Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\systment] 'DLLName' = '%WINDIR%\system\Lcomres.dat'
- '<SYSTEM32>\ktmble.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen <SYSTEM32>\luodbass.jpg
- %HOMEPATH%\Recent\luodbass.lnk
- %WINDIR%\system\sysnames.sys
- %WINDIR%\system\Lin.log
- %WINDIR%\system\ExeWen.exe
- %HOMEPATH%\Recent\system32.lnk
- C:\del29dad.bat
- %WINDIR%\system\Lcomres.dat
- <SYSTEM32>\luodbass.jpg
- <SYSTEM32>\ktmble.exe
- C:\5.ini
- %WINDIR%\system\Sting.log
- %WINDIR%\system\Baidog.dat
- %WINDIR%\system\Lin.log
- %WINDIR%\system\ExeWen.exe
- C:\5.ini
- %WINDIR%\system\Lcomres.dat
- %WINDIR%\system\Sting.log
- %WINDIR%\system\sysnames.sys
- <SYSTEM32>\ktmble.exe
- C:\5.ini
- ClassName: '' WindowName: '????????????????'
- ClassName: '' WindowName: '????????????'
- ClassName: '' WindowName: '360????????'
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''