Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSShell32' = 'wscript //E:vbscript "%APPDATA%\MSShell32" c4bbf69c54'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSShell32' = 'wscript //E:vbscript "%APPDATA%\MSShell32" c4bbf69c54'
- %TEMP%\RarSFX0\Users\Alex\AppData\Roaming\MSShell32
- %APPDATA%\MSShell32
- %TEMP%\RarSFX0\Users\Alex\AppData\Roaming\MSShell32
- %APPDATA%\MSShell32
- %TEMP%\RarSFX0\Users\Alex\AppData\Roaming\MSShell32
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' //E:vbscript "Users\Alex\AppData\Roaming\MSShell32" /es "<Полный путь к файлу>" c4bbf69c54
- '<SYSTEM32>\wscript.exe' //E:vbscript "%APPDATA%\MSShell32" c4bbf69c54