Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\{8C305829-BDC3-4EF6-B7EF-4225F6731E4B}] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\_$$$$$$jzr.cmd
- %TEMP%\_$$$$$$jzr.cmd
- C:\tmp.txt
- <DRIVERS>\msnte.sys
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\_$$$$$$jzr.cmd
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini