Technical Information
- [HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe%WINDIR%\QQMusic.exe'
- %WINDIR%\qqmusic.exe
- C:\mytemp
- C:\mytemp
- '22#.#8.194.164':22333
- DNS ASK mo###.3322.org
- '%WINDIR%\qqmusic.exe'