Technical Information
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\dl8ce3.tmp
- %TEMP%\tbad10.tmp
- %WINDIR%\temp\exttools.dll
- 'wb###ong.com':80
- 'v1.#nzz.com':443
- 'wb##.#####n-hangzhou.aliyuncs.com':80
- '00##.#bxitong.com':443
- http://wb###ong.com/tongji/tongji.php?us###############################
- http://wb###ong.com/success.php
- http://00##.#bxitong.com/0007.html
- http://wb###ong.com/tz_interval2.php
- http://wb###ong.com/win7mode.php
- http://wb###ong.com/lk_secs.php
- http://wb###ong.com/tasknum.php
- http://wb###ong.com/fetchtbsim.php
- http://wb##.#####n-hangzhou.aliyuncs.com/tbsim.exe
- 'v1.#nzz.com':443
- 'wb###ong.com':443
- DNS ASK wb###ong.com
- DNS ASK 00##.#bxitong.com
- DNS ASK v1.#nzz.com
- DNS ASK wb##.#####n-hangzhou.aliyuncs.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\tbad10.tmp'
- '%WINDIR%\syswow64\svchost.exe' ' (with hidden window)
- '%TEMP%\tbad10.tmp' ' (with hidden window)
- '%WINDIR%\syswow64\svchost.exe'