Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'oPwycytk2l' = 'C:\oPwycytk2loPwycytk2l\oPwycytk2l.vbs'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\oPwycytk2l\snUDi5.vbs" ;de5MoHIpi3
- '<SYSTEM32>\cmd.exe' /c copy /Y "%HOMEPATH%\oPwycytk2l\x" C:\oPwycytk2loPwycytk2l\x && copy /Y "%HOMEPATH%\oPwycytk2l\hkl1.dll" C:\oPwycytk2loPwycytk2l\hkl1.dll
- '<SYSTEM32>\rundll32.exe' hkl1.dll ar2nnd6
- <SYSTEM32>\rundll32.exe
- C:\oPwycytk2loPwycytk2l\oPwycytk2l.vbs
- C:\oPwycytk2loPwycytk2l\x
- C:\oPwycytk2loPwycytk2l\hkl1.dll
- %HOMEPATH%\oPwycytk2l\snUDi5.vbs
- %HOMEPATH%\oPwycytk2l\x
- %HOMEPATH%\oPwycytk2l\hkl1.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''