Technical Information
- <SYSTEM32>\wscript.exe "%PROGRAM_FILES%\soft284101\b_2801.vbe"
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.21##.net/dongzuo/12801/play.html
- %PROGRAM_FILES%\rayying\skin\0003\rbbar.bmp
- %PROGRAM_FILES%\rayying\skin\0003\noactivetab.png
- %PROGRAM_FILES%\rayying\skin\0003\rbbar24.bmp
- %PROGRAM_FILES%\rayying\skin\0003\rbbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0003\noactivetab.bmp
- %PROGRAM_FILES%\rayying\skin\0003\maxactive.bmp
- %PROGRAM_FILES%\rayying\skin\0003\max.bmp
- %PROGRAM_FILES%\rayying\skin\0003\minactive.bmp
- %PROGRAM_FILES%\rayying\skin\0003\min.bmp
- %PROGRAM_FILES%\rayying\skin\0003\restore.bmp
- %PROGRAM_FILES%\rayying\skin\0003\title.bmp
- %PROGRAM_FILES%\rayying\skin\0003\tabfav.bmp
- %PROGRAM_FILES%\rayying\skin\0003\xiala.bmp
- %PROGRAM_FILES%\rayying\skin\0003\title1.bmp
- %PROGRAM_FILES%\rayying\skin\0003\tabbttom.bmp
- %PROGRAM_FILES%\rayying\skin\0003\skin.ini
- %PROGRAM_FILES%\rayying\skin\0003\restoreactive.bmp
- %PROGRAM_FILES%\rayying\skin\0003\tab.bmp
- %PROGRAM_FILES%\rayying\skin\0003\status.bmp
- %PROGRAM_FILES%\rayying\skin\0002\title.bmp
- %PROGRAM_FILES%\rayying\skin\0002\tabfav.bmp
- %PROGRAM_FILES%\rayying\skin\0002\xiala.bmp
- %PROGRAM_FILES%\rayying\skin\0002\title1.bmp
- %PROGRAM_FILES%\rayying\skin\0002\tabbttom.bmp
- %PROGRAM_FILES%\rayying\skin\0002\skin.ini
- %PROGRAM_FILES%\rayying\skin\0002\restoreactive.bmp
- %PROGRAM_FILES%\rayying\skin\0002\tab.bmp
- %PROGRAM_FILES%\rayying\skin\0002\status.bmp
- %PROGRAM_FILES%\rayying\skin\0003\FavBarico.bmp
- %PROGRAM_FILES%\rayying\skin\0003\closeactive.bmp
- %PROGRAM_FILES%\rayying\skin\0003\close.bmp
- %PROGRAM_FILES%\rayying\skin\0003\favbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0003\favbar.bmp
- %PROGRAM_FILES%\rayying\skin\0003\addbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0003\MainToolGray24.bmp
- %PROGRAM_FILES%\rayying\skin\0003\MainTool24.bmp
- %PROGRAM_FILES%\rayying\skin\0003\addbar.bmp
- %PROGRAM_FILES%\rayying\skin\0003\activetab.PNG
- %PROGRAM_FILES%\rayying\skin\0004\FavBarico.bmp
- %PROGRAM_FILES%\rayying\skin\0004\title.bmp
- %PROGRAM_FILES%\rayying\skin\0004\tabfav.bmp
- %PROGRAM_FILES%\rayying\skin\0004\xiala.bmp
- %PROGRAM_FILES%\rayying\skin\0004\title1.bmp
- %PROGRAM_FILES%\rayying\skin\0004\tabbttom.bmp
- %PROGRAM_FILES%\rayying\skin\0004\skin.ini
- %PROGRAM_FILES%\rayying\skin\0004\restoreactive.bmp
- %PROGRAM_FILES%\rayying\skin\0004\tab.bmp
- %PROGRAM_FILES%\rayying\skin\0004\status.bmp
- %PROGRAM_FILES%\rayying\rayyingprog.txt
- %PROGRAM_FILES%\soft284101\C_0120110103010116410128010101.txt
- %PROGRAM_FILES%\soft284101\B_0120110103010116410128010101.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\play[1].html
- %PROGRAM_FILES%\soft284101\0120110103010116410128010101.txt
