Техническая информация
Для обеспечения автозапуска и распространения
Устанавливает следующие настройки сервисов
- [<HKLM>\System\CurrentControlSet\Services\SpSvc] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SpSvc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SpSvc\Parameters] 'ServiceDll' = 'D:\MobileEmuMaster\Utils\spsvc.dll'
- [<HKLM>\System\CurrentControlSet\Services\SpDrv] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\SpDrv] 'ImagePath' = 'D:\MobileEmuMaster\Utils\SpDrv_amd64.sys'
Создает следующие сервисы
- 'SpSvc' <SYSTEM32>\svchost.exe -k netsvcs
- 'SpDrv' D:\MobileEmuMaster\Utils\SpDrv_amd64.sys
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\{fb7cfcd3-15d8-4dd1-ac4b-f4c9e2e9d4fe}.tf
- D:\mobileemumaster\tools\info.exe
- D:\mobileemumaster\tools\ie\ldsieview.exe
- D:\mobileemumaster\tools\adbwinusbapi.dll
- D:\mobileemumaster\tools\adbwinapi.dll
- D:\mobileemumaster\tools\adb.exe
- D:\mobileemumaster\tools\aapt.exe
- D:\mobileemumaster\softmgr\softmgr.dll
- D:\mobileemumaster\siteuihelper.dll
- D:\mobileemumaster\sites.dll
- D:\mobileemumaster\safelive.dll
- D:\mobileemumaster\plugin\shellext_x86.dll
- D:\mobileemumaster\plugin\shellext_x64.dll
- D:\mobileemumaster\7za.dll
- D:\mobileemumaster\plugin\popmgrstub.dll
- D:\mobileemumaster\plugin\configcenter.dll
- D:\mobileemumaster\netbridge.dll
- D:\mobileemumaster\ldsgamever.dll
- D:\mobileemumaster\ldsgameplayerpk\ludashiemulator.dll
- D:\mobileemumaster\ldsgamehall\ldsgamehall.exe
- D:\mobileemumaster\ipc\ipcservice.dll
- D:\mobileemumaster\gamememoryopt_x64.dll
- D:\mobileemumaster\gamememoryopt.dll
- D:\mobileemumaster\game\modeidentify.dll
- D:\mobileemumaster\game\360webidentify.dll
- D:\mobileemumaster\game\360gameidentify.dll
- D:\mobileemumaster\dumpuper.exe
- D:\mobileemumaster\plugin\configcenterstub.dll
- D:\mobileemumaster\dumpcreator_x64.exe
- D:\mobileemumaster\tools\ldswebgameviewer.exe
- D:\mobileemumaster\utils\ldsvolumectrl.dll
- C:\users\public\desktop\手机模拟大师.lnk
- D:\mobileemumaster\utils\wndplugin.dll
- D:\mobileemumaster\utils\spsvc.dll
- D:\mobileemumaster\utils\spdrv_x86.sys
- D:\mobileemumaster\utils\spdrv_amd64.sys
- D:\mobileemumaster\utils\souldancer.exe
- D:\mobileemumaster\utils\rundll.exe
- D:\mobileemumaster\utils\pop_bizhi.exe
- D:\mobileemumaster\utils\popex.dll
- D:\mobileemumaster\utils\pop.dll
- D:\mobileemumaster\utils\mnqappmon.dll
- D:\mobileemumaster\utils\mnqapktool.exe
- D:\mobileemumaster\uninst.exe
- D:\mobileemumaster\tools\ldswebview.dll
- D:\mobileemumaster\utils\ldsbridge.exe
- D:\mobileemumaster\utils\instext.dll
- D:\mobileemumaster\utils\guardhp.exe
- D:\mobileemumaster\utils\gmsettings.dll
- D:\mobileemumaster\utils\gamemasterhelper.exe
- D:\mobileemumaster\utils\dispatchmini.dll
- D:\mobileemumaster\utils\computerz14.exe
- D:\mobileemumaster\utils\computerz12_x64.dll
- D:\mobileemumaster\utils\computerz12.dll
- D:\mobileemumaster\utils\checkhp.dll
- D:\mobileemumaster\utils\arctrl.dll
- D:\mobileemumaster\update.exe
- D:\mobileemumaster\utils\mininews.exe
- D:\mobileemumaster\360base64.dll
- D:\mobileemumaster\utils\apktoolui.uiz
- D:\mobileemumaster\utils\apkinfoui.uiz
- D:\mobileemumaster\{9acd62c6-2a84-4d37-b14f-1910eb221d11}.tf
