Техническая информация
- %CommonProgramFiles%\carss.exe "%CommonProgramFiles%\file.AAA" rukou
- <SYSTEM32>\xcopy.exe /y c:\gpt.txt <SYSTEM32>\GroupPolicy
- <SYSTEM32>\gpupdate.exe /force
- %WINDIR%\regedit.exe /s C:\1.reg
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\sys.bat" "
- C:\computer.txt
- C:\gpt.txt
- <SYSTEM32>\GroupPolicy\gpt.txt
- %WINDIR%\window.txt
- %HOMEPATH%\ntuser.pol
- %CommonProgramFiles%\carss.exe
- C:\1.reg
- %TEMP%\113937_res.tmp
- %PROGRAM_FILES%\sys.bat
- %TEMP%\118750_res.tmp
- C:\gpt.txt
- <SYSTEM32>\GroupPolicy\gpt.ini
- C:\1.reg
- из <Полный путь к вирусу> в %CommonProgramFiles%\SqlServer.exe
- 'hk###3.3322.org':13579
- DNS ASK hk###3.3322.org
- ClassName: 'RegEdit_RegEdit' WindowName: ''