Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PowerMgr' = '"<SYSTEM32>\Rundll32.exe" "%TEMP%\tmp1.tmp",Init'
- '<SYSTEM32>\rundll32.exe' "%TEMP%\tmp1.tmp",Init
- %TEMP%\tmp3.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- ClassName: 'Indicator' WindowName: ''