Trojan.Siggen29.36179

Technical Information

To ensure autorun and distribution

Creates or modifies the following files

<SYSTEM32>\tasks\fystore

Modifies file system

Creates the following files

%TEMP%\evb4cc9.tmp
C:\fystore\bmp\{90140000-001b-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-001a-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0019-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0018-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0016-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0015-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0011-0000-1000-0000000ff1ce}_office14.proplus_{10c9c7c6-7d13-4b15-8118-ef2e56129fc4}oarpmany.exe.png
C:\fystore\bmp\winrar archiveruninstall.exe.png
C:\fystore\bmp\office14.proplussetup.exe.png
C:\fystore\bmp\mozilla thunderbird 78.9.1 (x64 en-us)helper.exe.png
C:\fystore\bmp\mozilla firefox 78.0.2 (x64 en-us)helper.exe.png
C:\fystore\bmp\microsoft .net framework 4 extendedsetup.exe.png
C:\fystore\bmp\microsoft .net framework 4 client profilesetup.exe.png
C:\fystore\localstorage\http_api.00nb.cn.localstorage
%TEMP%\evb20a0.tmp
%TEMP%\fystore.nlfarlufkwdt.user.log.info.20240906-210355.2640
%TEMP%\evb552.tmp
C:\fystore\bmp\{90140000-001f-0409-1000-0000000ff1ce}_office14.proplus_{0242505c-4e90-407f-9299-b5b275f50d86}oarpmany.exe.png
C:\fystore\bmp\{90140000-001f-040c-1000-0000000ff1ce}_office14.proplus_{b51389c8-2890-4633-81d8-47d2a7402274}oarpmany.exe.png
C:\fystore\bmp\{90140000-001f-0c0a-1000-0000000ff1ce}_office14.proplus_{1779650b-2e44-4a19-8df6-3866d645764a}oarpmany.exe.png
C:\fystore\bmp\{90140000-002c-0409-1000-0000000ff1ce}_office14.proplus_{270ca0b9-9881-44db-bc3b-37c7e66a044a}oarpmany.exe.png
C:\fystore\bmp\fystorefystore.exe.png
C:\fystore\bmp\{fd9b6070-d13e-45dc-819b-41806bf45b6b}vc_redist.x64.exe.png
C:\fystore\bmp\{f65db027-aff3-4070-886a-0d87064aabb1}vcredist_x86.exe.png
C:\fystore\bmp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}vcredist_x64.exe.png
C:\fystore\bmp\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}vc_redist.x86.exe.png
C:\fystore\bmp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}vcredist_x86.exe.png
C:\fystore\bmp\{295d1583-fdb9-414b-a4c8-da539362a26b}vc_redist.x64.exe.png
C:\fystore\bmp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}vcredist_x64.exe.png
C:\fystore\bmp\opera 29.0.1795.47launcher.exe.png
C:\fystore\bmp\steamuninstall.exe.png
C:\fystore\bmp\{90140000-0117-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0115-0409-1000-0000000ff1ce}_office14.proplus_{516ca4a9-98e6-4f77-a863-cbd8487368e4}oarpmany.exe.png
C:\fystore\bmp\{90140000-00ba-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-00a1-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-006e-0409-1000-0000000ff1ce}_office14.proplus_{516ca4a9-98e6-4f77-a863-cbd8487368e4}oarpmany.exe.png
C:\fystore\bmp\{90140000-0044-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0043-0409-1000-0000000ff1ce}_office14.proplus_{fcd1c311-8b02-4dbd-ba46-1079c629577e}oarpmany.exe.png
C:\fystore\bmp\{90140000-0043-0000-1000-0000000ff1ce}_office14.proplus_{e8b6d35b-0b6f-4dce-9493-859bf3809a7f}oarpmany.exe.png
C:\fystore\bmp\google chromesetup.exe.png
%TEMP%\evb4a6.tmp
%TEMP%\evb495.tmp
%TEMP%\evb475.tmp
%TEMP%\evb6807.tmp
%TEMP%\evb67f7.tmp
%TEMP%\evb67e6.tmp
%TEMP%\evb67d6.tmp
%TEMP%\evb67b5.tmp
%TEMP%\evb6786.tmp
%TEMP%\evb6746.tmp
%TEMP%\evb6726.tmp
%TEMP%\evb65dd.tmp
%TEMP%\evb65cd.tmp
%TEMP%\evb65ad.tmp
%TEMP%\evb638a.tmp
%TEMP%\evb628f.tmp
%TEMP%\evb627e.tmp
%TEMP%\evb61d2.tmp
%TEMP%\evb4d67.tmp
%TEMP%\evb4d08.tmp
%TEMP%\evb6818.tmp
%TEMP%\evb6829.tmp
%TEMP%\evb6ae8.tmp
%TEMP%\fystore.nlfarlufkwdt.user.log.info.20240906-210313.468
%TEMP%\evb435.tmp
%TEMP%\evb424.tmp
%TEMP%\evb3e5.tmp
%TEMP%\evb376.tmp
%TEMP%\evb356.tmp
%TEMP%\evb336.tmp
%TEMP%\evb325.tmp
%TEMP%\evb2e6.tmp
%TEMP%\evb286.tmp
%TEMP%\evb2b6.tmp
%TEMP%\evb266.tmp
%TEMP%\evb236.tmp
%TEMP%\evb216.tmp
%TEMP%\evb14a.tmp
%TEMP%\evb13a.tmp
%TEMP%\evbcc.tmp
C:\fystore\fystore.exe
%TEMP%\evb877d.tmp
%TEMP%\evb464.tmp
C:\fystore\bmp\{53f49750-6209-4fbf-9ca8-7a333c87d1ed}_is1unins000.exe.png

