Техническая информация
- '%ALLUSERSPROFILE%\Documents\Agent.exe' /s0
- '%ALLUSERSPROFILE%\Documents\Matrix42Update.exe'
- '%ALLUSERSPROFILE%\Documents\Agent.exe' (загружен из сети Интернет)
- '<SYSTEM32>\net1.exe' share Free=%HOMEPATH%
- '<SYSTEM32>\cmd.exe' /c "%ALLUSERSPROFILE%\Documents\app.bat"
- '<SYSTEM32>\cacls.exe' %HOMEPATH% /G Jeder:F /E /T
- '<SYSTEM32>\cacls.exe' %HOMEPATH% /G admin:F /E /T
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Agent[1].exe
- %ALLUSERSPROFILE%\Documents\Agent.exe
- %ALLUSERSPROFILE%\Documents\app.bat
- %ALLUSERSPROFILE%\Documents\taskkill.exe
- %TEMP%\nsj2.tmp
- %ALLUSERSPROFILE%\Documents\Matrix42Update.exe
- %ALLUSERSPROFILE%\Documents\runasspc.exe
- '91.##1.10.160':80
- 'localhost':1039
- 91.##1.10.160/Agent.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'