Technical Information
- [<HKLM>\System\CurrentControlSet\Services\mctysem.exe] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\mctysem.exe] 'ImagePath' = '<Full path to file>'
- '<File name>.exe' <Full path to file>
- <Current directory>\clientdata
- %HOMEPATH%\temp\client_cfg
- %APPDATA%\momiaonewinfo\client_cfg
- %HOMEPATH%\temp\a0b11c3d20e3f96g.exe
- 'yu###########43135.cos.ap-chengdu.myqcloud.com':80
- '02.##ngbf.com':80
- 'localhost':49176
- 'localhost':49178
- 'localhost':49181
- 'localhost':49183
- 'ap#.##minsdata.com':80
- http://yu###########43135.cos.ap-chengdu.myqcloud.com/config/updata_confignew
- http://ap#.##minsdata.com/api/manager/device/promote-packages/?sh###########################################
- 'localhost':49176
- 'localhost':49178
- 'localhost':49179
- 'localhost':49181
- 'localhost':49183
- 'localhost':49184
- DNS ASK yu###########43135.cos.ap-chengdu.myqcloud.com
- DNS ASK 02.##ngbf.com
- DNS ASK ap#.##minsdata.com