Technical Information
- '%TEMP%\nse3.tmp\KeLe2014Beta3.6.2Promote0326_20090195130.exe' (downloaded from the Internet)
- '%TEMP%\nse3.tmp\KeLe2014Beta3.6.2Promote0326_20090195130.exe'
- '<SYSTEM32>\cmd.exe' /C copy /b "KeLe2014Beta3.6.2Promote0326_20090195130.exe" + "%WINDIR%\Fonts\SIMSUN.TTC" "KeLe2014Beta3.6.2Promote0326_20090195130.exe"
- %TEMP%\nse2.tmp
- 'xi###i.9377.com':80
- 'd.###005.com':80
- 'pv.#ohu.com':80
- http://xi###i.9377.com/20150526/zzaz_01.exe
- http://d.###005.com/TG/KeLe2014Beta3.6.2Promote0326_20090195130.exe
- http://pv.#ohu.com/cityjson
- DNS ASK xi###i.9377.com
- DNS ASK d.###005.com
- DNS ASK pv.#ohu.com
- ClassName: 'Shell_TrayWnd' WindowName: ''