Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to file>' = '<Full path to file>:*:Enabled:іИЧУдЇААЖч'
- %HOMEPATH%\AppData\LocalLow\KfeExplorer\Cache\SearchUrls.dat
- %TEMP%\_tmp15.bat
- %ALLUSERSPROFILE%\Application Data\chengziie\popset.ini
- %HOMEPATH%\AppData\LocalLow\KfeExplorer\Cache\TypedURLs.dat
- %HOMEPATH%\AppData\LocalLow\KfeExplorer\Cache\Icon\www.baidu.com.ico
- 'localhost':1041
- '12#.#25.114.144':80
- 'cj#.##engziie.com':8900
- http://www.ba##u.com/favicon.ico via 12#.#25.114.144
- DNS ASK cj#.##engziie.com
- DNS ASK ad###.chengziie.com
- DNS ASK www.ba##u.com
- DNS ASK cl####.chengziie.com
- DNS ASK cl###.chengziie.com
- DNS ASK cl#####t.chengziie.com
- DNS ASK cl#####.chengziie.com
- 'cj#.##engziie.com':8899
- 'cl####.chengziie.com':4092
- 'ad###.chengziie.com':4261
- 'cl###.chengziie.com':4091
- 'cl#####t.chengziie.com':4092
- 'cl#####.chengziie.com':4091
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<Full path to file>' /ache
- '<SYSTEM32>\cmd.exe' /c %TEMP%\_tmp15.bat
- '<SYSTEM32>\sc.exe' stop UI0Detect
- '<SYSTEM32>\sc.exe' config UI0Detect start= disabled