramFiles%\SaaYaa\SaaYaa.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\mhtmlfile\shell\open\command] '' = '"%ProgramFiles%\SaaYaa\SaaYaa.exe" "%1"'
- '%ProgramFiles%\SaaYaa\SaaYaa.exe'
- '%ProgramFiles%\SaaYaa\SaaYaa.exe' "SetDefaultExplorer-1"
- %ProgramFiles%\SaaYaa\data\22.tmp
- %ProgramFiles%\SaaYaa\data\21.tmp
- %ProgramFiles%\SaaYaa\data\20.tmp
- %ProgramFiles%\SaaYaa\data\24.tmp
- %ProgramFiles%\SaaYaa\data\26.tmp
- %ProgramFiles%\SaaYaa\data\25.tmp
- %ProgramFiles%\SaaYaa\data\23.tmp
- %ProgramFiles%\SaaYaa\data\1B.tmp
- %ProgramFiles%\SaaYaa\data\1A.tmp
- %ProgramFiles%\SaaYaa\data\19.tmp
- %ProgramFiles%\SaaYaa\data\1C.tmp
- %ProgramFiles%\SaaYaa\data\1E.tmp
- %ProgramFiles%\SaaYaa\data\1F.tmp
- %ProgramFiles%\SaaYaa\data\1D.tmp
- %ProgramFiles%\SaaYaa\data\27.tmp
- %ProgramFiles%\SaaYaa\data\2C.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\saayaa[1].html
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\saayaa[1].xml
- %ProgramFiles%\SaaYaa\data\2B.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\favicon[1].ico
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\favicon[2].ico
- %ProgramFiles%\SaaYaa\data\2D.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\smarturls[1].xml
- %ProgramFiles%\SaaYaa\data\29.tmp
- %ProgramFiles%\SaaYaa\data\28.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\ServerTime[1].aspx
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\saayaa[1].xml
- %ProgramFiles%\SaaYaa\data\2A.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\saayaa2[1].xml
- %ProgramFiles%\SaaYaa\data\6.tmp
- %ProgramFiles%\SaaYaa\data\5.tmp
- %ProgramFiles%\SaaYaa\data\4.tmp
- %ProgramFiles%\SaaYaa\data\7.tmp
- %ProgramFiles%\SaaYaa\data\A.tmp
- %ProgramFiles%\SaaYaa\data\9.tmp
- %ProgramFiles%\SaaYaa\data\8.tmp
- %ProgramFiles%\SaaYaa\Uninstall.exe
- %ProgramFiles%\SaaYaa\SaaYaa.exe
- %TEMP%\nsd2.tmp
- %HOMEPATH%\Start Menu\Programs\ЙБУОдЇААЖч\Р¶ФШЙБУОдЇААЖч.lnk
- %HOMEPATH%\Desktop\ИнГЅ - ЙБУОдЇААЖч.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\ИнГЅ - ЙБУОдЇААЖч.lnk
- %HOMEPATH%\Start Menu\Programs\ЙБУОдЇААЖч\ИнГЅ - ЙБУОдЇААЖч.lnk
- %ProgramFiles%\SaaYaa\data\bak\favorite.2.2.2.0.dat
- %ProgramFiles%\SaaYaa\data\14.tmp
- %ProgramFiles%\SaaYaa\data\13.tmp
- %ProgramFiles%\SaaYaa\data\12.tmp
- %ProgramFiles%\SaaYaa\data\15.tmp
- %ProgramFiles%\SaaYaa\data\18.tmp
- %ProgramFiles%\SaaYaa\data\17.tmp
- %ProgramFiles%\SaaYaa\data\16.tmp
- %ProgramFiles%\SaaYaa\data\D.tmp
- %ProgramFiles%\SaaYaa\data\C.tmp
- %ProgramFiles%\SaaYaa\data\B.tmp
- %ProgramFiles%\SaaYaa\data\E.tmp
- %ProgramFiles%\SaaYaa\data\10.tmp
- %ProgramFiles%\SaaYaa\data\11.tmp
- %ProgramFiles%\SaaYaa\data\F.tmp
- %TEMP%\nse3.tmp\System.dll
- %TEMP%\nse3.tmp\processwork.dll
- from %ProgramFiles%\SaaYaa\data\1E.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\21.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\22.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\24.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\20.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\19.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\1A.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\1B.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\1F.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\1C.tmp to %ProgramFiles%\SaaYaa\data\visited.dat
- from %ProgramFiles%\SaaYaa\data\2A.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\29.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\2C.tmp to %ProgramFiles%\SaaYaa\data\visited.dat
- from %ProgramFiles%\SaaYaa\data\2D.tmp to %ProgramFiles%\SaaYaa\data\forms.dat
- from %ProgramFiles%\SaaYaa\data\2B.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\25.tmp to %ProgramFiles%\SaaYaa\data\visited.dat
- from %ProgramFiles%\SaaYaa\data\23.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\26.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\28.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\27.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\18.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\A.tmp to %ProgramFiles%\SaaYaa\data\Download.dat
- from %ProgramFiles%\SaaYaa\data\9.tmp to %ProgramFiles%\SaaYaa\data\favorite.dat
- from %ProgramFiles%\SaaYaa\data\B.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\D.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\C.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\5.tmp to %ProgramFiles%\SaaYaa\data\visited.dat
- from %ProgramFiles%\SaaYaa\data\4.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\6.tmp to %ProgramFiles%\SaaYaa\data\favorite.dat
- from %ProgramFiles%\SaaYaa\data\8.tmp to %ProgramFiles%\SaaYaa\data\favorite.dat
- from %ProgramFiles%\SaaYaa\data\7.tmp to %ProgramFiles%\SaaYaa\data\favorite.dat
- from %ProgramFiles%\SaaYaa\data\14.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\13.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\15.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\17.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\16.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\F.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\E.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\11.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\12.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- from %ProgramFiles%\SaaYaa\data\10.tmp to %ProgramFiles%\SaaYaa\data\config2.dat
- %ProgramFiles%\SaaYaa\data\config2.dat
- 'i.###nmei.com':80
- 'www.66##.com':80
- 'localhost':1039
- 'www.sa##aa.com':80
- http://www.sa##aa.com/upgrade/saayaa.xml?r=######
- http://www.66##.com/saayaa.html
- http://www.66##.com/favicon.ico
- http://www.sa##aa.com/upgrade/smarturls.xml?r=######
- http://i.###nmei.com/ServerTime.aspx?r=######
- http://www.sa##aa.com/upgrade/saayaa2.xml?r=######
- DNS ASK www.66##.com
- DNS ASK i.###nmei.com
- DNS ASK www.sa##aa.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'SaaYaa' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''