- %PROGRAM_FILES%\soft284101\w_2801.exe
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\ Intornat Explarer .lnk
- %ALLUSERSPROFILE%\Desktop\ Intornat Explarer .lnk
- %PROGRAM_FILES%\soft284101\smes.exe
- %PROGRAM_FILES%\soft284101\a
- %PROGRAM_FILES%\rayying\skin\0004\closeactive.bmp
- %PROGRAM_FILES%\rayying\skin\0004\close.bmp
- %PROGRAM_FILES%\rayying\skin\0004\favbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0004\favbar.bmp
- %PROGRAM_FILES%\rayying\skin\0004\addbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0004\MainToolGray24.bmp
- %PROGRAM_FILES%\rayying\skin\0004\MainTool24.bmp
- %PROGRAM_FILES%\rayying\skin\0004\addbar.bmp
- %PROGRAM_FILES%\rayying\skin\0004\activetab.PNG
- %PROGRAM_FILES%\rayying\skin\0004\max.bmp
- %PROGRAM_FILES%\rayying\skin\0004\rbbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0004\rbbar.bmp
- %PROGRAM_FILES%\rayying\skin\0004\restore.bmp
- %PROGRAM_FILES%\rayying\skin\0004\rbbar24.bmp
- %PROGRAM_FILES%\rayying\skin\0004\noactivetab.png
- %PROGRAM_FILES%\rayying\skin\0004\min.bmp
- %PROGRAM_FILES%\rayying\skin\0004\maxactive.bmp
- %PROGRAM_FILES%\rayying\skin\0004\noactivetab.bmp
- %PROGRAM_FILES%\rayying\skin\0004\minactive.bmp
- %PROGRAM_FILES%\rayying\skin\0002\restore.bmp
- %PROGRAM_FILES%\rayying\pic\2.jpg
- %PROGRAM_FILES%\rayying\pic\1.jpg
- %PROGRAM_FILES%\rayying\pic\8.jpg
- %PROGRAM_FILES%\rayying\pic\3.jpg
- %PROGRAM_FILES%\rayying\pic\0.jpg
- %PROGRAM_FILES%\rayying\images\xiala.gif
- %PROGRAM_FILES%\rayying\images\video.gif
- %PROGRAM_FILES%\rayying\images\zhidao.gif
- %PROGRAM_FILES%\rayying\images\xiala1.gif
- %PROGRAM_FILES%\rayying\pic\9.jpg
- %PROGRAM_FILES%\rayying\skin\0001\close.bmp
- %PROGRAM_FILES%\rayying\skin\0001\addbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0001\favbar.bmp
- %PROGRAM_FILES%\rayying\skin\0001\closeactive.bmp
- %PROGRAM_FILES%\rayying\skin\0001\addbar.bmp
- %PROGRAM_FILES%\rayying\skin\0001\MainTool24.bmp
- %PROGRAM_FILES%\rayying\skin\0001\FavBarico.bmp
- %PROGRAM_FILES%\rayying\skin\0001\activetab.PNG
- %PROGRAM_FILES%\rayying\skin\0001\MainToolGray24.bmp
- %PROGRAM_FILES%\rayying\images\g2.gif
- %PROGRAM_FILES%\rayying\images\g1.gif
- %PROGRAM_FILES%\rayying\images\google.gif
- %PROGRAM_FILES%\rayying\images\gb.gif
- %PROGRAM_FILES%\rayying\images\c_line.png
- %PROGRAM_FILES%\rayying\rayyingblank.html
- %TEMP%\nso2.tmp\System.dll
- %PROGRAM_FILES%\rayying\images\c_left_bg.png
- %PROGRAM_FILES%\rayying\images\baidu.gif
- %PROGRAM_FILES%\rayying\images\mp3.gif
- %PROGRAM_FILES%\rayying\images\suggest.js
- %PROGRAM_FILES%\rayying\images\start.css
- %PROGRAM_FILES%\rayying\images\taobao.gif
- %PROGRAM_FILES%\rayying\images\sz.gif
- %PROGRAM_FILES%\rayying\images\sogou.gif
- %PROGRAM_FILES%\rayying\images\reset.css