Deletes the following files

%TEMP%\evb4cc9.tmp
C:\fystore\bmp\{90140000-001a-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-001b-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-001f-0409-1000-0000000ff1ce}_office14.proplus_{0242505c-4e90-407f-9299-b5b275f50d86}oarpmany.exe.png
C:\fystore\bmp\{90140000-001f-040c-1000-0000000ff1ce}_office14.proplus_{b51389c8-2890-4633-81d8-47d2a7402274}oarpmany.exe.png
C:\fystore\bmp\{90140000-001f-0c0a-1000-0000000ff1ce}_office14.proplus_{1779650b-2e44-4a19-8df6-3866d645764a}oarpmany.exe.png
C:\fystore\bmp\{90140000-002c-0409-1000-0000000ff1ce}_office14.proplus_{270ca0b9-9881-44db-bc3b-37c7e66a044a}oarpmany.exe.png
C:\fystore\bmp\{90140000-0043-0000-1000-0000000ff1ce}_office14.proplus_{e8b6d35b-0b6f-4dce-9493-859bf3809a7f}oarpmany.exe.png
C:\fystore\bmp\{90140000-0043-0409-1000-0000000ff1ce}_office14.proplus_{fcd1c311-8b02-4dbd-ba46-1079c629577e}oarpmany.exe.png
C:\fystore\bmp\{90140000-0044-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-006e-0409-1000-0000000ff1ce}_office14.proplus_{516ca4a9-98e6-4f77-a863-cbd8487368e4}oarpmany.exe.png
C:\fystore\bmp\{90140000-00a1-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0018-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0019-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-00ba-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\opera 29.0.1795.47launcher.exe.png
C:\fystore\bmp\steamuninstall.exe.png
C:\fystore\bmp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}vcredist_x64.exe.png
C:\fystore\bmp\{295d1583-fdb9-414b-a4c8-da539362a26b}vc_redist.x64.exe.png
C:\fystore\bmp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}vcredist_x86.exe.png
C:\fystore\bmp\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}vc_redist.x86.exe.png
C:\fystore\bmp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}vcredist_x64.exe.png
C:\fystore\bmp\{f65db027-aff3-4070-886a-0d87064aabb1}vcredist_x86.exe.png
C:\fystore\bmp\{fd9b6070-d13e-45dc-819b-41806bf45b6b}vc_redist.x64.exe.png
C:\fystore\bmp\fystorefystore.exe.png
C:\fystore\bmp\google chromesetup.exe.png
C:\fystore\bmp\{90140000-0115-0409-1000-0000000ff1ce}_office14.proplus_{516ca4a9-98e6-4f77-a863-cbd8487368e4}oarpmany.exe.png
C:\fystore\bmp\{90140000-0117-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0016-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0015-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0011-0000-1000-0000000ff1ce}_office14.proplus_{10c9c7c6-7d13-4b15-8118-ef2e56129fc4}oarpmany.exe.png
%TEMP%\evb4d67.tmp
%TEMP%\evb61d2.tmp
%TEMP%\evb627e.tmp
%TEMP%\evb628f.tmp
%TEMP%\evb638a.tmp
%TEMP%\evb65ad.tmp
%TEMP%\evb65cd.tmp
%TEMP%\evb65dd.tmp
%TEMP%\evb6726.tmp
%TEMP%\evb6746.tmp
%TEMP%\evb6786.tmp
%TEMP%\evb67b5.tmp
%TEMP%\evb4d08.tmp
%TEMP%\evb67d6.tmp
%TEMP%\evb67f7.tmp
%TEMP%\evb6807.tmp
%TEMP%\evb6818.tmp
%TEMP%\evb6829.tmp
%TEMP%\evb6ae8.tmp
%TEMP%\evb877d.tmp
C:\fystore\bmp\microsoft .net framework 4 client profilesetup.exe.png
C:\fystore\bmp\microsoft .net framework 4 extendedsetup.exe.png
C:\fystore\bmp\mozilla firefox 78.0.2 (x64 en-us)helper.exe.png
C:\fystore\bmp\mozilla thunderbird 78.9.1 (x64 en-us)helper.exe.png
C:\fystore\bmp\office14.proplussetup.exe.png
C:\fystore\bmp\winrar archiveruninstall.exe.png
%TEMP%\evb67e6.tmp
C:\fystore\bmp\{53f49750-6209-4fbf-9ca8-7a333c87d1ed}_is1unins000.exe.png
C:\fystore\localstorage\http_api.00nb.cn.localstorage

