Technical Information
- '%TEMP%\nsd2.tmp\F1023_s_30974.exe'
- '%TEMP%\nsd2.tmp\G1031_s_71117.exe'
- '%TEMP%\nsd2.tmp\9377mycs_Y_mgaz2_01.exe'
- '%TEMP%\nsd2.tmp\aodce.exe'
- '%TEMP%\nsd2.tmp\IQIYIsetup_l_spl004@kb010.exe'
- '%TEMP%\nsd2.tmp\setup_95165069.exe'
- '%TEMP%\nsd2.tmp\BFVCenter-y4bd2[[BB027]].exe'
- '%TEMP%\nsd2.tmp\SoHuVA_4.2.0.16-c204900009-ng-s-run-x.exe'
- '%TEMP%\nsd2.tmp\ins1256858.exe'
- '%TEMP%\nsd2.tmp\OfficeAssist.0419.80.1123.exe'
- '%TEMP%\nsd2.tmp\Baidu_Com_90000214.exe'
- '%TEMP%\nsd2.tmp\2345Explorer_329242_silence.exe'
- '%TEMP%\nsd2.tmp\MM-liao8398.exe'
- '%TEMP%\nsd2.tmp\hkyl_yls_hk2014_202lm.exe'
- '%TEMP%\nsd2.tmp\yx_dts.exe'
- '%TEMP%\nsd2.tmp\QQBrowser_Setup_Hk_78653.exe'
- '%TEMP%\nsd2.tmp\aodce.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\2345Explorer_329242_silence.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\IQIYIsetup_l_spl004@kb010.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\QQBrowser_Setup_Hk_78653.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\setup_95165069.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\BFVCenter-y4bd2[[BB027]].exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\MM-liao8398.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\hkyl_yls_hk2014_202lm.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\Baidu_Com_90000214.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\yx_dts.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\OfficeAssist.0419.80.1123.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\SoHuVA_4.2.0.16-c204900009-ng-s-run-x.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\ins1256858.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\G1031_s_71117.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\9377mycs_Y_mgaz2_01.exe' (downloaded from the Internet)
- '%TEMP%\nsd2.tmp\F1023_s_30974.exe' (downloaded from the Internet)
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %TEMP%\nsd2.tmp\ins1256858.exe
- %TEMP%\nsd2.tmp\BFVCenter-y4bd2[[BB027]].exe
- %TEMP%\nsd2.tmp\SoHuVA_4.2.0.16-c204900009-ng-s-run-x.exe
- %TEMP%\nsd2.tmp\F1023_s_30974.exe
- %TEMP%\nsd2.tmp\G1031_s_71117.exe
- %TEMP%\nsd2.tmp\QQBrowser_Setup_Hk_78653.exe
- %TEMP%\nsd2.tmp\2345Explorer_329242_silence.exe
- %TEMP%\nsd2.tmp\aodce.exe
- %TEMP%\nsd2.tmp\setup_95165069.exe
- %TEMP%\nsd2.tmp\IQIYIsetup_l_spl004@kb010.exe
- %TEMP%\nsd2.tmp\9377mycs_Y_mgaz2_01.exe
- %TEMP%\nsd2.tmp\1.rar
- %TEMP%\nsd2.tmp\yx_dts.exe
- %TEMP%\nsd2.tmp\Inetc.dll
- %TEMP%\nsd2.tmp\System.dll
- %TEMP%\nsd2.tmp\2.ico
- %TEMP%\nsd2.tmp\MM-liao8398.exe
- %TEMP%\nsd2.tmp\hkyl_yls_hk2014_202lm.exe
