Technical Information
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QQ°²È«ÖÐÐÄ' = 'C:\Users\Public\1.exe'
- [HKLM\System\CurrentControlSet\Services\CreateSvcRpc_796915] 'ImagePath' = 'reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v QQ°²È«ÖÐÐÄ /t REG_SZ /d "C:\Users\Public\1.exe" /f'
- 'CreateSvcRpc_796915' reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v QQ°²È«ÖÐÐÄ /t REG_SZ /d "C:\Users\Public\1.exe" /f
- <SYSTEM32>\reg.exe
- C:\users\public\proj.exe
- C:\users\public\1.exe
- '47.##1.11.103':80
- '47.##0.90.204':80
- '47.##0.90.204':3003
- http://47.##1.11.103/dsaf47.110.90.204.txt
- http://47.##0.90.204/mm.txt
- http://47.##0.90.204/m.txt
- '47.##0.90.204':3003
- 'C:\users\public\proj.exe'
- 'C:\users\public\1.exe'
- '%WINDIR%\syswow64\wbem\wmic.exe' process get ExecutablePath,Name' (with hidden window)
- 'C:\users\public\1.exe' ' (with hidden window)
- '%WINDIR%\syswow64\wbem\wmic.exe' process get ExecutablePath,Name
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v QQ°²È«ÖÐÐÄ /t REG_SZ /d "C:\Users\Public\1.exe" /f