Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Menology' = '%APPDATA%\Menology\MenologyBox.exe /start'
- [<HKLM>\SYSTEM\ControlSet001\Services\Energys Service152014494853187] 'Start' = '00000002'
- '%TEMP%\nsn6.tmp\ns8.tmp' sc description "Energys Service152014494853187" "Energys Service352014494853187"
- '%TEMP%\nsn6.tmp\ns7.tmp' sc create "Energys Service152014494853187" displayname= "252014494853187" binPath= "%PROGRAM_FILES%\ainqngz4.7\energy.exe" start= auto
- '%PROGRAM_FILES%\ainqngz4.7\kinetic.exe' /s/s
- '%PROGRAM_FILES%\ainqngz4.7\Ainqngz4.7.exe'
- '%APPDATA%\Menology\MenologyQuick.exe' MenologyQuick
- '%PROGRAM_FILES%\wannengrili\calendar_s[127].exe'
- '%PROGRAM_FILES%\wannengrili\pczh_107_1.exe'
- '%APPDATA%\Menology\MenologyBox.exe' /install
- '%PROGRAM_FILES%\wannengrili\yunboplayer.exe'
- '<SYSTEM32>\sc.exe' description "Energys Service152014494853187" "Energys Service352014494853187"
- '<SYSTEM32>\sc.exe' create "Energys Service152014494853187" displayname= "252014494853187" binPath= "%PROGRAM_FILES%\ainqngz4.7\energy.exe" start= auto
- %ALLUSERSPROFILE%\Desktop\?nEO»?Au.lnk
- %HOMEPATH%\My Documents\Menology\config\soft.inf
- %APPDATA%\Menology\Skins\yun.png
- %APPDATA%\Menology\Uninst.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\active[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\tongji0623[1].php
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\?nEO»?Au.lnk
- %TEMP%\nsn6.tmp\NSISdl.dll
- %APPDATA%\Menology\Skins\Search\la_focus.png
- %APPDATA%\Menology\Skins\Search\la_select.png
- %APPDATA%\Menology\Skins\Mini\min.png
- %APPDATA%\Menology\Skins\Search\bg_icon.png
- %APPDATA%\Menology\Skins\set.png
- %APPDATA%\Menology\Skins\small_bg.png
- %APPDATA%\Menology\Skins\Search\left.png
- %APPDATA%\Menology\Skins\Search\right.png
- %TEMP%\nsn6.tmp\ns7.tmp
- %TEMP%\nsn6.tmp\ns8.tmp
- %HOMEPATH%\Start Menu\Programs\°®Зй.ЦЗ»Ы.4.7\°®Зй.ЦЗ»Ы.4.7.lnk
- %TEMP%\nsn6.tmp\nsExec.dll
- %TEMP%\nsn6.tmp\md5dll.dll
- %TEMP%\nsn6.tmp\Inetc.dll
- %HOMEPATH%\Desktop\°®Зй.ЦЗ»Ы.4.7.lnk
- %TEMP%\nsn6.tmp\Math.dll
- %HOMEPATH%\Templates\52014494853187\YYM_955WD30.gif
- %PROGRAM_FILES%\ainqngz4.7\Ainqngz4.7.exe
- %HOMEPATH%\My Documents\Menology\config\Assist\cybercafe.conf
- %HOMEPATH%\My Documents\Menology\config\Assist\mnconf.conf
- %PROGRAM_FILES%\ainqngz4.7\energy.exe
- %HOMEPATH%\Start Menu\Programs\°®Зй.ЦЗ»Ы.4.7\Р¶ФШ.lnk
- %PROGRAM_FILES%\ainqngz4.7\uninstall.exe
- %PROGRAM_FILES%\ainqngz4.7\kinetic.exe
- %APPDATA%\Menology\Skins\Mini\close.png
- %TEMP%\nsn6.tmp\Base64.dll
- %TEMP%\nsn6.tmp\System.dll
