Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fcaa30f4ae5615eaed0435ecb771f979' = '"%TEMP%\Upate.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fcaa30f4ae5615eaed0435ecb771f979' = '"%TEMP%\Upate.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\fcaa30f4ae5615eaed0435ecb771f979.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Upate.exe' = '%TEMP%\Upate.exe:*:Enabled:Upate.exe'
- '%TEMP%\Upate.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Upate.exe" "Upate.exe" ENABLE
- %TEMP%\Upate.exe
- 'up####.hopto.org':3206
- DNS ASK Up####.hopto.org
- ClassName: 'Indicator' WindowName: '(null)'