Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CnsMin' = 'Rundll32.exe %WINDIR%\Downloaded Program Files\CnsMin.dll,Rundll32'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'helper.dll' = '<SYSTEM32>\rundll32.exe %PROGRAM_FILES%\3721\helper.dll,Rundll32'
- <SYSTEM32>\aclayer.exe
- <SYSTEM32>\rundll32.exe %WINDIR%\Downloaded Program Files\CnsMin.dll,Rundll32
- <SYSTEM32>\rundll32.exe %PROGRAM_FILES%\3721\helper.dll,Rundll32
- %PROGRAM_FILES%\yisou\YInst\yisou\a0.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\2.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\6.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\4.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\a1.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\profcn.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\proftw.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\prodef.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\1.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\3.bmp
- %PROGRAM_FILES%\yisou\yisou.dll
- %PROGRAM_FILES%\yisou\install.cab
- %PROGRAM_FILES%\yisou\yisous.dll
- %PROGRAM_FILES%\3721\Assist\Coolbar\profile.ini
- %PROGRAM_FILES%\3721\Assist\assist.dll
- %PROGRAM_FILES%\yisou\YInst\yisou\5.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\7.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\logo.bmp
- %PROGRAM_FILES%\yisou\YInst\minib.dll
- %PROGRAM_FILES%\yisou\YInst\yisou\profile.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\prodefcn.ini
- %PROGRAM_FILES%\yisou\yisou\prodefcn.ini
- %PROGRAM_FILES%\yisou\yisou\prodeftw.ini
- %PROGRAM_FILES%\yisou\yisou\prodef.ini
- %PROGRAM_FILES%\yisou\yisou\a1.bmp
- %PROGRAM_FILES%\yisou\yisou\logo.bmp
- %PROGRAM_FILES%\yisou\yisoub.dll
- %WINDIR%\Downloaded Program Files\CnsMin.dll
- %PROGRAM_FILES%\yisou\yisou\proftw.ini
- %PROGRAM_FILES%\yisou\yisou\profcn.ini
- %PROGRAM_FILES%\yisou\yisou\profile.ini
- %PROGRAM_FILES%\yisou\yisou\2.bmp
- %PROGRAM_FILES%\yisou\yisou\3.bmp
- %PROGRAM_FILES%\yisou\yisou\1.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\prodeftw.ini
- %PROGRAM_FILES%\yisou\minib.dll
- %PROGRAM_FILES%\yisou\yisou\7.bmp
- %PROGRAM_FILES%\yisou\yisou\a0.bmp
- %PROGRAM_FILES%\yisou\yisou\6.bmp
- %PROGRAM_FILES%\yisou\yisou\4.bmp
- %PROGRAM_FILES%\yisou\yisou\5.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\prodef.ini
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\1.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\10.bmp
- %PROGRAM_FILES%\3721\Assist\coolbar.cab
- %PROGRAM_FILES%\3721\Helper.dll
- %PROGRAM_FILES%\3721\Assist\asbar.dll
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\4.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\5.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\3.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\11.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\2.bmp
- <SYSTEM32>\aclayer.exe
- %PROGRAM_FILES%\3721\AutoLive.dll
- %TEMP%\nsm3.tmp\System.dll
- %TEMP%\nsh2.tmp
- %TEMP%\nsm3.tmp\wmpns.dll
- %PROGRAM_FILES%\3721\3721\cns01.dat
- %PROGRAM_FILES%\3721\cns01.dat
- %PROGRAM_FILES%\3721\3721\Helper.dll
- %TEMP%\nsf5.tmp
- %PROGRAM_FILES%\3721\i3721res.dat
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\6.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\5.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\6.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\4.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\2.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\3.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\custom.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\Logo.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\9.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\7.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\8.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\custom.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\Logo.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\9.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\7.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\8.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\10.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\11.bmp
- %PROGRAM_FILES%\3721\Assist\Coolbar\1.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\prodef.ini
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\profile.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\6.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\5.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\a0.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\7.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\4.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\1.bmp
- %PROGRAM_FILES%\yisou\YInst\minib.dll
- %PROGRAM_FILES%\yisou\YInst\yisou\3.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\2.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\a1.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\proftw.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\profile.ini
- %TEMP%\nsm3.tmp\System.dll
- %PROGRAM_FILES%\yisou\install.cab
- %PROGRAM_FILES%\yisou\YInst\yisou\profcn.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\prodef.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\logo.bmp
- %PROGRAM_FILES%\yisou\YInst\yisou\prodeftw.ini
- %PROGRAM_FILES%\yisou\YInst\yisou\prodefcn.ini
- %PROGRAM_FILES%\3721\Assist\coolbar.cab
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\11.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\10.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\3.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\2.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\1.bmp
- %PROGRAM_FILES%\3721\3721\cns01.dat
- %TEMP%\nsm3.tmp\wmpns.dll
- %PROGRAM_FILES%\3721\i3721res.dat
- %PROGRAM_FILES%\3721\3721\Helper.dll
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\4.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\Logo.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\custom.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\profile.ini
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\prodef.ini
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\9.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\6.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\5.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\8.bmp
- %PROGRAM_FILES%\3721\Assist\3721\Coolbar\7.bmp
- ClassName: '#32770' WindowName: '3721Helper_CNS'
- ClassName: 'Shell_TrayWnd' WindowName: ''