Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\windows.asp] 'Start' = '00000002'
- %CommonProgramFiles%\Microsoft Shared\MSInfo\Server101.exe
- <SYSTEM32>\dumprep.exe 3812 -dm 7 7 %TEMP%\WER7ac7.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3812 -dm 7 7 %TEMP%\WER7ac7.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3760 -dm 7 7 %TEMP%\WER43b3.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3916 -dm 7 7 %TEMP%\WERce3b.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3864 -dm 7 7 %TEMP%\WER944a.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3864 -dm 7 7 %TEMP%\WER944a.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3640 -dm 7 7 %TEMP%\WERf00f.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3640 -dm 7 7 %TEMP%\WERf00f.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3584 -dm 7 7 %TEMP%\WERd946.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3760 -dm 7 7 %TEMP%\WER43b3.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3708 -dm 7 7 %TEMP%\WER2b4b.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3708 -dm 7 7 %TEMP%\WER2b4b.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3916 -dm 7 7 %TEMP%\WERce3b.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 412 -dm 7 7 %TEMP%\WER890c.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 1752 -dm 7 7 %TEMP%\WER58ab.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 1752 -dm 7 7 %TEMP%\WER58ab.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 552 -dm 7 7 %TEMP%\WERb068.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 552 -dm 7 7 %TEMP%\WERb068.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 412 -dm 7 7 %TEMP%\WER890c.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 4032 -dm 7 7 %TEMP%\WER1fd4.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3968 -dm 7 7 %TEMP%\WERe6c3.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3968 -dm 7 7 %TEMP%\WERe6c3.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 4084 -dm 7 7 %TEMP%\WER3897.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 4084 -dm 7 7 %TEMP%\WER3897.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 4032 -dm 7 7 %TEMP%\WER1fd4.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3584 -dm 7 7 %TEMP%\WERd946.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3084 -dm 7 7 %TEMP%\WER7604.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3084 -dm 7 7 %TEMP%\WER7604.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3032 -dm 7 7 %TEMP%\WER5953.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3192 -dm 7 7 %TEMP%\WERcb04.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3140 -dm 7 7 %TEMP%\WERacbd.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3140 -dm 7 7 %TEMP%\WERacbd.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\cmd.exe /c "%CommonProgramFiles%\Microsoft Shared\MSINFO\DelSvel.bat"
- <SYSTEM32>\dumprep.exe 2864 -dm 7 7 %TEMP%\WER2aa7.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\calc.exe
- <SYSTEM32>\dumprep.exe 3032 -dm 7 7 %TEMP%\WER5953.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\rundll32.exe <SYSTEM32>\sysdm.cpl,NoExecuteProcessException <SYSTEM32>\calc.exe
- <SYSTEM32>\dumprep.exe 2864 -dm 7 7 %TEMP%\WER2aa7.dir00\calc.exe.hdmp 16325836412027120
- <SYSTEM32>\dumprep.exe 3192 -dm 7 7 %TEMP%\WERcb04.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3480 -dm 7 7 %TEMP%\WER8716.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3424 -dm 7 7 %TEMP%\WER6eed.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3424 -dm 7 7 %TEMP%\WER6eed.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3532 -dm 7 7 %TEMP%\WERbdb9.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3532 -dm 7 7 %TEMP%\WERbdb9.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3480 -dm 7 7 %TEMP%\WER8716.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3312 -dm 7 7 %TEMP%\WER195c.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3252 -dm 7 7 %TEMP%\WERe3bd.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3252 -dm 7 7 %TEMP%\WERe3bd.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3372 -dm 7 7 %TEMP%\WER312c.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\dumprep.exe 3372 -dm 7 7 %TEMP%\WER312c.dir00\calc.exe.mdmp 16325836412027100
