Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'system' = 'c:\system.exe'
- 'C:\system.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\a.jpg
- '<SYSTEM32>\attrib.exe' +s +h +r +a system.exe
- '<SYSTEM32>\cmd.exe' /c ""C:\h.bat" "
- '<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v system /d c:\system.exe /f
- %HOMEPATH%\Recent\a.lnk
- %HOMEPATH%\Recent\Local Disk (C).lnk
- C:\system.exe
- C:\a.JPG
- C:\h.bat
- C:\system.exe
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'