Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'woqat' = '%HOMEPATH%\woqat\start.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- '%HOMEPATH%\woqat\service.exe' 2818200.TQH
- '<SYSTEM32>\taskkill.exe' /IM mshta.exe
- '<SYSTEM32>\mshta.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\woqat\2791117.vbs"
- %HOMEPATH%\woqat\21280.GHI
- %HOMEPATH%\woqat\start.cmd
- %HOMEPATH%\woqat\start.vbs
- %HOMEPATH%\woqat\2818200.TQH
- %HOMEPATH%\woqat\2128.AGV
- %HOMEPATH%\woqat\service.exe
- %HOMEPATH%\woqat\2791117.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %HOMEPATH%\woqat\start.vbs
- %HOMEPATH%\woqat\start.cmd
- %HOMEPATH%\woqat\2818200.TQH
- %HOMEPATH%\woqat\2128.AGV
- %HOMEPATH%\woqat\service.exe
- %HOMEPATH%\woqat\2791117.vbs
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'