Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '581Ф¶іМ№ЬАн581' = '%WINDIR%\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Ф¶іМ№ЬАн' = '%WINDIR%\svchost.exe'
- '%WINDIR%\svchost.exe'
- '%TEMP%\2117.exe'
- '<SYSTEM32>\rundll32.exe' setupapi,InstallHinfSection DefaultInstall 128 %WINDIR%\Ф¶іМ№ЬАн.inf
- '<SYSTEM32>\ping.exe' -n 6 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c %TEMP%\xytp.bat
- %WINDIR%\svchost.exe
- %TEMP%\xytp.bat
- %WINDIR%\Ф¶іМ№ЬАн.inf
- %TEMP%\2117.exe
- %TEMP%\setup.log
- %WINDIR%\setup.log
- %WINDIR%\Ф¶іМ№ЬАн.inf
- %TEMP%\2117.exe
- 'qq#####59171.gicp.net':6688
- DNS ASK qq#####59171.gicp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '54yuanchengkongzhi15552'