Technical Information
- [<HKLM>\software\Wow6432Node\microsoft\windows\CurrentVersion\Run] 'ϵͳÆô¶¯Ïî' = '%WINDIR%\QQ.exe'
- %WINDIR%\libtcmalloc.dll
- %WINDIR%\libuv.dll
- %WINDIR%\qq.exe
- %WINDIR%\7z.exe.exe
- %WINDIR%\linkinfo.dll
- %WINDIR%\7z.exe.exe
- DNS ASK 13####8b.nat123.cc
- ClassName: 'AutoHotkey' WindowName: '<Full path to file>'
- '%WINDIR%\qq.exe'
- '%WINDIR%\7z.exe.exe'
- '%WINDIR%\7z.exe.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rundll32.exe %WINDIR%\linkinfo.dll hi' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rundll32.exe %WINDIR%\linkinfo.dll hi
- '%WINDIR%\syswow64\rundll32.exe' %WINDIR%\linkinfo.dll hi