Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'VMware System' = '%CommonProgramFiles%\VmwatA.exe'
- %TEMP%\server.exe
- %TEMP%\������.exe
- %TEMP%\gzip.dll
- %WINDIR%\syswow64\skinh_el.dll
- %CommonProgramFiles%\vmwata.exe
- http://tq.##isoft.com/index.php/Api/User/index
- DNS ASK tq.##isoft.com
- ClassName: '' WindowName: ''
- '%TEMP%\server.exe'
- '%TEMP%\������.exe'