Technical Information
- '%TEMP%\update.exe'
- '%TEMP%\Tlbbx.exe'
- '<SYSTEM32>\net.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"
- '<SYSTEM32>\net1.exe' stop cryptsvc
- '<SYSTEM32>\net1.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"
- '<SYSTEM32>\net.exe' stop cryptsvc
- '<SYSTEM32>\sc.exe' config cryptsvc start= disabled
- '<SYSTEM32>\sc.exe' delete cryptsvc
- <SYSTEM32>\chinasougou.ime
- <SYSTEM32>\yumidimap.dll
- %TEMP%\Tlbbx.exe
- %TEMP%\update.exe
- 'localhost':1038
- '61.##4.48.75':19980
- DNS ASK jt.###t.91mof.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'CicLoaderWndClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TianLongBaBu WndClass' WindowName: ''