Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Corporation JFcOiNMFdTZSIHDT' = '%APPDATA%\JFcOiNMFdTZSIHDT.exe'
- '%APPDATA%\Processname.exe'
- '<SYSTEM32>\wscript.exe'
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > %APPDATA%\JFcOiNMFdTZSIHDT.exe:ZONE.identifier
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > %APPDATA%\Processname.exe:ZONE.identifier
- '%APPDATA%\Processname.exe'
- <SYSTEM32>\wscript.exe
- %TEMP%\aut3.tmp
- %APPDATA%\JFcOiNMFdTZSIHDT.exe
- %TEMP%\UZfWiPOCYGfC
- %TEMP%\aut5.tmp
- %TEMP%\aut4.tmp
- %TEMP%\JFcOiNMFdTZS
- %TEMP%\aut1.tmp
- %APPDATA%\Processname.exe
- %TEMP%\aut2.tmp
- C:\Documents
- %APPDATA%\JFcOiNMFdTZSIHDT.exe
- %APPDATA%\Processname.exe
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''