Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UPAS AgentUITrigger' = '%ProgramFiles%\UPAS\UPAS adlog\WindowsAgentUI.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\UPAS adlog] 'ImagePath' = '%ProgramFiles%\UPAS\UPAS adlog\adlog.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\UPAS adlog] 'Start' = '00000002'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program="%ProgramFiles%\UPAS\UPAS adlog\WindowsAgentUI.exe" name="WindowsAgentUI"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program="%ProgramFiles%\UPAS\UPAS adlog\adlog.exe" name="UPAS adlog"
- %TEMP%\nsw3.tmp\System.dll
- %TEMP%\nsw3.tmp\SimpleSC.dll
- %TEMP%\nsw3.tmp\ShellExecAsUser.dll
- %TEMP%\nsw3.tmp\ExecCmd.dll
- %ProgramFiles%\UPAS\UPAS adlog\UPAS.bmp
- %TEMP%\nsw3.tmp\registry.dll
- %TEMP%\nsg2.tmp
- %ProgramFiles%\UPAS\UPAS adlog\logo_upas.ico
- %ProgramFiles%\UPAS\UPAS adlog\sqlite3.dll
- %TEMP%\nsw3.tmp\SimpleSC.dll
- %TEMP%\nsw3.tmp\System.dll
- %TEMP%\nsw3.tmp\ShellExecAsUser.dll
- %TEMP%\nsw3.tmp\ExecCmd.dll
- %TEMP%\nsw3.tmp\registry.dll
- '<SYSTEM32>\cmd.exe' /C netsh firewall add allowedprogram program="%ProgramFiles%\UPAS\UPAS adlog\WindowsAgentUI.exe" name="WindowsAgentUI"
- '<SYSTEM32>\cmd.exe' /C netsh firewall add allowedprogram program="%ProgramFiles%\UPAS\UPAS adlog\adlog.exe" name="UPAS adlog"