Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ptvRvDdJXF' = 'C:\ptvRvDdJXFptvRvDdJXF\ptvRvDdJXF.vbs'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\ptvRvDdJXF\tE1YWu.vbs" ;piprJvToxh
- '<SYSTEM32>\cmd.exe' /c copy /Y "%HOMEPATH%\ptvRvDdJXF\x" C:\ptvRvDdJXFptvRvDdJXF\x && copy /Y "%HOMEPATH%\ptvRvDdJXF\ks0p.dll" C:\ptvRvDdJXFptvRvDdJXF\ks0p.dll
- '<SYSTEM32>\rundll32.exe' ks0p.dll au0ccbu
- <SYSTEM32>\rundll32.exe
- C:\ptvRvDdJXFptvRvDdJXF\ptvRvDdJXF.vbs
- C:\ptvRvDdJXFptvRvDdJXF\x
- C:\ptvRvDdJXFptvRvDdJXF\ks0p.dll
- %HOMEPATH%\ptvRvDdJXF\tE1YWu.vbs
- %HOMEPATH%\ptvRvDdJXF\x
- %HOMEPATH%\ptvRvDdJXF\ks0p.dll
- ClassName: 'EDIT' WindowName: ''