Technical Information
- '' (downloaded from the Internet)
- %TEMP%\nsa2.tmp\System.dll
- %TEMP%\1.gif
- %TEMP%\nsa2.tmp\Inetc.dll
- %TEMP%\1.zip
- %TEMP%\nsa2.tmp\Base64.dll
- %TEMP%\nsa2.tmp\NsRandom.dll
- %TEMP%\21.tmp
- %TEMP%\nsa2.tmp\ZipDLL.dll
- %TEMP%\install1078565.exe
- %TEMP%\23.tmp
- %TEMP%\nsa2.tmp\ExecCmd.dll
- 'pv.#ohu.com':80
- 't.#n':80
- 'do#####d.suxiazai.com':80
- http://pv.#ohu.com/cityjson
- http://t.#n/RLQ3pj3
- http://do#####d.suxiazai.com/for_down/2013/install1078565.exe
- http://t.#n/RL5BJq0
- DNS ASK pv.#ohu.com
- DNS ASK t.#n
- DNS ASK do#####d.suxiazai.com
- ClassName: '#32770' WindowName: ''
- '%TEMP%\install1078565.exe'
- '<SYSTEM32>\cmd.exe' /C copy /b "%TEMP%\KeLe2014Beta3.6.2Promote0714_20090195130.exe" + "%WINDIR%\Fonts\verdana.ttf" "%TEMP%\KeLe2014Beta3.6.2Promote0714_20090195130.exe"