Technical Information
- '<SYSTEM32>\wscript.exe' "%WINDIR%\MicrosoftU\run.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\MicrosoftU\pause.bat" "
- '%TEMP%\last.exe'
- '<SYSTEM32>\net1.exe' stop MicrosoftU
- '<SYSTEM32>\net.exe' stop MicrosoftU
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %TEMP%\Заработок На YouTube Дорвеях.rar
- '%TEMP%\Dorvey.exe' -p1234 -d%HOMEPATH%\Local Settings\Temp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.bat" "
- '%TEMP%\youtube.ex1.exe'
- '%TEMP%\post.exe'
- <SYSTEM32>\cmd.exe
- %WINDIR%\MicrosoftU\Rar.exe
- %TEMP%\Заработок На YouTube Дорвеях.rar
- %WINDIR%\MicrosoftU\run.vbs
- %WINDIR%\MicrosoftU\nice.rar
- %WINDIR%\MicrosoftU\pause.bat
- %TEMP%\Dorvey.exe
- %TEMP%\1.bat
- %TEMP%\last.exe
- %TEMP%\youtube.ex1.exe
- %TEMP%\post.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''