Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'jqlfm' = '%HOMEPATH%\jqlfm\32163.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- '%HOMEPATH%\jqlfm\9l12.exe' aD0XM4.FXK
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\jqlfm\Ii695.vbs"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %HOMEPATH%\jqlfm\00166y.HIW
- %HOMEPATH%\jqlfm\61152.cmd
- %HOMEPATH%\jqlfm\32163.vbs
- %HOMEPATH%\jqlfm\aD0XM4.FXK
- %HOMEPATH%\jqlfm\0gYefI8uPw.KGA
- %HOMEPATH%\jqlfm\9l12.exe
- %HOMEPATH%\jqlfm\Ii695.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %HOMEPATH%\jqlfm\00166y.HIW
- %HOMEPATH%\jqlfm\61152.cmd
- %HOMEPATH%\jqlfm\32163.vbs
- %HOMEPATH%\jqlfm\9l12.exe
- %HOMEPATH%\jqlfm\0gYefI8uPw.KGA
- %HOMEPATH%\jqlfm\aD0XM4.FXK
- %HOMEPATH%\jqlfm\Ii695.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'