Техническая информация
- %PROGRAM_FILES%\Internet Explorer\carss.exe "%PROGRAM_FILES%\Internet Explorer\file.III" rukou
- <SYSTEM32>\xcopy.exe /y c:\1.txt <SYSTEM32>\GroupPolicy\Machine\Scripts\
- <SYSTEM32>\gpupdate.exe /force
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\sys.bat" "
- <SYSTEM32>\xcopy.exe /y c:\gpt.txt <SYSTEM32>\GroupPolicy
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments] 'SaveZoneInformation' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '*.bat'
- <SYSTEM32>\GroupPolicy\gpt.txt
- C:\1.txt
- <SYSTEM32>\GroupPolicy\Machine\Scripts\1.txt
- %WINDIR%\xiaoyi.txt
- %HOMEPATH%\ntuser.pol
- C:\gpt.txt
- %TEMP%\114156_res.tmp
- %PROGRAM_FILES%\Internet Explorer\carss.exe
- %TEMP%\122859_res.tmp
- %PROGRAM_FILES%\sys.bat
- %PROGRAM_FILES%\Internet Explorer\360safe.lnk
- C:\gpt.txt
- C:\1.txt
- <SYSTEM32>\GroupPolicy\gpt.txt
- из C:\tmp.tmp в %PROGRAM_FILES%\Internet Explorer\QQ.exe
- из <Полный путь к вирусу> в C:\tmp.tmp
- 'pc######1118tvv.localdomain':445
- 'qq#####7833.3322.org':888
- DNS ASK pc######1118tvv.localdomain
- DNS ASK qq#####7833.3322.org