Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'iexplore.exe' = '<SYSTEM32>\iexplore.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'iexplore.exe' = '%APPDATA%\iexplorer\iexplore.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'iexplore.exe' = '<SYSTEM32>\iexplore.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\iexplore.exe' = '<SYSTEM32>\iexplore.exe:*:Enabled:iexplore2'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\iexplorer\iexplore.exe' = '%APPDATA%\iexplorer\iexplore.exe:*:Enabled:iexplore1'
- '%APPDATA%\iexplorer\iexplore.exe' xd
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\iexplore.exe" iexplore2 ENABLE
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\iexplorer\iexplore.exe" iexplore1 ENABLE
- %HOMEPATH%\time.dat
- %APPDATA%\iexplorer\funnies.dat
- %APPDATA%\iexplorer\iexplore.exe
- <SYSTEM32>\iexplore.exe
- 'localhost':22250
- '89.##.21.202':22250
- '83.#7.91.19':22250
- DNS ASK gr####ce.webt.pl
- ClassName: 'Indicator' WindowName: '(null)'