Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\System.lnk
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX1\12.vbs"
- '<SYSTEM32>\find.exe' "Svchost.exe"
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\tasklist.exe' /fi "IMAGENAME eq Svchost.exe"
- '%TEMP%\RarSFX0\24.exe' -pyjdsqvbif
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX1\12.bat" "
- %TEMP%\RarSFX1\Svchost.exe
- %TEMP%\RarSFX1\12.VBS
- %TEMP%\RarSFX0\24.exe
- %TEMP%\RarSFX1\12.bat
- %TEMP%\RarSFX1\Svchost.exe
- %TEMP%\RarSFX0\24.exe
- %TEMP%\RarSFX1\12.bat
- %TEMP%\RarSFX1\12.VBS
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''