Техническая информация
- C:\hdsupdate\AppUpdate.exe
- <SYSTEM32>\cacls.exe "%HOMEPATH%\Local Settings\Temp" /T /P everyone:F
- <SYSTEM32>\net1.exe start W32Time
- <SYSTEM32>\cacls.exe "%TEMP%\c3fc3e5ecdaddce4aac4e4f7927103f3.dat" /T /P everyone:N
- <SYSTEM32>\attrib.exe +H +R "%TEMP%\c3fc3e5ecdaddce4aac4e4f7927103f3.dat"
- <SYSTEM32>\sc.exe config W32Time start=auto
- <SYSTEM32>\sc.exe stop W32Time
- <SYSTEM32>\cmd.exe /c c:\hdsupdate\AppUpdate.exefge.bat
- <SYSTEM32>\wscript.exe c:\xsnern\sxvxy.vbs
- C:\xsnern\sxvxy.vbs
- C:\hdsupdate\AppUpdate.exefge.bat
- C:\hdsupdate\config
- C:\hdsupdate\AppUpdate.exe
- <SYSTEM32>\wbem\Logs\wbemess.lo_
- 'nc###.3322.org':308
- DNS ASK nc###.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''