Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ddd48e3863a4e46a846c9cf18ea7ca4e' = '"%TEMP%\iiexplore.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ddd48e3863a4e46a846c9cf18ea7ca4e' = '"%TEMP%\iiexplore.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\ddd48e3863a4e46a846c9cf18ea7ca4e.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\iiexplore.exe' = '%TEMP%\iiexplore.exe:*:Enabled:iiexplore.exe'
- '%TEMP%\iiexplore.exe'
- '%TEMP%\50.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\iiexplore.exe" "iiexplore.exe" ENABLE
- %TEMP%\iiexplore.exe
- %TEMP%\50.exe
- '55###.zapto.org':1111
- DNS ASK 55###.zapto.org
- ClassName: 'Indicator' WindowName: '(null)'