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\utils\ldsbasic.dll
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\softmgr\softmgrinst.exe
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\pdown.dll
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\liveupd360.dll
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\360p2sp.dll
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\360netul.dll
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\360netbase.dll
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\360net.dll
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\360base.dll
- %TEMP%\{e1801456-4650-4270-8865-e1af52a40b02}.tmp\uninstallrootdirfilelist.xml
- D:\mobileemumaster\{0164e065-631b-4bef-8935-4cd9a4b92466}.tf
- %TEMP%\{e1801456-4650-4270-8865-e1af52a40b02}.tmp\ldsgamemaster.ldsprj
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\{30d6ea90-3703-4387-8947-3d7b6656c8c7}.tf
- %LOCALAPPDATA%\ldsgamemaster\store\netbridge.dll
- %LOCALAPPDATA%\ldsgamemaster\store\utils\ldsbasic.dll
- %LOCALAPPDATA%\ldsgamemaster\store\360netul.dll
- %LOCALAPPDATA%\ldsgamemaster\store\360base.dll
- %TEMP%\{c14aed3e-ef2a-456f-bc64-d7b27a2203bc}.tmp\utils\ldsbasic.dll
- %TEMP%\{c14aed3e-ef2a-456f-bc64-d7b27a2203bc}.tmp\netbridge.dll
- %TEMP%\{c14aed3e-ef2a-456f-bc64-d7b27a2203bc}.tmp\360netul.dll
- %TEMP%\{c14aed3e-ef2a-456f-bc64-d7b27a2203bc}.tmp\360base.dll
- %TEMP%\{f720376a-c7ec-4d85-b6bf-c73c7afb1764}.tmp
- %TEMP%\{d32f9877-78bd-49e0-a949-83c5e5b48bd0}.tmp\7z.dll
- %TEMP%\{b6d7c805-04df-4005-832b-e971956dc4de}.tmp
- %TEMP%\{5636e27e-3993-41b3-a640-6f80d2e2f704}.tmp
- D:\mobileemumaster\{ca7e67d5-3fb5-4438-8049-d72c25dd6204}.tf
- D:\mobileemumaster\{f11279e2-4510-4b09-a5b9-083dc75087a6}.tf
- D:\mobileemumaster\{c1400890-9184-4dc8-af19-2d002e0d1b6e}.tf
- D:\mobileemumaster\updateui.uiz
- D:\mobileemumaster\downloads\temp\ldsgamemasterhall_5.1.2052.2115.zip.trt
- D:\mobileemumaster\updatecfg.ini
- D:\mobileemumaster\plugin\runextention.tpi
- D:\mobileemumaster\plugin\popmgr.tpi
- D:\mobileemumaster\plugin\basic.tpi
- D:\mobileemumaster\ldsgamehall\defapkicon.ico
- D:\mobileemumaster\game\widef.dat
- D:\mobileemumaster\game\modeidentify.dat
- D:\mobileemumaster\game\gameidentify_inc.dat
- D:\mobileemumaster\game\gameidentify.dat
- D:\mobileemumaster\filelist.xml
- D:\mobileemumaster\slist.dat.~temp
- D:\mobileemumaster\downloads\temp\ldsgamemasterhall_5.1.2052.2115.zip.p2p
- D:\mobileemumaster\downloads\temp\ldsgamemasterhall_5.1.2052.2115.zip.mem
- D:\mobileemumaster\gamemaster_setup.log
- %APPDATA%\ludashi\softmgr\softmgrinst.ini
- D:\mobileemumaster\computerz.set
- D:\mobileemumaster\7z.dll
- D:\mobileemumaster\utils\ldsbasic.dll
- D:\mobileemumaster\softmgr\softmgrinst.exe
- D:\mobileemumaster\pdown.dll
- D:\mobileemumaster\liveupd360.dll
- D:\mobileemumaster\360p2sp.dll
- D:\mobileemumaster\360netul.dll
- D:\mobileemumaster\360netbase.dll
- D:\mobileemumaster\360net.dll
- D:\mobileemumaster\360base.dll
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\手机模拟大师\卸载手机模拟大师.lnk
- %WINDIR%\temp\udd3e.tmp
Удаляет следующие файлы
- %TEMP%\{fb7cfcd3-15d8-4dd1-ac4b-f4c9e2e9d4fe}.tf
- D:\mobileemumaster\downloads\temp\ldsgamemasterhall_5.1.2052.2115.zip
- D:\mobileemumaster\utils\ldsbasic.dll
- D:\mobileemumaster\slist.dat
