Техническая информация
- '<SYSTEM32>\wscript.exe' "%TEMP%\005503625.vbs"
- '<SYSTEM32>\cmd.exe' call /c %TEMP%\005503625.vbs
- '<SYSTEM32>\control.exe'
- <SYSTEM32>\control.exe
- %TEMP%\fd.bat
- %APPDATA%\Microsoft\Windows\Templates\s27P0J\puk1
- %TEMP%\005503625.vbs
- %HOMEPATH%\My DocumentsUFUEJNRC
- %TEMP%\UFUEJNRC
- %HOMEPATH%\My DocumentsUFUEJNRC
- %TEMP%\UFUEJNRC
- %TEMP%\005503625.vbs
- '14#.#85.156.216':80
- http://14#.#85.156.216/galeria/AccessKL
- ClassName: 'Shell_TrayWnd' WindowName: ''