Техническая информация
- <SYSTEM32>\cmd.exe /c """%TEMP%\Temp\Adminstrator.exe.bat"" "
- <SYSTEM32>\cmd.exe /c """%TEMP%\Temp\QQCar.exe.bat"" "
- %TEMP%\Temp\Adminstrator.exe.bat
- %PROGRAM_FILES%\VMware\VMware Tools\VMwareUser.exe
- %TEMP%\Temp\QQCar.exe.bat
- %TEMP%\Temp\QQCar.exe
- %TEMP%\Temp\Adminstrator.exe
- 'we#.#q-car.com':80
- we#.#q-car.com/qq.php?ac#####################
- DNS ASK ns.###3-domain.com
- DNS ASK we#.#q-car.com
- 'ns.###3-domain.com':8000
- ClassName: 'Shell_TrayWnd' WindowName: ''