Technical Information
- [<HKLM>\SOFTWARE\Classes\goodPic\shell\open\command] '' = '"%APPDATA%\Roaming\goodPic\goodPicAp.exe" "%1"'
- '%TEMP%\is-RIG9D.tmp\goodPic_setup_612.tmp' /SL5="$10192,2481881,117760,%PROGRAM_FILES%\999999\goodPic_setup_612.exe" /verysilent
- '%APPDATA%\Roaming\goodPic\goodPicAp.exe' /setup_s
- '%PROGRAM_FILES%\999999\goodPic_setup_612.exe' /verysilent
- '%PROGRAM_FILES%\999999\goodpic_dae_612.exe'
- '%PROGRAM_FILES%\999999\goder1.exe'
- '<SYSTEM32>\DllHost.exe' /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
- %APPDATA%\Roaming\goodPic\meinvGo.url
- %APPDATA%\Roaming\goodPic\config\profile.cfg
- %APPDATA%\Roaming\goodPic\config\partner.ini
- %APPDATA%\Roaming\goodPic\top_box.bmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\dnserrordiagoff_webOC[1]
- %APPDATA%\Roaming\goodPic\config\CfgTmp.zip
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cfgPicture[1].zip
- %HOMEPATH%\Desktop\goodPic Player.lnk
- %APPDATA%\Roaming\goodPic\plugins\is-T6IL8.tmp
- %APPDATA%\Roaming\goodPic\plugins\is-QHJG0.tmp
- %APPDATA%\Roaming\goodPic\config\is-FQVHD.tmp
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\goodPic\goodPic Player.lnk
- %APPDATA%\Roaming\goodPic\config\config.ini
- %APPDATA%\Roaming\goodPic\unins000.dat
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\goodPic\Uninstall їН»§¶Л.lnk
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\ErrorPageTemplate[1]
- %APPDATA%\Roaming\goodPic\config\hlib_pcrc.db-journal
- %APPDATA%\Roaming\goodPic\config\hlib_block.db
- %APPDATA%\Roaming\goodPic\config\hlib_block.db-journal
- %APPDATA%\Roaming\goodPic\config\hlib_pcrc.db
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bullet[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\background_gradient[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\info_48[1]
- %APPDATA%\Roaming\goodPic\config\hlib_index.db
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\navcancl[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\httpErrorPagesScripts[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\ErrorPageTemplate[2]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\httpErrorPagesScripts[1]
- %APPDATA%\Roaming\goodPic\config\hlib_index.db-journal
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\errorPageStrings[1]
- %TEMP%\is-D9L5V.tmp\setup.jpg
- %TEMP%\is-D9L5V.tmp\MgRecommend.dll
- %TEMP%\is-D9L5V.tmp\jpg2bmp.dll
- %TEMP%\is-D9L5V.tmp\left_box.bmp
- %TEMP%\is-D9L5V.tmp\top_box.bmp
- %TEMP%\is-D9L5V.tmp\setup.bmp
- %TEMP%\is-D9L5V.tmp\top_box.jpg
- %TEMP%\is-D9L5V.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\999999\goder1.exe
- %TEMP%\nsdB57B.tmp\NSISdl.dll
- %TEMP%\nsnB57A.tmp
- %PROGRAM_FILES%\999999\goodpic_dae_612.exe
- %TEMP%\is-D9L5V.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-RIG9D.tmp\goodPic_setup_612.tmp
- %PROGRAM_FILES%\999999\goodPic_setup_612.exe
- %APPDATA%\Roaming\goodPic\is-JN9RF.tmp
- %APPDATA%\Roaming\goodPic\is-3OJEE.tmp
- %APPDATA%\Roaming\goodPic\is-MFLUQ.tmp
- %APPDATA%\Roaming\goodPic\is-Q3L9H.tmp
- %APPDATA%\Roaming\goodPic\is-MIHMT.tmp
- %APPDATA%\Roaming\goodPic\is-N51EB.tmp
- %APPDATA%\Roaming\goodPic\is-AUGOJ.tmp
- %APPDATA%\Roaming\goodPic\is-FP74F.tmp
- %APPDATA%\Roaming\goodPic\is-TH92T.tmp
- %APPDATA%\Roaming\goodPic\is-DFK30.tmp
- %APPDATA%\Roaming\goodPic\is-USHOT.tmp
- %APPDATA%\Roaming\goodPic\is-JDD6B.tmp
- %APPDATA%\Roaming\goodPic\is-D90NM.tmp
- %APPDATA%\Roaming\goodPic\is-69568.tmp
- %APPDATA%\Roaming\goodPic\is-AUN05.tmp
