Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Google Inc.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\Start Menu\Programs\Startup\Google Inc.exe' = '%HOMEPATH%\Start Menu\Programs\Startup\Google Inc.exe:*:Enabled:Google Inc'
- '%HOMEPATH%\Start Menu\Programs\Startup\Google Inc.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\Start Menu\Programs\Startup\Google Inc.exe" "Google Inc" ENABLE
- '<SYSTEM32>\wscript.exe' "%TEMP%\12.vbs"
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- ClassName: 'gdkWindowToplevel' WindowName: '(null)'
- %TEMP%\12.vbs
- ClassName: 'WindowsForms10.Window.8.app.0.33c0d9d' WindowName: '(null)'
- ClassName: 'WindowsForms10.Window.8.app.0.218f99c' WindowName: '(null)'
- ClassName: '#32770' WindowName: '(null)'
- ClassName: 'apateDNS' WindowName: '(null)'
- ClassName: 'PortmonClass' WindowName: '(null)'
- ClassName: 'PROCEXPL' WindowName: '(null)'
- ClassName: 'DNSQuerySniffer' WindowName: '(null)'
- ClassName: 'ProcessHacker' WindowName: '(null)'
- ClassName: 'TCPViewClass' WindowName: '(null)'
- ClassName: 'SmartSniff' WindowName: '(null)'