Техническая информация
- '<SYSTEM32>\13.exe'
- '<SYSTEM32>\rundll32.exe' "%TEMP%\1.tmp" "8A',25?4,('HI'JHU"
- '<SYSTEM32>\ntvdm.exe' -f -i1 -w -a <SYSTEM32>\krnl386.exe
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\run.vbs"
- %TEMP%\1.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs3.tmp
- <SYSTEM32>\13.exe
- <SYSTEM32>\matrix.exe
- <SYSTEM32>\run.vbs
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''