Technical Information
- '%TEMP%\nso6.tmp\mISM.exe' -ctid=CT3121204
- '%TEMP%\nsl3.tmp\setup.exe' /S
- '%TEMP%\nso6.tmp\mISM.exe' (downloaded from the Internet)
- '<SYSTEM32>\msiexec.exe' -Embedding B7E95149FC2753A44324A485F1A88A24
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\nso6.tmp\vcredist.msi" /qn
- %APPDATA%\Common\LuaRT\json\encode\number.lua
- %APPDATA%\Common\LuaRT\json\encode\object.lua
- %APPDATA%\Common\LuaRT\json\encode\calls.lua
- %APPDATA%\Common\LuaRT\json\decode\util.lua
- %APPDATA%\Common\LuaRT\json\encode\array.lua
- %APPDATA%\Common\LuaRT\json\encode\strings.lua
- %APPDATA%\Common\LuaRT\luasql\sqlite3.dll
- %APPDATA%\Common\LuaRT\json\encode\output_utility.lua
- %APPDATA%\Common\LuaRT\json\encode\others.lua
- %APPDATA%\Common\LuaRT\json\encode\output.lua
- %APPDATA%\Common\LuaRT\json\decode\strings.lua
- %APPDATA%\Common\LuaRT\json\encode.lua
- %APPDATA%\Common\LuaRT\json\util.lua
- %APPDATA%\Common\LuaRT\json\decode.lua
- %APPDATA%\Common\LuaRT\alien\core.dll
- %APPDATA%\Common\LuaRT\alien\struct.dll
- %APPDATA%\Common\LuaRT\json\decode\object.lua
- %APPDATA%\Common\LuaRT\json\decode\others.lua
- %APPDATA%\Common\LuaRT\json\decode\number.lua
- %APPDATA%\Common\LuaRT\json\decode\array.lua
- %APPDATA%\Common\LuaRT\json\decode\calls.lua
- %WINDIR%\Installer\MSID.tmp
- %WINDIR%\Installer\MSIE.tmp
- %WINDIR%\Installer\MSIC.tmp
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\MSIB.tmp
- C:\Config.Msi\360d2.rbs
- %WINDIR%\Installer\MSI14.tmp
- %WINDIR%\Installer\MSI11.tmp
- %WINDIR%\Installer\MSI10.tmp
- %WINDIR%\Installer\MSIF.tmp
- %WINDIR%\Installer\MSI9.tmp
- %APPDATA%\Common\LuaRT\socket\url.lua
- %TEMP%\nso6.tmp\vcredist.msi
- %APPDATA%\Common\LuaRT\socket\http.lua
- %APPDATA%\Common\LuaRT\mime\core.dll
- %APPDATA%\Common\LuaRT\socket\core.dll
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\MSI8.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- %WINDIR%\Installer\360ce.msi
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- %APPDATA%\Common\LuaRT\debug_ext.lua
- %APPDATA%\Common\LuaRT\debug_init.lua
- %APPDATA%\Common\LuaRT\base.lua
- %TEMP%\nso6.tmp\userid.dll
- %APPDATA%\Common\LuaRT\alien.lua
- %APPDATA%\Common\LuaRT\lfs.dll
- %APPDATA%\Common\LuaRT\list.lua
- %APPDATA%\Common\LuaRT\json.lua
- %APPDATA%\Common\LuaRT\getopt.lua
- %APPDATA%\Common\LuaRT\io_ext.lua
- %TEMP%\nso6.tmp\mISM.exe
- %TEMP%\nso6.tmp\checktime.dll
- %TEMP%\nso6.tmp\System.dll
- %TEMP%\nst5.tmp
- %TEMP%\nsp2.tmp
- %TEMP%\nsl3.tmp\setup.exe
- %TEMP%\nso6.tmp\inetc.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mism[1].exe
- %APPDATA%\Sample Program\install.log
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\time[1].php
- %TEMP%\dlf5481.tmp
- %APPDATA%\Common\LuaRT\string_ext.lua
- %APPDATA%\Common\LuaRT\table_ext.lua
- %APPDATA%\Common\LuaRT\strbuf.lua
- %APPDATA%\Common\LuaRT\socket.lua
- %APPDATA%\Common\LuaRT\std.lua
- %APPDATA%\Common\LuaRT\Microsoft.VC80.CRT\msvcp80.dll
- %APPDATA%\Common\LuaRT\Microsoft.VC80.CRT\msvcr80.dll
- %APPDATA%\Common\LuaRT\Microsoft.VC80.CRT\msvcm80.dll
- %APPDATA%\Common\LuaRT\tree.lua
- %APPDATA%\Common\LuaRT\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
- %APPDATA%\Common\LuaRT\set.lua
- %APPDATA%\Common\LuaRT\lua5.1.dll
- %APPDATA%\Common\LuaRT\lua51.dll
- %APPDATA%\Common\LuaRT\lua.exe
- %APPDATA%\Common\LuaRT\lpeg.dll
- %APPDATA%\Common\LuaRT\ltn12.lua
- %APPDATA%\Common\LuaRT\modules.lua
- %APPDATA%\Common\LuaRT\package_ext.lua
- %APPDATA%\Common\LuaRT\mime.lua
- %APPDATA%\Common\LuaRT\luacom.dll
- %APPDATA%\Common\LuaRT\math_ext.lua
- %WINDIR%\Installer\MSI10.tmp
- %WINDIR%\Installer\MSIE.tmp
- %WINDIR%\Installer\MSID.tmp
- C:\Config.Msi\360d2.rbs
- %WINDIR%\Installer\MSIF.tmp
- %WINDIR%\Installer\MSI11.tmp
- %WINDIR%\Installer\MSIC.tmp
- %WINDIR%\Installer\MSI8.tmp
- %WINDIR%\Installer\MSI7.tmp
- %TEMP%\dlf5481.tmp
- %WINDIR%\Installer\MSIB.tmp
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\MSI9.tmp
- 'st####e.conduit.com':80
- '20#.#6.232.182':80
- 'localhost':1035
- '9i##ta.com':80
- 20#.#6.232.182/pki/crl/products/CSPCA.crl
- st####e.conduit.com/ps/conduitinstaller/mini/mism.exe
- 9i##ta.com/time.php
- DNS ASK crl.microsoft.com
- DNS ASK st####e.conduit.com
- DNS ASK 9i##ta.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '#32770' WindowName: '(null)'