Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8b15d06c57fd98548b0ac686bf75a36c' = '"%TEMP%\zineb.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8b15d06c57fd98548b0ac686bf75a36c' = '"%TEMP%\zineb.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\8b15d06c57fd98548b0ac686bf75a36c.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\zineb.exe' = '%TEMP%\zineb.exe:*:Enabled:zineb.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\zineb.exe" "zineb.exe" ENABLE
- %TEMP%\zineb.exe
- 'zi###.ddns.net':1177
- DNS ASK zi###.ddns.net
- '%TEMP%\zineb.exe'