Техническая информация
- %TEMP%\RES2.tmp
- %APPDATA%\Microsoft\Windows Defender\CSC1.tmp
- %APPDATA%\Microsoft\Windows Defender\defender.exe
- %TEMP%\36581.dmp
- %TEMP%\dw.log
- C:\картинка.jpg
- C:\vinsa.exe
- %TEMP%\r4or53vj.0.cs
- %TEMP%\r4or53vj.out
- %TEMP%\r4or53vj.cmdline
- %APPDATA%\Microsoft\Windows Defender\defender.exe
- %TEMP%\r4or53vj.out
- %TEMP%\r4or53vj.0.cs
- %TEMP%\r4or53vj.cmdline
- %TEMP%\RES2.tmp
- %APPDATA%\Microsoft\Windows Defender\CSC1.tmp
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- 'C:\vinsa.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%APPDATA%\Microsoft\Windows Defender\CSC1.tmp"
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 440
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\картинка.jpg
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\r4or53vj.cmdline"