Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'btlhn' = '%TEMP%\btlhn\37004.vbs'
- '%TEMP%\btlhn\RGWZ.PVAiBpMtCee' CxhxO.PQY
- '<SYSTEM32>\taskkill.exe' /IM mshta.exe
- '<SYSTEM32>\mshta.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\btlhn\kpbyyaGyAjDs.vbs"
- %TEMP%\btlhn\LdUvyCQupl.UGO
- %TEMP%\btlhn\82888.cmd
- %TEMP%\btlhn\37004.vbs
- %TEMP%\btlhn\CxhxO.PQY
- %TEMP%\btlhn\GBktpokG.SIE
- %TEMP%\btlhn\RGWZ.PVAiBpMtCee
- %TEMP%\btlhn\kpbyyaGyAjDs.vbs
- %TEMP%\btlhn\LdUvyCQupl.UGO
- %TEMP%\btlhn\37004.vbs
- %TEMP%\btlhn\82888.cmd
- %TEMP%\btlhn\CxhxO.PQY
- %TEMP%\btlhn\GBktpokG.SIE
- %TEMP%\btlhn\RGWZ.PVAiBpMtCee
- %TEMP%\btlhn\kpbyyaGyAjDs.vbs
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'