Техническая информация
- %PROGRAM_FILES%\Internet Explorer\carss.exe "%PROGRAM_FILES%\Internet Explorer\file.III" pandeng
- <SYSTEM32>\xcopy.exe /y c:\win.txt <SYSTEM32>\GroupPolicy\Machine\Scripts
- <SYSTEM32>\gpupdate.exe /force
- <SYSTEM32>\xcopy.exe /y c:\gpt.txt <SYSTEM32>\GroupPolicy
- %WINDIR%\regedit.exe /s C:\1.reg
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\sys.bat" "
- <SYSTEM32>\GroupPolicy\gpt.txt
- C:\win.txt
- <SYSTEM32>\GroupPolicy\Machine\Scripts\win.txt
- %WINDIR%\window.txt
- %HOMEPATH%\ntuser.pol
- %TEMP%\126609_res.tmp
- %PROGRAM_FILES%\Internet Explorer\carss.exe
- %TEMP%\142578_res.tmp
- C:\gpt.txt
- %PROGRAM_FILES%\sys.bat
- C:\gpt.txt
- <SYSTEM32>\GroupPolicy\Machine\Scripts\win.txt
- <SYSTEM32>\GroupPolicy\gpt.ini
- из <Полный путь к вирусу> в C:\tmp.tmp
- 'xb###.3322.org':3660
- DNS ASK xb###.3322.org
- ClassName: 'RegEdit_RegEdit' WindowName: ''