Technical Information
- [<HKLM>\System\CurrentControlSet\Services\QQ°²È«·À»¤½ø³Ì£¨Q¶Ü£©] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\QQ°²È«·À»¤½ø³Ì£¨Q¶Ü£©] 'ImagePath' = '<SYSTEM32>\QQProtect.exe'
- 'QQ°²È«·À»¤½ø³Ì£¨Q¶Ü£©' <SYSTEM32>\QQProtect.exe
- %WINDIR%\syswow64\qqprotect.exe
- C:\4932.vbs
- %WINDIR%\syswow64\qqprotect.exe
- C:\4932.vbs
- '11#.#31.63.227':21
- '%WINDIR%\syswow64\qqprotect.exe'
- '%WINDIR%\syswow64\qqprotect.exe' Win7
- '%WINDIR%\syswow64\wscript.exe' "C:\4932.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\4932.vbs"' (with hidden window)