Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'BJtnC0MGq9' = 'C:\BJtnC0MGq9BJtnC0MGq9\BJtnC0MGq9.vbs'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\BJtnC0MGq9\4h0huJ.vbs"
- '<SYSTEM32>\cmd.exe' /c copy /Y "%HOMEPATH%\BJtnC0MGq9\x" C:\BJtnC0MGq9BJtnC0MGq9\x && copy /Y "%HOMEPATH%\BJtnC0MGq9\qqhg.dll" C:\BJtnC0MGq9BJtnC0MGq9\qqhg.dll
- '<SYSTEM32>\rundll32.exe' qqhg.dll azd81fr
- <SYSTEM32>\rundll32.exe
- C:\BJtnC0MGq9BJtnC0MGq9\BJtnC0MGq9.vbs
- C:\BJtnC0MGq9BJtnC0MGq9\x
- C:\BJtnC0MGq9BJtnC0MGq9\qqhg.dll
- %HOMEPATH%\BJtnC0MGq9\4h0huJ.vbs
- %HOMEPATH%\BJtnC0MGq9\x
- %HOMEPATH%\BJtnC0MGq9\qqhg.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''