- <SYSTEM32>\dumprep.exe 3312 -dm 7 7 %TEMP%\WER195c.dir00\calc.exe.hdmp 16325836412027112
- <SYSTEM32>\calc.exe
- %TEMP%\WER7ac7.dir00\calc.exe.mdmp
- %TEMP%\WER7ac7.dir00\calc.exe.hdmp
- %TEMP%\WER7ac7.dir00\appcompat.txt
- %TEMP%\WER43b3.dir00\calc.exe.hdmp
- %TEMP%\WER43b3.dir00\appcompat.txt
- %TEMP%\WER43b3.dir00\manifest.txt
- %TEMP%\WER944a.dir00\appcompat.txt
- %TEMP%\WER944a.dir00\manifest.txt
- %TEMP%\WERce3b.dir00\calc.exe.mdmp
- %TEMP%\WER7ac7.dir00\manifest.txt
- %TEMP%\WER944a.dir00\calc.exe.mdmp
- %TEMP%\WER944a.dir00\calc.exe.hdmp
- %TEMP%\WERf00f.dir00\calc.exe.mdmp
- %TEMP%\WERf00f.dir00\calc.exe.hdmp
- %TEMP%\WERf00f.dir00\appcompat.txt
- %TEMP%\WERd946.dir00\calc.exe.hdmp
- %TEMP%\WERd946.dir00\appcompat.txt
- %TEMP%\WERd946.dir00\manifest.txt
- %TEMP%\WER2b4b.dir00\appcompat.txt
- %TEMP%\WER2b4b.dir00\manifest.txt
- %TEMP%\WER43b3.dir00\calc.exe.mdmp
- %TEMP%\WERf00f.dir00\manifest.txt
- %TEMP%\WER2b4b.dir00\calc.exe.mdmp
- %TEMP%\WER2b4b.dir00\calc.exe.hdmp
- %TEMP%\WER58ab.dir00\calc.exe.mdmp
- %TEMP%\WER58ab.dir00\calc.exe.hdmp
- %TEMP%\WER58ab.dir00\appcompat.txt
- %TEMP%\WER3897.dir00\calc.exe.hdmp
- %TEMP%\WER3897.dir00\appcompat.txt
- %TEMP%\WER3897.dir00\manifest.txt
- %TEMP%\WER890c.dir00\appcompat.txt
- %TEMP%\WER890c.dir00\manifest.txt
- %TEMP%\WERb068.dir00\calc.exe.mdmp
- %TEMP%\WER58ab.dir00\manifest.txt
- %TEMP%\WER890c.dir00\calc.exe.mdmp
- %TEMP%\WER890c.dir00\calc.exe.hdmp
- %TEMP%\WERe6c3.dir00\calc.exe.mdmp
- %TEMP%\WERe6c3.dir00\calc.exe.hdmp
- %TEMP%\WERe6c3.dir00\appcompat.txt
- %TEMP%\WERce3b.dir00\calc.exe.hdmp
- %TEMP%\WERce3b.dir00\appcompat.txt
- %TEMP%\WERce3b.dir00\manifest.txt
- %TEMP%\WER1fd4.dir00\appcompat.txt
- %TEMP%\WER1fd4.dir00\manifest.txt
- %TEMP%\WER3897.dir00\calc.exe.mdmp
- %TEMP%\WERe6c3.dir00\manifest.txt
- %TEMP%\WER1fd4.dir00\calc.exe.mdmp
- %TEMP%\WER1fd4.dir00\calc.exe.hdmp
- %TEMP%\WERacbd.dir00\calc.exe.mdmp
- %TEMP%\WERacbd.dir00\calc.exe.hdmp
- %TEMP%\WERacbd.dir00\appcompat.txt
- %TEMP%\WER7604.dir00\calc.exe.hdmp
- %TEMP%\WER7604.dir00\appcompat.txt
- %TEMP%\WER7604.dir00\manifest.txt
- %TEMP%\WERcb04.dir00\appcompat.txt
- %TEMP%\WERcb04.dir00\manifest.txt
- %TEMP%\WERe3bd.dir00\calc.exe.mdmp
- %TEMP%\WERacbd.dir00\manifest.txt
- %TEMP%\WERcb04.dir00\calc.exe.mdmp
- %TEMP%\WERcb04.dir00\calc.exe.hdmp
- %TEMP%\WER2aa7.dir00\calc.exe.mdmp
- %TEMP%\WER2aa7.dir00\calc.exe.hdmp
- %TEMP%\WER2aa7.dir00\appcompat.txt
- %CommonProgramFiles%\Microsoft Shared\MSInfo\Server101.exe
- <SYSTEM32>\_Server101.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\DelSvel.bat
- %TEMP%\WER5953.dir00\appcompat.txt
- %TEMP%\WER5953.dir00\manifest.txt
- %TEMP%\WER7604.dir00\calc.exe.mdmp
- %TEMP%\WER2aa7.dir00\manifest.txt
- %TEMP%\WER5953.dir00\calc.exe.mdmp
- %TEMP%\WER5953.dir00\calc.exe.hdmp
- %TEMP%\WER8716.dir00\calc.exe.mdmp
- %TEMP%\WER8716.dir00\calc.exe.hdmp
- %TEMP%\WER8716.dir00\appcompat.txt
- %TEMP%\WER6eed.dir00\calc.exe.hdmp
- %TEMP%\WER6eed.dir00\appcompat.txt
- %TEMP%\WER6eed.dir00\manifest.txt
- %TEMP%\WERbdb9.dir00\appcompat.txt
- %TEMP%\WERbdb9.dir00\manifest.txt
- %TEMP%\WERd946.dir00\calc.exe.mdmp
- %TEMP%\WER8716.dir00\manifest.txt
- %TEMP%\WERbdb9.dir00\calc.exe.mdmp
- %TEMP%\WERbdb9.dir00\calc.exe.hdmp
- %TEMP%\WER195c.dir00\calc.exe.mdmp
- %TEMP%\WER195c.dir00\calc.exe.hdmp
- %TEMP%\WER195c.dir00\appcompat.txt
- %TEMP%\WERe3bd.dir00\calc.exe.hdmp
- %TEMP%\WERe3bd.dir00\appcompat.txt
- %TEMP%\WERe3bd.dir00\manifest.txt
- %TEMP%\WER312c.dir00\appcompat.txt
- %TEMP%\WER312c.dir00\manifest.txt
- %TEMP%\WER6eed.dir00\calc.exe.mdmp
- %TEMP%\WER195c.dir00\manifest.txt
- %TEMP%\WER312c.dir00\calc.exe.mdmp
- %TEMP%\WER312c.dir00\calc.exe.hdmp
- <SYSTEM32>\_Server101.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\Server101.exe
- 'ky###.py8.cn':80
- ky###.py8.cn/ip.txt
- DNS ASK ky###.py8.cn
- ClassName: 'TRE1001HS' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''