Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Dcssvr Service12220144172939343] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Mnying\Mnying.exe' = '%PROGRAM_FILES%\Mnying\Mnying.exe:*:Enabled:ГАЕ®УЄ'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\kele\tjjrfx_70745.exe' = '%PROGRAM_FILES%\kele\tjjrfx_70745.exe:*:Enabled:百度卫士在线安装程序'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\kele\tjjrfx_70745.exe' = '%PROGRAM_FILES%\kele\tjjrfx_70745.exe:*:Enabled:百度卫士在线安装程序'
- '%TEMP%\nsyB.tmp\nsD.tmp' sc description "Dcssvr Service12220144172939343" "Dcssvr Service32220144172939343"
- '%TEMP%\nsyB.tmp\nsC.tmp' sc create "Dcssvr Service12220144172939343" displayname= "22220144172939343" binPath= "%PROGRAM_FILES%\ainqngz4.0\Dcsvr.exe" start= auto
- '%PROGRAM_FILES%\ainqngz4.0\fdcard.exe' /s
- '%PROGRAM_FILES%\ainqngz4.0\Ainqngz4.0.exe'
- '%PROGRAM_FILES%\Mnying\Mnying.exe' /A
- '%PROGRAM_FILES%\kele\-8670_360_MM.exe'
- '%PROGRAM_FILES%\kele\tjjrfx_70745.exe'
- '%PROGRAM_FILES%\kele\yunboplayer.exe'
- '%PROGRAM_FILES%\kele\pczh_107_306.exe'
- '<SYSTEM32>\sc.exe' description "Dcssvr Service12220144172939343" "Dcssvr Service32220144172939343"
- '<SYSTEM32>\sc.exe' create "Dcssvr Service12220144172939343" displayname= "22220144172939343" binPath= "%PROGRAM_FILES%\ainqngz4.0\Dcsvr.exe" start= auto
- '<SYSTEM32>\taskkill.exe' /F /im mvhd.exe
- %PROGRAM_FILES%\Mnying\usst.exe
- %TEMP%\nsyB.tmp\NSISdl.dll
- %PROGRAM_FILES%\Mnying\mvyy.exe
- %PROGRAM_FILES%\Mnying\Mnying.exe
- %TEMP%\nsw6.tmp\BDMDownload.dll
- %PROGRAM_FILES%\Mnying\ГАЕ®УЄ.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\ГАЕ®УЄ\ГАЕ®УЄ.lnk
- %TEMP%\nsw6.tmp\BDLogicUtils.dll
- %TEMP%\nsw6.tmp\dl.dll
- %TEMP%\nsw6.tmp\hu.dll
- %TEMP%\nsn8.tmp\Mnying.exe
- %TEMP%\nsdA.tmp
- %TEMP%\nsn8.tmp\System.dll
- %HOMEPATH%\Desktop\2345µјєЅ.lnk
- %TEMP%\nsm5.tmp
- %TEMP%\nsw6.tmp\res\onlineWnd.zip
- %TEMP%\nsw6.tmp\BDMSkin.dll
- %TEMP%\nsyB.tmp\System.dll
- %TEMP%\nsyB.tmp\Base64.dll
- %TEMP%\nsw6.tmp\System.dll
- %TEMP%\nsw6.tmp\BDMNetGetInfo.dll
- %HOMEPATH%\Desktop\°®Зй.ЦЗ»Ы.4.0.lnk
- %TEMP%\nsyB.tmp\Math.dll
- %TEMP%\nsyB.tmp\nsD.tmp
- %TEMP%\nsyB.tmp\nsExec.dll
- %TEMP%\nsyB.tmp\nsC.tmp
- %TEMP%\nsyB.tmp\Inetc.dll
- %HOMEPATH%\AppData\LocalLow\Mnying\Fav9.dat
- %TEMP%\nsyB.tmp\md5dll.dll
- %APPDATA%\zn2220144\min.ini
- %APPDATA%\zn2220144\set.ini
- %HOMEPATH%\Templates\2220144172939343\YYM_955WD30.gif
- %PROGRAM_FILES%\ainqngz4.0\Ainqngz4.0.exe
- %TEMP%\nsw6.tmp\tmppm4bkx.dll
- %ALLUSERSPROFILE%\Start Menu\Programs\ГАЕ®УЄ\Р¶ФШГАЕ®УЄ.lnk
- %ALLUSERSPROFILE%\Desktop\ГАЕ®УЄ.lnk
- %HOMEPATH%\Start Menu\Programs\°®Зй.ЦЗ»Ы.4.0\Р¶ФШ.lnk
- %HOMEPATH%\Start Menu\Programs\°®Зй.ЦЗ»Ы.4.0\°®Зй.ЦЗ»Ы.4.0.lnk
- %PROGRAM_FILES%\ainqngz4.0\Dcsvr.exe
- %PROGRAM_FILES%\ainqngz4.0\uninstall.exe
- %PROGRAM_FILES%\ainqngz4.0\fdcard.exe
