Technical Information
- [<HKLM>\System\CurrentControlSet\Services\s01083473] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\s01083473] 'ImagePath' = '%WINDIR%\s01083473'
- 's01083473' %WINDIR%\s01083473
- '%ProgramFiles%\internet explorer\iexplore.exe' http://to#####.bjbaishun.com/index.htm
- %WINDIR%\s01083473
- %WINDIR%\temp\udd95b9.tmp
- %WINDIR%\temp\udd95b9.tmp
- from <Full path to file> to %WINDIR%\s01083473.tmp
- DNS ASK to#####.bjbaishun.com
- DNS ASK li#.##baishun.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'Static' WindowName: ''
- '%ProgramFiles%\internet explorer\iexplore.exe' http://to#####.bjbaishun.com/index.htm' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "<Full path to file>' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "<Full path to file>