Technical Information
- %TEMP%\11.exe
- %TEMP%\svchost.tmp
- %WINDIR%\linkinfo.dll
- %TEMP%\11.exe
- %TEMP%\svchost.tmp
- from <Full path to file> to <Current directory>\87i3isx.exe
- '48##7.cc':80
- 'mu##6.cn':80
- 'im####.#dn.0343.zrenren.com':80
- '10#.#17.72.75':8000
- http://48##7.cc/
- http://mu##6.cn/bzb.asp
- http://mu##6.cn/jcsj.asp
- http://48##7.cc/images/app.css
- http://48##7.cc/2.png
- http://48##7.cc/1.png
- http://48##7.cc/3.png
- http://im####.#dn.0343.zrenren.com/2.png?d=########
- http://im####.#dn.0343.zrenren.com/3.png?d=########
- http://im####.#dn.0343.zrenren.com/1.png?d=########
- DNS ASK 48##7.cc
- DNS ASK mu##6.cn
- DNS ASK im####.#dn.0343.zrenren.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\svchost.tmp'
- '%TEMP%\svchost.tmp' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rundll32.exe %WINDIR%\linkinfo.dll hi' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rundll32.exe %WINDIR%\linkinfo.dll hi
- '%WINDIR%\syswow64\rundll32.exe' %WINDIR%\linkinfo.dll hi