Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'arwec' = '%HOMEPATH%\arwec\start.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- '%HOMEPATH%\arwec\cbgt.exe' 3456880.PEI
- '<SYSTEM32>\taskkill.exe' /IM mshta.exe
- '<SYSTEM32>\mshta.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\arwec\1884597.vbs"
- %HOMEPATH%\arwec\65866.NKF
- %HOMEPATH%\arwec\start.cmd
- %HOMEPATH%\arwec\start.vbs
- %HOMEPATH%\arwec\3456880.PEI
- %HOMEPATH%\arwec\81930.HXM
- %HOMEPATH%\arwec\cbgt.exe
- %HOMEPATH%\arwec\1884597.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %HOMEPATH%\arwec\start.vbs
- %HOMEPATH%\arwec\start.cmd
- %HOMEPATH%\arwec\3456880.PEI
- %HOMEPATH%\arwec\81930.HXM
- %HOMEPATH%\arwec\cbgt.exe
- %HOMEPATH%\arwec\1884597.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'