Substitutes the following files

C:\fystore\bmp\fystorefystore.exe.png
C:\fystore\bmp\{90140000-0044-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-006e-0409-1000-0000000ff1ce}_office14.proplus_{516ca4a9-98e6-4f77-a863-cbd8487368e4}oarpmany.exe.png
C:\fystore\bmp\{90140000-00a1-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-00ba-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0115-0409-1000-0000000ff1ce}_office14.proplus_{516ca4a9-98e6-4f77-a863-cbd8487368e4}oarpmany.exe.png
C:\fystore\bmp\{90140000-0117-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0011-0000-1000-0000000ff1ce}_office14.proplus_{10c9c7c6-7d13-4b15-8118-ef2e56129fc4}oarpmany.exe.png
C:\fystore\bmp\opera 29.0.1795.47launcher.exe.png
C:\fystore\bmp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}vcredist_x64.exe.png
C:\fystore\bmp\{295d1583-fdb9-414b-a4c8-da539362a26b}vc_redist.x64.exe.png
C:\fystore\bmp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}vcredist_x86.exe.png
C:\fystore\bmp\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}vc_redist.x86.exe.png
C:\fystore\bmp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}vcredist_x64.exe.png
C:\fystore\bmp\{f65db027-aff3-4070-886a-0d87064aabb1}vcredist_x86.exe.png
C:\fystore\bmp\{90140000-0043-0000-1000-0000000ff1ce}_office14.proplus_{e8b6d35b-0b6f-4dce-9493-859bf3809a7f}oarpmany.exe.png
C:\fystore\bmp\{90140000-0043-0409-1000-0000000ff1ce}_office14.proplus_{fcd1c311-8b02-4dbd-ba46-1079c629577e}oarpmany.exe.png
C:\fystore\bmp\{90140000-002c-0409-1000-0000000ff1ce}_office14.proplus_{270ca0b9-9881-44db-bc3b-37c7e66a044a}oarpmany.exe.png
C:\fystore\bmp\{90140000-001f-0c0a-1000-0000000ff1ce}_office14.proplus_{1779650b-2e44-4a19-8df6-3866d645764a}oarpmany.exe.png
C:\fystore\bmp\{90140000-001f-040c-1000-0000000ff1ce}_office14.proplus_{b51389c8-2890-4633-81d8-47d2a7402274}oarpmany.exe.png
C:\fystore\bmp\{53f49750-6209-4fbf-9ca8-7a333c87d1ed}_is1unins000.exe.png
C:\fystore\bmp\microsoft .net framework 4 client profilesetup.exe.png
C:\fystore\bmp\microsoft .net framework 4 extendedsetup.exe.png
C:\fystore\bmp\mozilla firefox 78.0.2 (x64 en-us)helper.exe.png
C:\fystore\bmp\mozilla thunderbird 78.9.1 (x64 en-us)helper.exe.png
C:\fystore\bmp\office14.proplussetup.exe.png
C:\fystore\bmp\{fd9b6070-d13e-45dc-819b-41806bf45b6b}vc_redist.x64.exe.png
C:\fystore\bmp\steamuninstall.exe.png
C:\fystore\bmp\winrar archiveruninstall.exe.png
C:\fystore\bmp\{90140000-0016-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0018-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-0019-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-001a-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-001b-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\bmp\{90140000-001f-0409-1000-0000000ff1ce}_office14.proplus_{0242505c-4e90-407f-9299-b5b275f50d86}oarpmany.exe.png
C:\fystore\bmp\google chromesetup.exe.png
C:\fystore\bmp\{90140000-0015-0409-1000-0000000ff1ce}_office14.proplus_{ec583796-6bbb-47dd-b9ce-b5da12d71135}oarpmany.exe.png
C:\fystore\localstorage\http_api.00nb.cn.localstorage

