Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DPRINT' = '%ProgramFiles%\ACS\DPA\DPAUI.exe'
- '<SYSTEM32>\net.exe' stop acsdpa
- %ProgramFiles%\acs\dpa\temp\acsdpa.exe
- %ProgramFiles%\acs\dpa\temp\34086244.bat
- %ProgramFiles%\acs\dpa\temp\63135492.bat
- %ProgramFiles%\acs\dpa\temp\dpaui.exe
- %ProgramFiles%\acs\dpa\temp\34086244.bat
- %ProgramFiles%\acs\dpa\temp\63135492.bat
- %ProgramFiles%\acs\dpa\temp\acsdpa.exe в %ProgramFiles%\acs\dpa\acsdpa.exe
- %ProgramFiles%\acs\dpa\temp\dpaui.exe в %ProgramFiles%\acs\dpa\dpaui.exe
- http://dp#.##os-nao.net/Download/ACSDPA_NEW.exe
- http://dp#.##os-nao.net/Download/DPAUI.exe
- DNS ASK dp#.##os-nao.net
- '<SYSTEM32>\cmd.exe' /c ""%ProgramFiles%\ACS\DPA\Temp\34086244.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%ProgramFiles%\ACS\DPA\Temp\63135492.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%ProgramFiles%\ACS\DPA\Temp\34086244.bat" "
- '<SYSTEM32>\net1.exe' stop acsdpa
- '<SYSTEM32>\cmd.exe' /c ""%ProgramFiles%\ACS\DPA\Temp\63135492.bat" "
- '<SYSTEM32>\net.exe' start acsdpa
- '<SYSTEM32>\net1.exe' start acsdpa