Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = '<SYSTEM32>\rundll32.vbs'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'w0rm' = '<SYSTEM32>\w0rm.exe'
- <SYSTEM32>\USB_C.exe
- %TEMP%\GUSANO.exe
- <SYSTEM32>\xcopy.exe /h a:\programa.exe <SYSTEM32>
- <SYSTEM32>\xcopy.exe /h f:\programa.exe <SYSTEM32>
- <SYSTEM32>\wscript.exe "%TEMP%\REGISTRO.vbs"
- <SYSTEM32>\WINDIR.exe
- <SYSTEM32>\w0rm.exe
- %TEMP%\a80966.bat
- <SYSTEM32>\rundll32.vbs
- %TEMP%\GUSANO.exe
- %TEMP%\sfx.ini
- <SYSTEM32>\USB_C.exe
- %TEMP%\REGISTRO.vbs
- %TEMP%\a80966.bat
- %TEMP%\sfx.ini
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''