Technical Information
- '%TEMP%\nsn9445.tmp\2345Explorer_329242_silence.exe'
- '%TEMP%\nsn9445.tmp\G0630_s_70885.exe'
- '%TEMP%\nsn9445.tmp\F0708_s_30791.exe'
- '%TEMP%\nsn9445.tmp\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe'
- '%TEMP%\nsn9445.tmp\ins1256858.exe'
- '%TEMP%\nsn9445.tmp\jj_auto.exe'
- '%TEMP%\nsn9445.tmp\9377chiyue_Y_mgaz.exe'
- '%TEMP%\nsn9445.tmp\setup_3386.exe'
- '%TEMP%\nsn9445.tmp\BaiduPlayerNetSetup_441.exe'
- '%TEMP%\nsn9445.tmp\jj_auto.exe' (downloaded from the Internet)
- '%TEMP%\nsn9445.tmp\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe' (downloaded from the Internet)
- '%TEMP%\nsn9445.tmp\ins1256858.exe' (downloaded from the Internet)
- '%TEMP%\nsn9445.tmp\setup_3386.exe' (downloaded from the Internet)
- '%TEMP%\nsn9445.tmp\F0708_s_30791.exe' (downloaded from the Internet)
- '%TEMP%\nsn9445.tmp\9377chiyue_Y_mgaz.exe' (downloaded from the Internet)
- '%TEMP%\nsn9445.tmp\G0630_s_70885.exe' (downloaded from the Internet)
- '%TEMP%\nsn9445.tmp\2345Explorer_329242_silence.exe' (downloaded from the Internet)
- '%TEMP%\nsn9445.tmp\BaiduPlayerNetSetup_441.exe' (downloaded from the Internet)
- '<SYSTEM32>\conhost.exe' /pid=3836
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\DllHost.exe' /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
- <LS_APPDATA>\Mozilla\Firefox\Profiles\zp7tnb55.default\urlclassifier3.sqlite-journal
- %TEMP%\+snos4vX.css.part
- %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\downloads.sqlite-journal
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\RPWoh2l[1]
- %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\downloads.sqlite
- %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\sessionstore.bak
- %TEMP%\nsn9445.tmp\ExecCmd.dll
- %TEMP%\nsiF3D.tmp\System.dll
- %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\places.sqlite-wal
- %TEMP%\nsiF3D.tmp\ShellLink.dll
- %TEMP%\nsn9445.tmp\G0630_s_70885.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\RPVdFrE[1]
- %TEMP%\nsn9445.tmp\ins1256858.exe
- %TEMP%\nsn9445.tmp\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\UZT5H41ASVCJR4NOX5HN.temp
- %TEMP%\nsn9445.tmp\js.log
- %TEMP%\nsn9445.tmp\2345Explorer_329242_silence.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\RPVdkjL[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\RPVdkkg[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\RPVdFiq[1]
- %TEMP%\nsn9445.tmp\jj_auto.exe
- %TEMP%\nsn9445.tmp\i.rar
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\iplookup[1].php
- %TEMP%\nsn9445.tmp\Base64.dll
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\7185bdf1gw1ejbd45mfznj208c0bxwfk[1].jpg
- %TEMP%\nsn9445.tmp\nsProcess.dll
- %TEMP%\nsn9445.tmp\System.dll
- %TEMP%\nsh9434.tmp
- %PROGRAM_FILES%\LevinISO\Unload.exe
- %TEMP%\nsn9445.tmp\Inetc.dll
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LevinISO\Unload.lnk
- %TEMP%\nsn9445.tmp\fbb2.jpg
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\RPVgvap[1]
- %HOMEPATH%\Desktop\Intrenet Explorer.lnk
- %TEMP%\nsn9445.tmp\9377chiyue_Y_mgaz.exe
- %TEMP%\nsn9445.tmp\F0708_s_30791.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\RP6nRGo[1]
- %TEMP%\nsn9445.tmp\setup_3386.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\RPVd16s[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\RPO5wYF[1]
- %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\prefs-1.js
- %TEMP%\nsn9445.tmp\BaiduPlayerNetSetup_441.exe
- %TEMP%\nsn9445.tmp\Inetc.dll
- %TEMP%\nsn9445.tmp\ins1256858.exe
- %TEMP%\nsn9445.tmp\ExecCmd.dll
- %TEMP%\nsn9445.tmp\fbb2.jpg
- %TEMP%\nsn9445.tmp\jj_auto.exe
- %TEMP%\nsn9445.tmp\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
- %TEMP%\nsn9445.tmp\System.dll
- %TEMP%\nsn9445.tmp\nsProcess.dll
- %TEMP%\nsn9445.tmp\setup_3386.exe
- %TEMP%\nsn9445.tmp\Base64.dll
- <LS_APPDATA>\Mozilla\Firefox\Profiles\zp7tnb55.default\urlclassifier3.sqlite-journal
- %TEMP%\nsn9445.tmp\F0708_s_30791.exe
- %TEMP%\nsiF3D.tmp\ShellLink.dll
- %TEMP%\nsiF3D.tmp\System.dll
- %APPDATA%\Roaming\Mozilla\Firefox\Profiles\zp7tnb55.default\downloads.sqlite-journal
- %TEMP%\nsn9445.tmp\9377chiyue_Y_mgaz.exe
- %TEMP%\nsn9445.tmp\BaiduPlayerNetSetup_441.exe
- %TEMP%\nsn9445.tmp\G0630_s_70885.exe
- %TEMP%\nsn9445.tmp\2345Explorer_329242_silence.exe
- from %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\UZT5H41ASVCJR4NOX5HN.temp to %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\661ab0ff87cd11.customDestinations-ms
- 'localhost':49163
- 'f.###iweixiu.cn':80
- 'fx####s.mozilla.com':80
- 'localhost':49161
- 'in#.###ol.sina.com.cn':80
- 'ww#.#inaimg.cn':80
- 't.#n':80
- t.#n/RPVdkjL
- t.#n/RPWoh2l
- fx####s.mozilla.com/en-US/firefox/headlines.xml
- t.#n/RPVdFrE
- t.#n/RPVdFiq
- t.#n/RPVdkkg
- f.###iweixiu.cn/<Auxiliary name>.exe/pptv.css
- t.#n/RPVd16s
- ww#.#inaimg.cn/large/7185bdf1gw1ejbd45mfznj208c0bxwfk.jpg
- in#.###ol.sina.com.cn/iplookup/iplookup.php
- t.#n/RP6nRGo
- t.#n/RPVgvap
- t.#n/RPO5wYF
- DNS ASK f.###iweixiu.cn
- DNS ASK fx####s.mozilla.com
- DNS ASK t.#n
- DNS ASK in#.###ol.sina.com.cn
- DNS ASK ww#.#inaimg.cn
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: 'FirefoxMessageWindow' WindowName: ''