- %TEMP%\nsd2.tmp\Base64.dll
- %TEMP%\nsd2.tmp\OfficeAssist.0419.80.1123.exe
- %TEMP%\nsd2.tmp\Baidu_Com_90000214.exe
- %TEMP%\nsd2.tmp\MM-liao8398.exe
- %TEMP%\nsd2.tmp\OfficeAssist.0419.80.1123.exe
- %TEMP%\nsd2.tmp\IQIYIsetup_l_spl004@kb010.exe
- %TEMP%\nsd2.tmp\Inetc.dll
- %TEMP%\nsd2.tmp\ins1256858.exe
- %TEMP%\nsd2.tmp\System.dll
- %TEMP%\nsd2.tmp\yx_dts.exe
- %TEMP%\nsd2.tmp\SoHuVA_4.2.0.16-c204900009-ng-s-run-x.exe
- %TEMP%\nsd2.tmp\QQBrowser_Setup_Hk_78653.exe
- %TEMP%\nsd2.tmp\setup_95165069.exe
- %TEMP%\nsd2.tmp\aodce.exe
- %TEMP%\nsd2.tmp\Baidu_Com_90000214.exe
- %TEMP%\nsd2.tmp\9377mycs_Y_mgaz2_01.exe
- %TEMP%\nsd2.tmp\2.ico
- %TEMP%\nsd2.tmp\2345Explorer_329242_silence.exe
- %TEMP%\nsd2.tmp\G1031_s_71117.exe
- %TEMP%\nsd2.tmp\hkyl_yls_hk2014_202lm.exe
- %TEMP%\nsd2.tmp\F1023_s_30974.exe
- %TEMP%\nsd2.tmp\Base64.dll
- %TEMP%\nsd2.tmp\BFVCenter-y4bd2[[BB027]].exe
- 'g.###en320.com':80
- 'dl.##ofeng.com':80
- 'xi###i.9377.com':80
- 'p2#.#d.sohu.com':80
- 'dl###1.qq.com':80
- 'do####ad.2345.cn':80
- 'dl.#x5.com':80
- 'dl.###tic.iqiyi.com':80
- 'id#.##--r93a55o.cc':80
- '12#.#25.114.144':80
- 'in#.###ol.sina.com.cn':80
- 'ic####.b0.upaiyun.com':443
- 'www.ba###hijz.com':80
- 'do##.woka123.cn':80
- 'localhost':1044
- 'mm####.jianting.net':80
- g.###en320.com/d/ins1256858.exe
- dl.##ofeng.com/BFVCenter/BFVCenter-y4bd2[[BB027]].exe
- id#.##--r93a55o.cc/G1031_s_71117.exe
- p2#.#d.sohu.com/dcs.do?f=##############################
- dl.#x5.com/apk/20141222/setup_95165069.exe
- dl###1.qq.com/invc/tt/QQBrowser_Setup_Hk_78653.exe
- do####ad.2345.cn/silence/2345Explorer_329242_silence.exe
- dl.###tic.iqiyi.com/hz/IQIYIsetup_l_spl004@kb010.exe
- 12#.#25.114.144/go/mini/12/10000024
- id#.##--r93a55o.cc/OfficeAssist.0419.80.1123.exe
- 12#.#25.114.144/index/mini_2to1_download/90000214
- in#.###ol.sina.com.cn/iplookup/iplookup.php
- id#.##--r93a55o.cc/yx_dts.exe
- mm####.jianting.net/mmliao/MM-liao8398.exe
- xi###i.9377.com/20141201/9377mycs_Y_mgaz2_01.exe
- id#.##--r93a55o.cc/F1023_s_30974.exe
- www.ba###hijz.com/YjY2MmVmNDkuZXhl/40.html
- do##.woka123.cn/qudao/hk/hkyl_yls_hk2014_202lm.exe
- DNS ASK dl.##ofeng.com
- DNS ASK dl.#x5.com
- DNS ASK p2#.#d.sohu.com
- DNS ASK g.###en320.com
- DNS ASK dl###1.qq.com
- DNS ASK do####ad.2345.cn
- DNS ASK dl.###tic.iqiyi.com
- DNS ASK w.#.#aidu.com
- DNS ASK id#.##--r93a55o.cc
- DNS ASK sh###.baidu.com
- DNS ASK in#.###ol.sina.com.cn
- DNS ASK ic####.b0.upaiyun.com
- DNS ASK do##.woka123.cn
- DNS ASK xi###i.9377.com
- DNS ASK mm####.jianting.net
- DNS ASK www.ba###hijz.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''