- D:\mobileemumaster\downloads\temp\ldsgamemasterhall_5.1.2052.2115.zip.trt
- D:\mobileemumaster\downloads\temp\ldsgamemasterhall_5.1.2052.2115.zip.mem
- D:\mobileemumaster\{c1400890-9184-4dc8-af19-2d002e0d1b6e}.tf
- %WINDIR%\temp\udd3e.tmp
- D:\mobileemumaster\{ca7e67d5-3fb5-4438-8049-d72c25dd6204}.tf
- D:\mobileemumaster\{f11279e2-4510-4b09-a5b9-083dc75087a6}.tf
- D:\mobileemumaster\{9acd62c6-2a84-4d37-b14f-1910eb221d11}.tf
- %TEMP%\{5636e27e-3993-41b3-a640-6f80d2e2f704}.tmp
- %ALLUSERSPROFILE%\{cfa03f21-0914-4ced-9c52-35e36d199291}.tmp\{30d6ea90-3703-4387-8947-3d7b6656c8c7}.tf
- %TEMP%\{f720376a-c7ec-4d85-b6bf-c73c7afb1764}.tmp
- %TEMP%\{b6d7c805-04df-4005-832b-e971956dc4de}.tmp
- D:\mobileemumaster\{0164e065-631b-4bef-8935-4cd9a4b92466}.tf
- D:\mobileemumaster\utils\instext.dll
Перемещает следующие файлы
- D:\mobileemumaster\downloads\temp\ldsgamemasterhall_5.1.2052.2115.zip.p2p в D:\mobileemumaster\downloads\temp\ldsgamemasterhall_5.1.2052.2115.zip
- D:\mobileemumaster\slist.dat.~temp в D:\mobileemumaster\slist.dat
Подменяет следующие файлы
- D:\mobileemumaster\slist.dat.~temp
- D:\mobileemumaster\slist.dat
- D:\mobileemumaster\utils\ldsbasic.dll
Сетевая активность
Подключается к
- 's.###ashi.com':80
- 'zh####u.ludashi.com':80
- 'l.#####c.ludashi.com':80
- 'p0.##img.com':80
- 'cd#####e.monidashi.cn':80
- 'sd.#.360.cn':80
- 'microsoft.com':80
- 'oc##.thawte.com':80
TCP
Запросы HTTP GET
- http://s.###ashi.com/mgame?ty####################################################################################################################################################################...
- http://cd#####e.monidashi.cn/gamemaster/ver/5.1.2052.2115/LDSGameMasterHall_5.1.2052.2115.zip
UDP
- DNS ASK s.###ashi.com
- DNS ASK st.#.360.cn
- DNS ASK sd.#.360.cn
- DNS ASK microsoft.com
- DNS ASK cd#####e.monidashi.cn
- DNS ASK tr.#.360.cn
- DNS ASK ag#.#.360.cn
- DNS ASK p0.##img.com
- DNS ASK zh####u.ludashi.com
- DNS ASK oc##.thawte.com
- DNS ASK l.#####c.ludashi.com
- '95.##1.190.197':30697
- 'tr.#.360.cn':80
- '255.255.255.255':3600
- 'st.#.360.cn':3478
- '1.###.136.171':3478
- 'localhost':3601
Другое
Ищет следующие окна
- ClassName: 'ShortcutForMobileGame_LinkMainWndClass' WindowName: ''
- ClassName: 'ComputerZLinkMainWndClass' WindowName: ''
- ClassName: 'MainWindow@LdsGameHall' WindowName: ''
- ClassName: 'LdsSoftMgrInstWnd_LDSGameMaster' WindowName: ''
Создает и запускает на исполнение
- 'D:\mobileemumaster\softmgr\softmgrinst.exe' --hwnd=131648 --from=LDSGameMaster --new=true --log
- 'D:\mobileemumaster\utils\gamemasterhelper.exe'
- 'D:\mobileemumaster\utils\gamemasterhelper.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\regsvr32.exe' /s /i "D:\MobileEmuMaster\GameMemoryOpt_x64.dll"' (со скрытым окном)
- '%WINDIR%\syswow64\regsvr32.exe' /s /i "D:\MobileEmuMaster\Plugin\ShellExt_x64.dll"' (со скрытым окном)
Запускает на исполнение
- '%WINDIR%\syswow64\svchost.exe' -k netsvcs
- '%WINDIR%\syswow64\regsvr32.exe' /s /i "D:\MobileEmuMaster\GameMemoryOpt_x64.dll"
- '%WINDIR%\syswow64\regsvr32.exe' /s /i "D:\MobileEmuMaster\Plugin\ShellExt_x64.dll"
- '<SYSTEM32>\regsvr32.exe' /s /i "D:\MobileEmuMaster\Plugin\ShellExt_x64.dll"
- '<SYSTEM32>\regsvr32.exe' /s /i "D:\MobileEmuMaster\GameMemoryOpt_x64.dll"
