Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'jcCBsf' = 'C:\jcCBsfjcCBsf\jcCBsf.vbs'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\ducin\7z52l.vbs"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe'
- '%APPDATA%\ducin\7va30.exe'
- '%HOMEPATH%\ducin\file.exe' -p1234
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe
- C:\jcCBsfjcCBsf\jcCBsf.vbs
- %APPDATA%\jcCBsf
- C:\jcCBsfjcCBsf\jcCBsf.exe
- C:\jcCBsfjcCBsf\x
- %HOMEPATH%\ducin\7z52l.vbs
- %HOMEPATH%\ducin\file.exe
- %APPDATA%\ducin\x
- %APPDATA%\ducin\7va30.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''