Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQdoctorRtp.exe] 'debugger' = '"%PROGRAM_FILES%\360\360safe\360Safe.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe] 'debugger' = '"%PROGRAM_FILES%\360\360safe\360Safe.exe"'
- %TEMP%\step$rewer2\winnt32.exe
- %TEMP%\step$rewer2\z.exe
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQdoctorRtp.exe" /v debugger /d """"%PROGRAM_FILES%\360\360safe\360Safe.exe"""" /f
- <SYSTEM32>\taskkill.exe /f /im 360sd.exe
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe" /v debugger /d """"%PROGRAM_FILES%\360\360safe\360Safe.exe"""" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\z.bat""
- <SYSTEM32>\cmd.exe /c ""%TEMP%\win32.bat""
- %TEMP%\bd.ico
- %TEMP%\step$rewer2\winnt32.exe
- %TEMP%\gg.ico
- %TEMP%\exe2.tmp
- %TEMP%\win32.bat
- %TEMP%\winnt32.exe
- %TEMP%\z.exe
- %TEMP%\z.bat
- %TEMP%\step$rewer2\z.exe
- %TEMP%\exe1.tmp
- %TEMP%\z.exe
- %TEMP%\winnt32.exe
- %TEMP%\z.bat
- %TEMP%\step$rewer2\winnt32.exe
- %TEMP%\step$rewer2\z.exe
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''