Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'nijqhvltH5' = 'C:\nijqhvltH5nijqhvltH5\nijqhvltH5.vbs'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\nijqhvltH5\CsrXkC.vbs"
- '<SYSTEM32>\cmd.exe' /c copy /Y "%HOMEPATH%\nijqhvltH5\x" C:\nijqhvltH5nijqhvltH5\x && copy /Y "%HOMEPATH%\nijqhvltH5\al7m.dll" C:\nijqhvltH5nijqhvltH5\al7m.dll
- '<SYSTEM32>\rundll32.exe' al7m.dll aewjwxm
- <SYSTEM32>\rundll32.exe
- C:\nijqhvltH5nijqhvltH5\nijqhvltH5.vbs
- C:\nijqhvltH5nijqhvltH5\x
- C:\nijqhvltH5nijqhvltH5\al7m.dll
- %HOMEPATH%\nijqhvltH5\CsrXkC.vbs
- %HOMEPATH%\nijqhvltH5\x
- %HOMEPATH%\nijqhvltH5\al7m.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''