Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'gdhtw' = '%HOMEPATH%\gdhtw\start.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- '%HOMEPATH%\gdhtw\ndro.com' 1199077.IGT
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\gdhtw\4488672.vbe"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %HOMEPATH%\gdhtw\15008.VNV
- %HOMEPATH%\gdhtw\start.cmd
- %HOMEPATH%\gdhtw\start.vbs
- %HOMEPATH%\gdhtw\1199077.IGT
- %HOMEPATH%\gdhtw\23296.LCX
- %HOMEPATH%\gdhtw\ndro.com
- %HOMEPATH%\gdhtw\4488672.vbe
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %HOMEPATH%\gdhtw\start.vbs
- %HOMEPATH%\gdhtw\start.cmd
- %HOMEPATH%\gdhtw\1199077.IGT
- %HOMEPATH%\gdhtw\23296.LCX
- %HOMEPATH%\gdhtw\ndro.com
- %HOMEPATH%\gdhtw\4488672.vbe
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'