Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '0e3d950b64204a4366b44e9ff142faa2' = '"%APPDATA%\Start-Up.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0e3d950b64204a4366b44e9ff142faa2' = '"%APPDATA%\Start-Up.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\0e3d950b64204a4366b44e9ff142faa2.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Start-Up.exe' = '%APPDATA%\Start-Up.exe:*:Enabled:Start-Up.e...
- '%APPDATA%\Start-Up.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\Start-Up.exe" "Start-Up.exe" ENABLE
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 336
- '%TEMP%\Dumpper.exe'
- '%TEMP%\Start-Up.exe'
- %TEMP%\dw.log
- %TEMP%\2B54C.dmp
- %APPDATA%\Start-Up.exe
- %TEMP%\0a8aedef-a4af-4588-8971-c027a33fdcf0\AgileDotNetRT.dll
- %TEMP%\Start-Up.exe
- %TEMP%\WpsWin.exe
- %TEMP%\Dumpper.exe
- 'ho####me.hopto.org':5222
- DNS ASK ho####me.hopto.org
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''