Technical Information
- [<HKLM>\SOFTWARE\Classes\goodPic\shell\open\command] '' = '"%APPDATA%\Roaming\goodPic\goodPicAp.exe" "%1"'
- '%TEMP%\is-BE6AI.tmp\goodPic_setup_612.tmp' /SL5="$40018,2481881,117760,%PROGRAM_FILES%\999999\goodPic_setup_612.exe" /verysilent
- '%APPDATA%\Roaming\goodPic\goodPicAp.exe' /setup_s
- '%PROGRAM_FILES%\999999\goodPic_setup_612.exe' /verysilent
- '%PROGRAM_FILES%\999999\goodpic_dae_612.exe'
- '%PROGRAM_FILES%\999999\goder.exe'
- '<SYSTEM32>\DllHost.exe' /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
- %APPDATA%\Roaming\goodPic\config\CfgTmp.zip
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\dnserrordiagoff_webOC[1]
- %APPDATA%\Roaming\goodPic\top_box.bmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cfgPicture[1].zip
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\httpErrorPagesScripts[1]
- %APPDATA%\Roaming\goodPic\config\hlib_index.db-journal
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\ErrorPageTemplate[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\errorPageStrings[1]
- %APPDATA%\Roaming\goodPic\meinvGo.url
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\goodPic\Uninstall їН»§¶Л.lnk
- %APPDATA%\Roaming\goodPic\unins000.dat
- %APPDATA%\Roaming\goodPic\plugins\is-6D615.tmp
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\goodPic\goodPic Player.lnk
- %APPDATA%\Roaming\goodPic\config\partner.ini
- %APPDATA%\Roaming\goodPic\config\profile.cfg
- %APPDATA%\Roaming\goodPic\config\config.ini
- %HOMEPATH%\Desktop\goodPic Player.lnk
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\httpErrorPagesScripts[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\navcancl[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\ErrorPageTemplate[2]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\background_gradient[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\get[1].asp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\info_48[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\bullet[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\down[1]
- %APPDATA%\Roaming\goodPic\config\hlib_block.db
- %APPDATA%\Roaming\goodPic\config\hlib_pcrc.db-journal
- %APPDATA%\Roaming\goodPic\config\hlib_index.db
- %APPDATA%\Roaming\goodPic\config\hlib_block.db-journal
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\background_gradient[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\bullet[1]
- %APPDATA%\Roaming\goodPic\config\hlib_pcrc.db
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\info_48[1]
- %TEMP%\is-90BI3.tmp\setup.jpg
- %TEMP%\is-90BI3.tmp\left_box.bmp
- %TEMP%\is-90BI3.tmp\jpg2bmp.dll
- %TEMP%\is-90BI3.tmp\MgRecommend.dll
- %TEMP%\is-90BI3.tmp\top_box.bmp
- %APPDATA%\Roaming\goodPic\is-U516V.tmp
- %TEMP%\is-90BI3.tmp\top_box.jpg
- %TEMP%\is-90BI3.tmp\setup.bmp
- %TEMP%\is-90BI3.tmp\_isetup\_shfoldr.dll
- %TEMP%\nsdC8AD.tmp\NSISdl.dll
- %PROGRAM_FILES%\999999\goder.exe
- %TEMP%\nsdC8AC.tmp
- %TEMP%\nsdC8AD.tmp\System.dll
- %TEMP%\is-BE6AI.tmp\goodPic_setup_612.tmp
- %TEMP%\is-90BI3.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\999999\goodpic_dae_612.exe
- %PROGRAM_FILES%\999999\goodPic_setup_612.exe
- %APPDATA%\Roaming\goodPic\is-ER72L.tmp
- %APPDATA%\Roaming\goodPic\is-T73KV.tmp
- %APPDATA%\Roaming\goodPic\is-CQ1B7.tmp
- %APPDATA%\Roaming\goodPic\is-0NP88.tmp
- %APPDATA%\Roaming\goodPic\config\is-BF1QP.tmp
- %APPDATA%\Roaming\goodPic\plugins\is-DC8OL.tmp
- %APPDATA%\Roaming\goodPic\is-LUFNP.tmp
- %APPDATA%\Roaming\goodPic\is-UE6A2.tmp
- %APPDATA%\Roaming\goodPic\is-8CB72.tmp
- %APPDATA%\Roaming\goodPic\is-4JPQ0.tmp
- %APPDATA%\Roaming\goodPic\is-OQKDG.tmp
- %APPDATA%\Roaming\goodPic\is-95V9H.tmp
- %APPDATA%\Roaming\goodPic\is-MSMPI.tmp
- %APPDATA%\Roaming\goodPic\is-N22IQ.tmp
- %APPDATA%\Roaming\goodPic\is-VBOOF.tmp
