Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQdoctorRtp.exe] 'debugger' = '"%ProgramFiles%\360\360safe\360Safe.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe] 'debugger' = '"%ProgramFiles%\360\360safe\360Safe.exe"'
- '<SYSTEM32>\ping.exe' -n 1 g-cn.8800.org
- '<SYSTEM32>\ping.exe' -n 1 b-cn.8800.org
- '<SYSTEM32>\findstr.exe' /m /c:"111.111.111.2 www.ba##u.com" "<DRIVERS>\etc\hosts"
- '<SYSTEM32>\taskkill.exe' /f /im 360sd.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\win32.bat""
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe" /v debugger /d """"%ProgramFiles%\360\360safe\360Safe.exe"""" /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQdoctorRtp.exe" /v debugger /d """"%ProgramFiles%\360\360safe\360Safe.exe"""" /f
- %TEMP%\exe1.tmp
- %TEMP%\win32.bat
- <SYSTEM32>\winsd.inf
- <Текущая директория>\a.txt
- %TEMP%\gg.ico
- %TEMP%\bd.ico
- %TEMP%\Internet Explore.url
- %TEMP%\Internet Explore.exe
- <Текущая директория>\a.txt
- <Текущая директория>\a.txt
- DNS ASK b-##.8800.org
- DNS ASK g-##.8800.org
- ClassName: '' WindowName: ''