Техническая информация
- '<SYSTEM32>\attrib.exe' "%APPDATA%\Mra\Update\ver.txt" -s -h
- '<SYSTEM32>\reg.exe' export "HKEY_CURRENT_USER\Software\Mail.Ru\Agent\magent_logins3" "%TEMP%\report\regis.reg"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 5000
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 3000
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 9000
- '<SYSTEM32>\attrib.exe' "%TEMP%\report" +h
- '<SYSTEM32>\ntvdm.exe' -f
- '<SYSTEM32>\taskkill.exe' /f /im magent.exe
- '<SYSTEM32>\chcp.com' 1251
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Trojan.bat" > NUL"
- '<SYSTEM32>\taskkill.exe' /f /im opera.exe
- '<SYSTEM32>\tasklist.exe'
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\taskkill.exe' /f /im chrome.exe
- chrome.exe
- opera.exe
- %TEMP%\send.exe
- %TEMP%\send.bat
- %TEMP%\programdecrypt_ru.qm
- %TEMP%\Trojan.bat
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %TEMP%\report\info.txt
- %TEMP%\press.exe
- %TEMP%\blat.lib
- %TEMP%\blat.dll
- %TEMP%\7z.dll
- %TEMP%\blatdll.h
- %TEMP%\press.bat
- %TEMP%\crypt.exe
- %TEMP%\config.ini
- %TEMP%\press.bat
- %TEMP%\crypt.exe
- %TEMP%\config.ini
- %TEMP%\press.exe
- %TEMP%\send.exe
- %TEMP%\send.bat
- %TEMP%\programdecrypt_ru.qm
- %TEMP%\Trojan.bat
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %TEMP%\7z.dll
- %TEMP%\blatdll.h
- %TEMP%\blat.lib
- %TEMP%\blat.dll
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-c98.c9c.380001'
- ClassName: '(null)' WindowName: '(null)'