- %PROGRAM_FILES%\wannengrili\uboskin\config.ini
- %TEMP%\nsh5.tmp
- %APPDATA%\Menology\config\TipsConfig.ini
- %APPDATA%\Menology\config\TitleConfig.ini
- %APPDATA%\Menology\AssistModule.dll
- %APPDATA%\Menology\config\SearchConfig.ini
- %TEMP%\nsb3.tmp\NSISdl.dll
- %TEMP%\nsb3.tmp\oper
- %TEMP%\nsr2.tmp
- %TEMP%\nsb3.tmp\System.dll
- %PROGRAM_FILES%\wannengrili\tj.txt
- %PROGRAM_FILES%\wannengrili\yunboplayer.exe
- %PROGRAM_FILES%\wannengrili\calendar_s[127].exe
- %PROGRAM_FILES%\wannengrili\pczh_107_1.exe
- %APPDATA%\Menology\Skins\Menu\menuright.png
- %APPDATA%\Menology\Skins\Menu\menurmark.png
- %APPDATA%\Menology\Skins\life.png
- %APPDATA%\Menology\Skins\line.png
- %APPDATA%\Menology\Skins\Menu\menu_bg.png
- %APPDATA%\Menology\Skins\Mini\bakground.png
- %APPDATA%\Menology\Skins\Menu\menuselectbar.png
- %APPDATA%\Menology\Skins\Menu\menuseparator.png
- %APPDATA%\Menology\Disconnect\disconnect.jpg
- %APPDATA%\Menology\MenologyBox.exe
- %APPDATA%\Menology\data\data.bin
- %APPDATA%\Menology\Disconnect\disconnect.html
- %APPDATA%\Menology\Skins\game.png
- %APPDATA%\Menology\Skins\joke.png
- %APPDATA%\Menology\MenologyQuick.exe
- %APPDATA%\Menology\Skins\bk.png
- %TEMP%\nsn6.tmp\Math.dll
- %TEMP%\nsn6.tmp\Inetc.dll
- %TEMP%\nsn6.tmp\Base64.dll
- %TEMP%\nsn6.tmp\md5dll.dll
- %TEMP%\nsn6.tmp\System.dll
- %TEMP%\nsn6.tmp\NSISdl.dll
- %TEMP%\nsn6.tmp\nsExec.dll
- %TEMP%\nsb3.tmp\System.dll
- %TEMP%\nsb3.tmp\oper
- %TEMP%\nsb3.tmp\NSISdl.dll
- %HOMEPATH%\My Documents\Menology\config\Assist\cybercafe.conf
- %TEMP%\nsn6.tmp\ns8.tmp
- %TEMP%\nsn6.tmp\ns7.tmp
- %HOMEPATH%\Templates\52014494853187\YYM_955WD30.gif
- 'tj.##ccms.net':80
- 'hl.###gren123.com':80
- 'localhost':1052
- 'm.####ren123.com':80
- 'localhost':1040
- 'so###.dllst.cn':80
- 'localhost':1046
- 'localhost':1041
- m.####ren123.comhttp://m.wangren123.com/config/process/cybercafe.xml
- m.####ren123.comhttp://m.wangren123.com/config/norfig/127.xml
- tj.##ccms.net/tongji0623.php?fl######################################################################################################################
- so###.dllst.cn/app.txt
- hl.###gren123.com/tj/active.html?ti#############
- DNS ASK in#.###ol.sina.com.cn
- DNS ASK www.ip##8.com
- DNS ASK tv.###ingzhihui.com
- DNS ASK to####.aiqingzhihui.com
- DNS ASK up####.aiqingzhihui.com
- DNS ASK hl.###gren123.com
- DNS ASK so###.dllst.cn
- DNS ASK tj.##ccms.net
- DNS ASK m.####ren123.com
- '11#.#8.23.196':3201
- ClassName: '#32770' WindowName: '????????'
- ClassName: '#32770' WindowName: '????????????????'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'