Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'scannedcopy' = '%HOMEPATH%\scannedcopy\scannedcopy.vbs -VC'
- %WINDIR%\explorer.exe
- <SYSTEM32>\svchost.exe
- scannedcopy.exe
- iexplore.exe
- %HOMEPATH%\scannedcopy\scannedcopy.exe
- %HOMEPATH%\scannedcopy\scannedcopy.vbs
- %HOMEPATH%\scannedcopy\scannedcopy.exe
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\scannedcopy\scannedcopy.vbs"
- '%HOMEPATH%\scannedcopy\scannedcopy.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\scannedcopy\scannedcopy.vbs"' (with hidden window)
- '%HOMEPATH%\scannedcopy\scannedcopy.exe' ' (with hidden window)
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\cmd.exe' del "%HOMEPATH%\scannedcopy\scannedcopy.exe"