Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\windos.vbs
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\good.vbs"
- '%TEMP%\RarSFX1\windows.exe'
- '%TEMP%\RarSFX0\file.exe' -pMatri03T31
- %TEMP%\RarSFX1\windows.exe
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{6E006500-7800-3500-6900-660063003300}
- %TEMP%\RarSFX0\file.exe
- %TEMP%\RarSFX0\good.vbs
- %TEMP%\RarSFX0\file.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''