Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"%LOCALAPPDATA%\Pic1fPBkmq\LOHejsSdpL.exe" -s'
- %TEMP%\i3tbkkqwsf.exe
- %LOCALAPPDATA%\pic1fpbkmq\lohejssdpl.exe
- %LOCALAPPDATA%\pic1fpbkmq\lohejssdpl.exe
- '%TEMP%\i3tbkkqwsf.exe'