Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WidgetUpdater' = '"%APPDATA%\MemoThis\Updater.exe"'
- %APPDATA%\MemoThis\Updater.exe /s aBlogMode
- %APPDATA%\MemoThis\Updater.exe /s aDisable 2FA33051
- %APPDATA%\MemoThis\Updater.exe /s aUserHost
- %APPDATA%\MemoThis\Updater.exe /s updateUrl
- %APPDATA%\MemoThis\Updater.exe /s data-timeout
- %APPDATA%\MemoThis\Updater.exe /s ads-timeout
- %APPDATA%\MemoThis\Updater.exe /s onloads
- %APPDATA%\MemoThis\Updater.exe /i
- %APPDATA%\MemoThis\Updater.exe /s distributor GUMZZI
- %APPDATA%\MemoThis\vcredist_x86_en.exe /q:a
- %APPDATA%\MemoThis\Updater.exe /s aCookies
- %APPDATA%\MemoThis\Updater.exe /s aDomain
- %APPDATA%\MemoThis\Updater.exe /s aUserID
- %APPDATA%\MemoThis\vcredist_x86_en.exe (загружен из сети Интернет)
- %APPDATA%\MemoThis\Updater.exe
- %APPDATA%\MemoThis\memo-client.properties
- %APPDATA%\MemoThis\data\adsthis.data
- %APPDATA%\MemoThis\MemoThis.dll
- %APPDATA%\MemoThis\Hiverion.dll
- %TEMP%\nsb3.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vcredist_x86_en[1].exe
- %TEMP%\nsb3.tmp\InetLoad.dll
- %TEMP%\nsr2.tmp
- %APPDATA%\MemoThis\lang\memo-string.1042
- %APPDATA%\MemoThis\lang\memo-string.1033
- %APPDATA%\MemoThis\vcredist_x86_en.exe
- 'up####.memothis.co.kr':80
- up####.memothis.co.kr/vcredist_x86_en.exe
- DNS ASK up####.memothis.co.kr
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''