Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'g1qel1zb1pf' = 'C:\vypnuti_pc.bat'
- '<SYSTEM32>\net1.exe' user /add aigloc0cgsa oi3zsona4mp
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cmd.exe' /c ""C:\vytvorit_uzivatele.bat" "
- C:\vytvorit_uzivatele.bat
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- ClassName: 'Indicator' WindowName: ''