Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'qmake' = '<LS_APPDATA>\Microsoft\VC\qmake.exe'
- '%HOMEPATH%\sfx\qmake.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %HOMEPATH%\sfx\x_04e93c07.jpg
- '<SYSTEM32>\attrib.exe' "%HOMEPATH%\sfx" +h +s
- '%HOMEPATH%\sfx\start.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\a85501.bat "%HOMEPATH%\sfx\start.exe"
- %TEMP%\a85501.bat
- <LS_APPDATA>\Microsoft\VC\qmake.exe
- %TEMP%\REG2682.tmp
- %HOMEPATH%\sfx\x_04e93c07.jpg
- %HOMEPATH%\sfx\qmake.exe
- %HOMEPATH%\sfx\start.exe
- <LS_APPDATA>\Microsoft\VC\qmake.exe
- %TEMP%\a85501.bat
- %TEMP%\a85501.bat
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''