Техническая информация
- '<SYSTEM32>\wscript.exe' "%TEMP%\uirus\upmjq.vbs"
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 && reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v xFPRLK /t REG_SZ /d "C:\xFPRLKxFPRLK\xFPRLK.vbs" /f
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 && move C:\xFPRLKxFPRLK\xFPRLK.vbs "%HOMEPATH%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xFPRLK.vbs"
- '%TEMP%\uirus\j2o98.exe' %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %TEMP%\uirus\upmjq.vbs
- C:\xFPRLKxFPRLK\xFPRLK.vbs
- %TEMP%\uirus\j2o98.exe
- %TEMP%\uirus\x
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''