Network activity

Connects to

'ap#.00nb.cn':80
'localhost':49195
'localhost':49198
'localhost':49201
'localhost':49215
'pc#.#timg.com':443

TCP

HTTP GET requests

http://ap#.00nb.cn//softManageFile/png/%e9%a3%8e%e4%ba%91%e8%bd%af%e4%bb%b6%e7%ae%a1%e5%ae%b6@2x_20230901172329.png
http://ap#.00nb.cn//softManageFile/jpg/YY%E8%AF%AD%E9%9F%B3100_20231115171712.jpg
http://ap#.00nb.cn//softManageFile/png/%E5%AD%A6%E4%B9%A0%E9%80%9A_20230928164546.png
http://ap#.00nb.cn//softManageFile/jpg/%E5%AD%A6%E4%B9%A0%E9%80%9A100_20231115171705.jpg
http://ap#.00nb.cn//softManageFile/icon/%E5%8A%9E%E5%85%AC/%E6%9C%89%E9%81%93%E4%BA%91%E7%AC%94%E8%AE%B0/1.png
http://ap#.00nb.cn//softManageFile/jpg/%E6%9C%89%E9%81%93%E4%BA%91%E7%AC%94%E8%AE%B0100_20231115171700.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E9%92%89%E9%92%89_20230907203158.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E9%92%89%E9%92%89100_20231115171653.jpg
http://ap#.00nb.cn//softManageFile/png/360anquanliulanqi_20230927172110.png
http://ap#.00nb.cn//softManageFile/jpg/360%E5%AE%89%E5%85%A8%E6%B5%8F%E8%A7%88%E5%99%A8100_20231115170956.jpg
http://ap#.00nb.cn//softManageFile/icon/%E8%A7%86%E9%A2%91/%E5%A4%AE%E8%A7%86%E5%BD%B1%E9%9F%B3/1.png
http://ap#.00nb.cn//softManageFile/png/Todesk_20230926170922.png
http://ap#.00nb.cn//softManageFile/jpg/%E5%8A%9E%E5%85%AC_20231115105627.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E8%B5%84%E8%AE%AF_20231115175344.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E5%A4%AE%E8%A7%86%E5%BD%B1%E9%9F%B3100_20231115170950.jpg
http://ap#.00nb.cn//softManageFile/jpg/todesk100_20231115170935.jpg
http://ap#.00nb.cn//softManageFile/jpg/YY%E8%AF%AD%E9%9F%B3_20230928163949.jpg
http://ap#.00nb.cn//softManageFile/png/%E6%8A%96%E9%9F%B3_20230927175550.png
http://ap#.00nb.cn//softManageFile/jpg/qq%E9%82%AE%E7%AE%B1_20231007170442.jpg
http://ap#.00nb.cn//softManageFile/icon/%E8%81%8A%E5%A4%A9/%E9%85%B7%E7%8B%97%E7%9B%B4%E6%92%AD/1.png
http://ap#.00nb.cn//softManageFile/icon/%E5%8A%9E%E5%85%AC/WPS%20office/1.png
http://ap#.00nb.cn//softManageFile/icon/%E6%B5%8F%E8%A7%88%E5%99%A8/UC%E6%B5%8F%E8%A7%88%E5%99%A8%20%E8%81%94%E6%83%B3%E7%89%88/1.png
http://ap#.00nb.cn//softManageFile/icon/%E5%89%AA%E8%BE%91/%E8%BD%AC%E7%A0%81%E5%AE%9D/1.png
http://ap#.00nb.cn//softManageFile/icon/%E6%A1%8C%E9%9D%A2/%E5%B0%8F%E5%90%AF%E5%A3%81%E7%BA%B8/1.png
http://ap#.00nb.cn//softManageFile/icon/%E5%8A%9E%E5%85%AC/%E9%A3%9E%E4%B9%A6%E4%BC%9A%E8%AE%AE%E5%AE%A4/1.png
