from %PROGRAM_FILES%\tmp.tmp to %PROGRAM_FILES%\Internet Explorer\SqlServer.exe
from <Full path to virus> to %PROGRAM_FILES%\tmp.tmp
Network activity:
Connects to:
'qq####7888.vicp.cc':3660
UDP:
DNS ASK qq####7888.vicp.cc
Miscellaneous:
Searches for the following windows:
ClassName: 'RegEdit_RegEdit' WindowName: ''
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more