Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\L8mzeq821qm0iXNV\BPNmlfqyFlrZ.exe",explorer.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\L8mzeq821qm0iXNV\udDVYjrLrjcd.exe",explorer.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\lUBOXWyiJE43tTip.jpg
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\qidLoyQbrvoHmlzY.jpg
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\xUgonJHDvZC5FxdU.jpg
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\gbTfe5AFwOk6XEHY.jpg
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\8xWL2X1Tk2V8752w.jpg
- %TEMP%\9dr3W3pO6nq5sFNb
- %TEMP%\lUBOXWyiJE43tTip.jpg
- %TEMP%\S14G1nUxdztkG1Ym
- %APPDATA%\L8mzeq821qm0iXNV\BPNmlfqyFlrZ.exe
- %TEMP%\u16X5fhW3D3kn0ES
- %TEMP%\qidLoyQbrvoHmlzY.jpg
- %TEMP%\pJ1OjxKzvWVQZ0xY
- %TEMP%\gbTfe5AFwOk6XEHY.jpg
- %APPDATA%\L8mzeq821qm0iXNV\udDVYjrLrjcd.exe
- %TEMP%\xUgonJHDvZC5FxdU.jpg
- %TEMP%\GESf27tKlEXa54el
- %TEMP%\8xWL2X1Tk2V8752w.jpg
- %APPDATA%\L8mzeq821qm0iXNV\BPNmlfqyFlrZ.exe
- %APPDATA%\L8mzeq821qm0iXNV\udDVYjrLrjcd.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''