- %PROGRAM_FILES%\rayying\images\pic.gif
- %PROGRAM_FILES%\rayying\images\s_top.png
- %PROGRAM_FILES%\rayying\images\s_form.png
- %PROGRAM_FILES%\rayying\skin\0001\favbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0002\close.bmp
- %PROGRAM_FILES%\rayying\skin\0002\addbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0002\favbar.bmp
- %PROGRAM_FILES%\rayying\skin\0002\closeactive.bmp
- %PROGRAM_FILES%\rayying\skin\0002\addbar.bmp
- %PROGRAM_FILES%\rayying\skin\0002\MainTool24.bmp
- %PROGRAM_FILES%\rayying\skin\0002\FavBarico.bmp
- %PROGRAM_FILES%\rayying\skin\0002\activetab.PNG
- %PROGRAM_FILES%\rayying\skin\0002\MainToolGray24.bmp
- %PROGRAM_FILES%\rayying\skin\0002\favbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0002\rbbar.bmp
- %PROGRAM_FILES%\rayying\skin\0002\noactivetab.png
- %PROGRAM_FILES%\rayying\skin\0002\rbbar24.bmp
- %PROGRAM_FILES%\rayying\skin\0002\rbbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0002\noactivetab.bmp
- %PROGRAM_FILES%\rayying\skin\0002\maxactive.bmp
- %PROGRAM_FILES%\rayying\skin\0002\max.bmp
- %PROGRAM_FILES%\rayying\skin\0002\minactive.bmp
- %PROGRAM_FILES%\rayying\skin\0002\min.bmp
- %PROGRAM_FILES%\rayying\skin\0001\rbbar.bmp
- %PROGRAM_FILES%\rayying\skin\0001\noactivetab.png
- %PROGRAM_FILES%\rayying\skin\0001\rbbar24.bmp
- %PROGRAM_FILES%\rayying\skin\0001\rbbar1.bmp
- %PROGRAM_FILES%\rayying\skin\0001\noactivetab.bmp
- %PROGRAM_FILES%\rayying\skin\0001\maxactive.bmp
- %PROGRAM_FILES%\rayying\skin\0001\max.bmp
- %PROGRAM_FILES%\rayying\skin\0001\minactive.bmp
- %PROGRAM_FILES%\rayying\skin\0001\min.bmp
- %PROGRAM_FILES%\rayying\skin\0001\restore.bmp
- %PROGRAM_FILES%\rayying\skin\0001\title.bmp
- %PROGRAM_FILES%\rayying\skin\0001\tabfav.bmp
- %PROGRAM_FILES%\rayying\skin\0001\xiala.bmp
- %PROGRAM_FILES%\rayying\skin\0001\title1.bmp
- %PROGRAM_FILES%\rayying\skin\0001\tabbttom.bmp
- %PROGRAM_FILES%\rayying\skin\0001\skin.ini
- %PROGRAM_FILES%\rayying\skin\0001\restoreactive.bmp
- %PROGRAM_FILES%\rayying\skin\0001\tab.bmp
- %PROGRAM_FILES%\rayying\skin\0001\status.bmp
- from %PROGRAM_FILES%\soft284101\B_0120110103010116410128010101.txt to %PROGRAM_FILES%\soft284101\300.bat
- from %PROGRAM_FILES%\soft284101\C_0120110103010116410128010101.txt to %PROGRAM_FILES%\soft284101\300.reg
- from %PROGRAM_FILES%\soft284101\0120110103010116410128010101.txt to %PROGRAM_FILES%\soft284101\b_2801.vbe
- from %PROGRAM_FILES%\rayying\rayyingprog.txt to %PROGRAM_FILES%\rayying\rayyingprog.ini
- from %PROGRAM_FILES%\soft284101\a to %PROGRAM_FILES%\soft284101\284101.txt
- from %PROGRAM_FILES%\soft284101\smes.exe to %PROGRAM_FILES%\soft284101\w_2801.exe
- 'www.21##.net':80
- 'localhost':1036
- www.21##.net/dongzuo/12801/play.html
- DNS ASK www.21##.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''