Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'QiyeBit' = 'QiyeBit:\Boot.ini'
- [<HKLM>\SOFTWARE\Classes\QiyeBit\shell\open\command] '' = 'Rundll32 shell32.dll,ShellExec_RunDLLA "<SYSTEM32>\bits\rundll32.exe"'
- '<SYSTEM32>\bits\rundll32.exe'
- '<SYSTEM32>\PING.EXE' 127.1 -n 1
- '<SYSTEM32>\conhost.exe'
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\x[1].asp
- <SYSTEM32>\bits\rundll32.exe
- 'bi#.#etshell.cc':80
- bi#.#etshell.cc/x.asp?la########
- DNS ASK bi#.#etshell.cc
- '22#.0.0.252':5355