Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winamp' = '<LS_APPDATA>\winamp.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '9bea5bcb8193fd84b227467d8607686c' = '"%APPDATA%\Host Process for Windows Task.exe" ..'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9bea5bcb8193fd84b227467d8607686c' = '"%APPDATA%\Host Process for Windows Task.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\9bea5bcb8193fd84b227467d8607686c.exe
- <Имя диска съемного носителя>:\9bea5bcb8193fd84b227467d8607686c.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Host Process for Windows Task.exe' = '%APPDATA%\Host Process...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\Host Process for Windows Task.exe" "Host Process for Windows Task.exe" ENABLE
- <LS_APPDATA>\winamp.exe
- <LS_APPDATA>\nk
- %APPDATA%\Host Process for Windows Task.exe
- <Имя диска съемного носителя>:\9bea5bcb8193fd84b227467d8607686c.exe
- 'ro####c.hopto.org':2555
- DNS ASK ro####c.hopto.org
- '%APPDATA%\Host Process for Windows Task.exe'