- %APPDATA%\Roaming\goodPic\is-5KDAD.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\ErrorPageTemplate[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\errorPageStrings[1]
- %APPDATA%\Roaming\goodPic\config\profile.cfg
- %TEMP%\is-RIG9D.tmp\goodPic_setup_612.tmp
- %PROGRAM_FILES%\999999\goodPic_setup_612.exe
- %APPDATA%\Roaming\goodPic\config\hlib_pcrc.db-journal
- %TEMP%\nsdB57B.tmp\NSISdl.dll
- %APPDATA%\Roaming\goodPic\config\hlib_block.db-journal
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\httpErrorPagesScripts[1]
- %APPDATA%\Roaming\goodPic\config\hlib_index.db-journal
- %TEMP%\is-D9L5V.tmp\MgRecommend.dll
- %TEMP%\is-D9L5V.tmp\setup.bmp
- %TEMP%\is-D9L5V.tmp\left_box.bmp
- %APPDATA%\Roaming\goodPic\goodPic.exe
- %TEMP%\is-D9L5V.tmp\jpg2bmp.dll
- %TEMP%\is-D9L5V.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-D9L5V.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-D9L5V.tmp\top_box.jpg
- %TEMP%\is-D9L5V.tmp\setup.jpg
- %TEMP%\is-D9L5V.tmp\top_box.bmp
- from %APPDATA%\Roaming\goodPic\is-FP74F.tmp to %APPDATA%\Roaming\goodPic\msvcr71.dll
- from %APPDATA%\Roaming\goodPic\is-AUGOJ.tmp to %APPDATA%\Roaming\goodPic\ppxa.dll
- from %APPDATA%\Roaming\goodPic\is-MIHMT.tmp to %APPDATA%\Roaming\goodPic\msvcr110.dll
- from %APPDATA%\Roaming\goodPic\is-MFLUQ.tmp to %APPDATA%\Roaming\goodPic\msvcp110.dll
- from %APPDATA%\Roaming\goodPic\is-3OJEE.tmp to %APPDATA%\Roaming\goodPic\msvcp71.dll
- from %APPDATA%\Roaming\goodPic\plugins\is-T6IL8.tmp to %APPDATA%\Roaming\goodPic\plugins\TransmitLayer.dll
- from %APPDATA%\Roaming\goodPic\config\profile.cfg.new to %APPDATA%\Roaming\goodPic\config\profile.cfg
- from %APPDATA%\Roaming\goodPic\plugins\is-QHJG0.tmp to %APPDATA%\Roaming\goodPic\plugins\mnGLnk.dll
- from %APPDATA%\Roaming\goodPic\is-N51EB.tmp to %APPDATA%\Roaming\goodPic\sqlite3.dll
- from %APPDATA%\Roaming\goodPic\config\is-FQVHD.tmp to %APPDATA%\Roaming\goodPic\config\init.config.ini
- from %APPDATA%\Roaming\goodPic\is-DFK30.tmp to %APPDATA%\Roaming\goodPic\goodPicAp.exe
- from %APPDATA%\Roaming\goodPic\is-D90NM.tmp to %APPDATA%\Roaming\goodPic\jpg2bmp.dll
- from %APPDATA%\Roaming\goodPic\is-USHOT.tmp to %APPDATA%\Roaming\goodPic\goodPic.exe
- from %APPDATA%\Roaming\goodPic\is-JN9RF.tmp to %APPDATA%\Roaming\goodPic\unins000.exe
- from %APPDATA%\Roaming\goodPic\is-JDD6B.tmp to %APPDATA%\Roaming\goodPic\goodPic.exe
- from %APPDATA%\Roaming\goodPic\is-TH92T.tmp to %APPDATA%\Roaming\goodPic\MGIconLib.dll
- from %APPDATA%\Roaming\goodPic\is-Q3L9H.tmp to %APPDATA%\Roaming\goodPic\MgRecommend.dll
- from %APPDATA%\Roaming\goodPic\is-69568.tmp to %APPDATA%\Roaming\goodPic\MFC71.dll
- from %APPDATA%\Roaming\goodPic\is-5KDAD.tmp to %APPDATA%\Roaming\goodPic\meinvGo.ico
- from %APPDATA%\Roaming\goodPic\is-AUN05.tmp to %APPDATA%\Roaming\goodPic\meinvGo.url
- 're#.#gbox.cn':1863
- 'qu###.mgbox.cn':1865
- 're#.#gbox.cn':80
- 'qu###.mgbox.cn':80
- 'localhost':59674
- '12#.#32.146.41':8080
- 'xu#.###ogin2.tenpay.com':443
- 'www.mg##x.cn':80
- www.mg##x.cn/conf/cfgPicture.zip
- DNS ASK re#.#gbox.cn
- DNS ASK www.mg##x.cn
- DNS ASK xu#.###ogin2.tenpay.com
- DNS ASK qu###.mgbox.cn
- DNS ASK rc.#gbox.cn
- DNS ASK dn#.##ftncsi.com
- 'rc.#gbox.cn':1868
- 'qu###.mgbox.cn':1865
- 're#.#gbox.cn':1863
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebCheckMonitor' WindowName: '(null)'
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'
- ClassName: 'mbshow_class' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'mbshow_classgoodPic_title'