Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\MicrosoftCMD.lnk
- C:\ProgramData\AppSystem\ntkrnlmp.exe
- C:\ProgramData\AppSystem\config.json
- %TEMP%\is-H52GF.tmp\333.tmp
- C:\ProgramData\AppSystem\333.exe
- C:\ProgramData\AppSystem\444.exe
- C:\ProgramData\AppSystem\cmd.exe
- C:\ProgramData\AppSystem\ntkrnlmp.exe
- C:\ProgramData\AppSystem\config.json
- C:\ProgramData\AppSystem\cmd.exe
- C:\ProgramData\AppSystem\333.exe
- C:\ProgramData\AppSystem\444.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\is-H52GF.tmp\333.tmp' /SL5="$40092,7335237,121344,C:\ProgramData\AppSystem\333.exe"
- 'C:\ProgramData\AppSystem\333.exe'