Техническая информация
- '<SYSTEM32>\net.exe' stop WinSeries
- '<SYSTEM32>\net1.exe' stop WinSeries
- '<SYSTEM32>\taskkill.exe' /f /im meciond.exe
- '<SYSTEM32>\taskkill.exe' /f /im smssz.exe
- '<SYSTEM32>\taskkill.exe' /f /im minerd.exe
- '<SYSTEM32>\attrib.exe' +s +r +h %WINDIR%\ime\bool2\instsrv.exe
- '%WINDIR%\regedit.exe' /s sh.reg
- '<SYSTEM32>\attrib.exe' +s +h +r *.*
- '<SYSTEM32>\sc.exe' description WinSeries "Dold xport The Makefis"
- '<SYSTEM32>\attrib.exe' +s +r +h %WINDIR%\ime\bool2\csrss.exe
- '<SYSTEM32>\sc.exe' config WinSeries start= auto
- '<SYSTEM32>\sc.exe' stop WintTapiuxl
- '<SYSTEM32>\sc.exe' delete WintTapiuxl
- '<SYSTEM32>\sc.exe' delete WintTapiuxma
- '<SYSTEM32>\sc.exe' delete Systemwicf
- '<SYSTEM32>\sc.exe' stop WintTapiuxma
- '<SYSTEM32>\sc.exe' stop "Network Location Services"
- '<SYSTEM32>\ping.exe' -n 1 127.1
- '<SYSTEM32>\taskkill.exe' /f /im mecoind.exe
- '<SYSTEM32>\sc.exe' delete WinServices
- '<SYSTEM32>\sc.exe' delete "Network Location Services"
- '<SYSTEM32>\sc.exe' stop WinServices
- %TEMP%\~1.bat
- <Полный путь к вирусу>
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'