Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'pprvo' = '%HOMEPATH%\pprvo\start.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- '%HOMEPATH%\pprvo\scev.exe' 4331976.MWU
- '%HOMEPATH%\pprvo\nero.14.platinum.v15.0.02200_patch.exe' 1
- '<SYSTEM32>\taskkill.exe' /IM mshta.exe
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\pprvo\4307140.vbs"
- '<SYSTEM32>\mshta.exe'
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
- %TEMP%\C5E3399ED9A072FE864748D49BA96094.dll
- %TEMP%\64F4EA4C8142CAC73E06647D59A699D1.dll
- %TEMP%\bassmod.dll
- %HOMEPATH%\pprvo\start.cmd
- %TEMP%\392CB.dmp
- %TEMP%\dw.log
- %HOMEPATH%\pprvo\start.vbs
- %HOMEPATH%\pprvo\4307140.vbs
- %HOMEPATH%\pprvo\scev.exe
- %HOMEPATH%\pprvo\20646.VSQ
- %HOMEPATH%\pprvo\4331976.MWU
- %TEMP%\dup2patcher.dll
- %HOMEPATH%\pprvo\nero.14.platinum.v15.0.02200_patch.exe
- %HOMEPATH%\pprvo\66872.ERE
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %HOMEPATH%\pprvo\start.vbs
- %HOMEPATH%\pprvo\start.cmd
- %HOMEPATH%\pprvo\4331976.MWU
- %HOMEPATH%\pprvo\20646.VSQ
- %HOMEPATH%\pprvo\scev.exe
- %HOMEPATH%\pprvo\4307140.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'