Technical Information
- [<HKLM>\System\CurrentControlSet\Services\360.com] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\360.com] 'ImagePath' = '<SYSTEM32>\360.com'
- '360.com' <SYSTEM32>\360.com
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- %WINDIR%\syswow64\360.com
- 'xi####io.f3322.net':8880
- DNS ASK xi####io.f3322.net
- ClassName: '18467-41' WindowName: ''
- '%WINDIR%\syswow64\360.com'
- '%WINDIR%\syswow64\360.com' Win7
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> > nul