- %HOMEPATH%\Desktop\ЛС№·µјєЅ.lnk
- %PROGRAM_FILES%\kele\yunboplayer.exe
- %PROGRAM_FILES%\kele\ЛС№·µјєЅ.url
- %PROGRAM_FILES%\kele\ubohe.db
- %PROGRAM_FILES%\kele\tj.txt
- %PROGRAM_FILES%\kele\tjjrfx_70745.exe
- %PROGRAM_FILES%\kele\uboskin\app\loading.html
- %PROGRAM_FILES%\kele\uboskin\app\loading.swf
- %PROGRAM_FILES%\kele\uboskin\uboplaylist.xml
- %PROGRAM_FILES%\kele\uboskin\config.ini
- %PROGRAM_FILES%\kele\uboskin\icon.ico
- %TEMP%\nsa3.tmp\bank
- %PROGRAM_FILES%\kele\-8670_360_MM.exe
- %TEMP%\nsa3.tmp\NSISdl.dll
- %TEMP%\nsf2.tmp
- %TEMP%\nsa3.tmp\System.dll
- %PROGRAM_FILES%\kele\pczh_107_306.exe
- %PROGRAM_FILES%\kele\sg1.ico
- %PROGRAM_FILES%\kele\link.txt
- %PROGRAM_FILES%\kele\2345µјєЅ.url
- %PROGRAM_FILES%\kele\ie.ico
- %PROGRAM_FILES%\kele\uboskin\html\gbook.html
- %PROGRAM_FILES%\kele\uboskin\skin\max-1.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\max-2.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\lt.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\logo.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\logo.tif
- %PROGRAM_FILES%\kele\uboskin\skin\tv.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\zb.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\pk.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\menu.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\min.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\Close.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\bf.jpg
- %PROGRAM_FILES%\kele\uboskin\html\logo.gif
- %PROGRAM_FILES%\kele\uboskin\html\loading.html
- %PROGRAM_FILES%\kele\uboskin\html\loading.swf
- %PROGRAM_FILES%\kele\uboskin\skin\hp.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\list.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\dibulan.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\biaotilan.jpg
- %PROGRAM_FILES%\kele\uboskin\skin\bj.jpg
- %TEMP%\nsyB.tmp\Math.dll
- %TEMP%\nsyB.tmp\Inetc.dll
- %TEMP%\nsyB.tmp\Base64.dll
- %TEMP%\nsyB.tmp\md5dll.dll
- %TEMP%\nsyB.tmp\System.dll
- %TEMP%\nsyB.tmp\NSISdl.dll
- %TEMP%\nsyB.tmp\nsExec.dll
- %TEMP%\nsyB.tmp\nsD.tmp
- %TEMP%\nsa3.tmp\System.dll
- %TEMP%\nsa3.tmp\NSISdl.dll
- %TEMP%\nsa3.tmp\bank
- %TEMP%\nsn8.tmp\Mnying.exe
- %TEMP%\nsyB.tmp\nsC.tmp
- %HOMEPATH%\Templates\2220144172939343\YYM_955WD30.gif
- %TEMP%\nsn8.tmp\System.dll
- 'localhost':1047
- 'localhost':1051
- 'pp#.#dsbw.cn':80
- 'localhost':1040
- pp#.#dsbw.cn/app.txt
- DNS ASK we####.baidu.com
- DNS ASK we#.#ny8.com
- DNS ASK tj.###ingzhihui.com
- DNS ASK tj###.mny8.cn
- DNS ASK tv.###ingzhihui.com
- DNS ASK up####.aiqingzhihui.com
- DNS ASK pp#.#dsbw.cn
- DNS ASK tj.##ccms.net
- DNS ASK tj#.mny8.cn
- DNS ASK p.#.#aidu.com
- ClassName: '#32770' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'BDMOnLineWnd' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'