http://ap#.00nb.cn//softManageFile/png/%E9%87%8E%E8%91%B1%E8%A7%86%E9%A2%91%E8%BD%AC%E6%8D%A2%E5%99%A8_20230928165802.png
http://ap#.00nb.cn//softManageFile/png/DoDo_20230928170310.png
http://ap#.00nb.cn//softManageFile/icon/%E6%A1%8C%E9%9D%A2/%E8%8A%92%E6%9E%9C%E5%A3%81%E7%BA%B8/1.png
http://ap#.00nb.cn//softManageFile/icon/%E7%BD%91%E7%BB%9C/%E4%B8%AD%E5%9B%BD%E7%A7%BB%E5%8A%A8%E4%BA%91%E7%9B%98/1.png
http://ap#.00nb.cn//softManageFile/icon/%E5%89%AA%E8%BE%91/%E7%A6%8F%E6%98%95%E8%A7%86%E9%A2%91%E5%8E%8B%E7%BC%A9%E5%A4%A7%E5%B8%88/1.png
http://ap#.00nb.cn//softManageFile/icon/%E5%89%AA%E8%BE%91/%E9%97%AA%E7%94%B5MP4%E8%A7%86%E9%A2%91%E8%BD%AC%E6%8D%A2%E7%8E%8B/1.png
http://ap#.00nb.cn//softManageFile/icon/%E5%89%AA%E8%BE%91/%E8%BF%85%E6%8D%B7%E8%A7%86%E9%A2%91%E5%89%AA%E8%BE%91%E8%BD%AF%E4%BB%B6/1.png
http://ap#.00nb.cn//softManageFile/icon/%E5%89%AA%E8%BE%91/%E7%88%B1%E6%8B%8D%E5%89%AA%E8%BE%91/1.png
http://ap#.00nb.cn//softManageFile/icon/%E5%8A%9E%E5%85%AC/%E6%94%BF%E5%8A%A1%E5%BE%AE%E4%BF%A1/1.png
http://ap#.00nb.cn//softManageFile/icon/%E8%BE%93%E5%85%A5%E6%B3%95/%E7%99%BE%E5%BA%A6%E8%BE%93%E5%85%A5%E6%B3%95%20%E8%81%94%E6%83%B3%E7%89%88/1.png
http://ap#.00nb.cn//softManageFile/jpg/%E6%B5%8F%E8%A7%88%E5%99%A8_20231115005919.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E6%8A%96%E9%9F%B3100_20231115171716.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E5%89%AA%E8%BE%91_20231115010137.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E6%96%B9%E5%9D%97%E5%8C%BA_%E7%94%BB%E6%9D%BF%201_20230918164334.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E6%96%B9%E5%9D%97%E5%8C%BA-03_20230918164418.jpg
http://ap#.00nb.cn//softManageFile/ico/%E9%A3%9E%E7%81%AB%E5%A3%81%E7%BA%B8_20240529152444.ico
http://ap#.00nb.cn//softManageFile/jpg/%E6%96%B9%E5%9D%97%E5%8C%BA-04_20230918164407.jpg
http://ap#.00nb.cn/assets/set_gary2-481f3563.png
http://ap#.00nb.cn/assets/MicrosoftYaHei-01-443f0aa8.ttf
http://ap#.00nb.cn/_
http://ap#.00nb.cn/assets/RecommenSoft-a4769558.js
http://ap#.00nb.cn/assets/RecommenSoft-2e47e756.css
http://ap#.00nb.cn/assets/polyfills-legacy-744d4e7a.js
http://ap#.00nb.cn/assets/index-2e8021be.css
http://ap#.00nb.cn/assets/index-f1f9291d.js
http://ap#.00nb.cn/
http://ap#.00nb.cn//softManageFile/db/base.db?ti##################
http://ap#.00nb.cn//softManageFile/png/install_bg_20230901174156.png
http://ap#.00nb.cn//softManageFile/png/logo_20230824154816.png
