Техническая информация
- <DRIVERS>\cdaudio.sys файлом <DRIVERS>\SET5.tmp
- <SYSTEM32>\alg.exe
- <SYSTEM32>\spoolsv.exe
- ntvdm.exe
- %TEMP%\aut1.tmp
- %TEMP%\afdyrvm
- %TEMP%\aut2.tmp
- <SYSTEM32>\GroupPolicy\Machine\Registry.pol
- %TEMP%\aut3.tmp
- %TEMP%\qdal.reg
- <SYSTEM32>\ftp.exe.new
- <DRIVERS>\beep.sys.new
- <SYSTEM32>\dllcache\ftp.exe.new
- <SYSTEM32>\dllcache\beep.sys.new
- <DRIVERS>\SET4.tmp
- <DRIVERS>\SET5.tmp
- <SYSTEM32>\dllcache\cdaudio.sys.new
- %TEMP%\aut1.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- <DRIVERS>\cdaudio.sys
- <DRIVERS>\beep.sys
- <SYSTEM32>\debug.exe
- <SYSTEM32>\dllcache\debug.exe
- <SYSTEM32>\ftp.exe
- <SYSTEM32>\edit.com
- <SYSTEM32>\tree.com
- <SYSTEM32>\dllcache\ctfmon.exe
- <SYSTEM32>\wuauclt.exe
- <SYSTEM32>\dllcache\wuauclt.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\dllcache\spoolsv.exe
- <SYSTEM32>\conime.exe
- <SYSTEM32>\dllcache\conime.exe
- <SYSTEM32>\alg.exe
- <SYSTEM32>\dllcache\alg.exe
- %TEMP%\afdyrvm
- <DRIVERS>\SET4.tmp
- %TEMP%\qdal.reg
- <SYSTEM32>\dllcache\cdaudio.sys.new
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c regedit.exe /s %TEMP%\qdal.reg
- '%WINDIR%\regedit.exe' /s %TEMP%\qdal.reg
- '<SYSTEM32>\cmd.exe' /C echo y|cacls <SYSTEM32>\wins\0983 /d everyone
- '<SYSTEM32>\cmd.exe' /S /D /c" echo y"
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wins\0983 /d everyone