Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'name' = 'C:\Users\QQmini.exe'
- <SYSTEM32>\tasks\В№ГЁВёГЁГЁГ¼þéý¼¶·þîñ
- qqmini.exe
- C:\users\qqmini.exe
- C:\users\md5.png
- '22#.#86.21.35':8000
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- 'C:\users\qqmini.exe'
- '%WINDIR%\syswow64\cmd.exe' /c cmd.exe /c SCHTASKS /Create /SC ONSTART /TN ¹È¸èÈГ¼þÉý¼¶·þÎñ /TR C:\Users\QQmini.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cmd.exe /c SCHTASKS /Create /SC ONSTART /TN ¹È¸èÈГ¼þÉý¼¶·þÎñ /TR C:\Users\QQmini.exe
- '%WINDIR%\syswow64\cmd.exe' /c SCHTASKS /Create /SC ONSTART /TN ¹È¸èÈГ¼þÉý¼¶·þÎñ /TR C:\Users\QQmini.exe
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC ONSTART /TN ¹È¸èÈГ¼þÉý¼¶·þÎñ /TR C:\Users\QQmini.exe