Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'jx8yyf1LhC' = 'C:\jx8yyf1LhCjx8yyf1LhC\jx8yyf1LhC.vbs'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\jx8yyf1LhC\Kk1zRE.vbs"
- '<SYSTEM32>\cmd.exe' /c copy /Y "%HOMEPATH%\jx8yyf1LhC\x" C:\jx8yyf1LhCjx8yyf1LhC\x && copy /Y "%HOMEPATH%\jx8yyf1LhC\1uox.dll" C:\jx8yyf1LhCjx8yyf1LhC\1uox.dll
- '<SYSTEM32>\rundll32.exe' 1uox.dll a7zda7p
- <SYSTEM32>\rundll32.exe
- C:\jx8yyf1LhCjx8yyf1LhC\jx8yyf1LhC.vbs
- C:\jx8yyf1LhCjx8yyf1LhC\x
- C:\jx8yyf1LhCjx8yyf1LhC\1uox.dll
- %HOMEPATH%\jx8yyf1LhC\Kk1zRE.vbs
- %HOMEPATH%\jx8yyf1LhC\x
- %HOMEPATH%\jx8yyf1LhC\1uox.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''