Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7a628cda9d1c3f0e85c34e93e172394d' = '"%HOMEPATH%\Volume.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7a628cda9d1c3f0e85c34e93e172394d' = '"%HOMEPATH%\Volume.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\7a628cda9d1c3f0e85c34e93e172394d.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\Volume.exe' = '%HOMEPATH%\Volume.exe:*:Enabled:Volume.exe'
- '%HOMEPATH%\Volume.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\Volume.exe" "Volume.exe" ENABLE
- %HOMEPATH%\Volume.exe
- 'localhost':2288
- ClassName: 'Indicator' WindowName: '(null)'