- %APPDATA%\Roaming\goodPic\is-SMR55.tmp
- %APPDATA%\Roaming\goodPic\is-64DAN.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\ErrorPageTemplate[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\httpErrorPagesScripts[1]
- %APPDATA%\Roaming\goodPic\config\hlib_index.db-journal
- %APPDATA%\Roaming\goodPic\config\hlib_block.db-journal
- %APPDATA%\Roaming\goodPic\config\hlib_pcrc.db-journal
- %PROGRAM_FILES%\999999\goder.exe
- %TEMP%\nsdC8AD.tmp\NSISdl.dll
- %TEMP%\nsdC8AD.tmp\System.dll
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\info_48[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\bullet[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\background_gradient[1]
- %APPDATA%\Roaming\goodPic\config\profile.cfg
- %TEMP%\is-90BI3.tmp\MgRecommend.dll
- %TEMP%\is-90BI3.tmp\setup.bmp
- %TEMP%\is-90BI3.tmp\setup.jpg
- %APPDATA%\Roaming\goodPic\goodPic.exe
- %TEMP%\is-90BI3.tmp\jpg2bmp.dll
- %TEMP%\is-90BI3.tmp\left_box.bmp
- %TEMP%\is-90BI3.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-BE6AI.tmp\goodPic_setup_612.tmp
- %PROGRAM_FILES%\999999\goodPic_setup_612.exe
- %TEMP%\is-90BI3.tmp\top_box.bmp
- %TEMP%\is-90BI3.tmp\top_box.jpg
- %TEMP%\is-90BI3.tmp\_isetup\_RegDLL.tmp
- from %APPDATA%\Roaming\goodPic\is-T73KV.tmp to %APPDATA%\Roaming\goodPic\msvcr71.dll
- from %APPDATA%\Roaming\goodPic\is-LUFNP.tmp to %APPDATA%\Roaming\goodPic\ppxa.dll
- from %APPDATA%\Roaming\goodPic\is-ER72L.tmp to %APPDATA%\Roaming\goodPic\msvcr110.dll
- from %APPDATA%\Roaming\goodPic\is-CQ1B7.tmp to %APPDATA%\Roaming\goodPic\msvcp110.dll
- from %APPDATA%\Roaming\goodPic\is-0NP88.tmp to %APPDATA%\Roaming\goodPic\msvcp71.dll
- from %APPDATA%\Roaming\goodPic\plugins\is-6D615.tmp to %APPDATA%\Roaming\goodPic\plugins\TransmitLayer.dll
- from %APPDATA%\Roaming\goodPic\config\profile.cfg.new to %APPDATA%\Roaming\goodPic\config\profile.cfg
- from %APPDATA%\Roaming\goodPic\plugins\is-DC8OL.tmp to %APPDATA%\Roaming\goodPic\plugins\mnGLnk.dll
- from %APPDATA%\Roaming\goodPic\is-UE6A2.tmp to %APPDATA%\Roaming\goodPic\sqlite3.dll
- from %APPDATA%\Roaming\goodPic\config\is-BF1QP.tmp to %APPDATA%\Roaming\goodPic\config\init.config.ini
- from %APPDATA%\Roaming\goodPic\is-4JPQ0.tmp to %APPDATA%\Roaming\goodPic\goodPicAp.exe
- from %APPDATA%\Roaming\goodPic\is-OQKDG.tmp to %APPDATA%\Roaming\goodPic\jpg2bmp.dll
- from %APPDATA%\Roaming\goodPic\is-MSMPI.tmp to %APPDATA%\Roaming\goodPic\goodPic.exe
- from %APPDATA%\Roaming\goodPic\is-U516V.tmp to %APPDATA%\Roaming\goodPic\unins000.exe
- from %APPDATA%\Roaming\goodPic\is-95V9H.tmp to %APPDATA%\Roaming\goodPic\goodPic.exe
- from %APPDATA%\Roaming\goodPic\is-VBOOF.tmp to %APPDATA%\Roaming\goodPic\MGIconLib.dll
- from %APPDATA%\Roaming\goodPic\is-8CB72.tmp to %APPDATA%\Roaming\goodPic\MgRecommend.dll
- from %APPDATA%\Roaming\goodPic\is-N22IQ.tmp to %APPDATA%\Roaming\goodPic\MFC71.dll
- from %APPDATA%\Roaming\goodPic\is-SMR55.tmp to %APPDATA%\Roaming\goodPic\meinvGo.ico
- from %APPDATA%\Roaming\goodPic\is-64DAN.tmp to %APPDATA%\Roaming\goodPic\meinvGo.url
- 'qu###.mgbox.cn':80
- 're#.#gbox.cn':1863
- 'da##.#ost.yiyij.com':80
- 're#.#gbox.cn':80
- 'qu###.mgbox.cn':1865
- 'localhost':60191
- '12#.#32.146.41':8080
- 'www.mg##x.cn':80
- 'xu#.###ogin2.tenpay.com':443
- www.mg##x.cn/conf/cfgPicture.zip
- DNS ASK xu#.###ogin2.tenpay.com
- DNS ASK re#.#gbox.cn
- DNS ASK da##.#ost.yiyij.com
- DNS ASK www.mg##x.cn
- DNS ASK dn#.##ftncsi.com
- DNS ASK rc.#gbox.cn
- DNS ASK qu###.mgbox.cn
- 're#.#gbox.cn':1863
- 'qu###.mgbox.cn':1865
- 'rc.#gbox.cn':1868
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebCheckMonitor' WindowName: '(null)'
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'
- ClassName: 'mbshow_class' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'mbshow_classgoodPic_title'