http://ap#.00nb.cn//softManageFile/jpg/%E6%96%B9%E5%9D%97%E5%8C%BA-02_20230918164429.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E6%96%97%E9%B1%BC_20231008175959.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E5%BE%AE%E4%BF%A1_20230907155949.jpg
http://ap#.00nb.cn//softManageFile/jpg/qq%E6%B5%8F%E8%A7%88%E5%99%A81_20231008180054.jpg
http://ap#.00nb.cn//softManageFile/png/QQ_20230906220549.png
http://ap#.00nb.cn//softManageFile/png/%E8%85%BE%E8%AE%AF%E6%96%87%E6%A1%A3_20230907193844.png
http://ap#.00nb.cn//softManageFile/png/%E7%BD%91%E6%98%93%E4%BA%91%E9%9F%B3%E4%B9%90_20230928154235.png
http://ap#.00nb.cn//softManageFile/jpg/%E8%85%BE%E8%AE%AF%E8%A7%86%E9%A2%91_20231113165259.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E6%8A%96%E9%9F%B3_20231113165255.jpg
http://ap#.00nb.cn//softManageFile/ico/%E9%A3%9E%E7%81%AB%E5%A3%81%E7%BA%B8_20240529150407.ico
http://ap#.00nb.cn//softManageFile/jpg/WPS_20231113165249.jpg
http://ap#.00nb.cn//softManageFile/jpg/QQ%E9%9F%B3%E4%B9%90_20231113165245.jpg
http://ap#.00nb.cn//softManageFile/jpg/360%E5%AE%89%E5%85%A8%E6%B5%8F%E8%A7%88%E5%99%A8_20231113165240.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E9%85%B7%E7%8B%97%E9%9F%B3%E4%B9%90_20230926172320.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E8%8A%92%E6%9E%9Ctv_20230926172331.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E8%85%BE%E8%AE%AF%E7%94%B5%E8%84%91%E7%AE%A1%E5%AE%B6_20230926172240.jpg
http://ap#.00nb.cn//softManageFile/jpg/QQmusic_20230926172356.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E5%BE%AE%E4%BF%A1_20230926172414.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E7%88%B1%E5%A5%87%E8%89%BA_20230926172423.jpg
http://ap#.00nb.cn//softManageFile/jpg/%E7%A4%BE%E4%BA%A4_20231115230011.jpg
http://ap#.00nb.cn//softManageFile/icon/%E5%8A%9E%E5%85%AC/WPS%20Office%202021/1.png

HTTP POST requests

http://ap#.00nb.cn/softManage/external/hotSearch
http://ap#.00nb.cn/softManage/external/recSoft
http://ap#.00nb.cn/softManage/external/softRecPopup

Other

'localhost':49195
'localhost':49196
'localhost':49198
'localhost':49199
'localhost':49201
'localhost':49202
'localhost':49215
'localhost':49216
'pc#.#timg.com':443

UDP

DNS ASK ap#.00nb.cn
DNS ASK pc#.#timg.com

Miscellaneous

Creates and executes the following

'C:\fystore\fystore.exe' <File name>.exe

Executes the following

'%WINDIR%\syswow64\cmd.exe' /c mkdir c:\softDown
'C:\fystore\fystore.exe' <File name>.exe' (with hidden window)

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней