Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ca7740129963b6b6cf9fc104fdc9d2fb' = '"%APPDATA%\twain_32.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ca7740129963b6b6cf9fc104fdc9d2fb' = '"%APPDATA%\twain_32.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\twain_32.exe' = '%APPDATA%\twain_32.exe:*:Enabled:twain_32.exe'
- '%APPDATA%\twain_32.exe'
- '%HOMEPATH%\Local Settings\Tempserver.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\twain_32.exe" "twain_32.exe" ENABLE
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
- %HOMEPATH%\Local Settings\Tempserver.exe
- %APPDATA%\twain_32.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new в %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new в %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
- 'ps####ad.hopto.org':1999
- DNS ASK ps####ad.hopto.org
- ClassName: 'Indicator' WindowName: ''