Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4e0cf755238a399c349aa8ac627b0ec4' = '"%TEMP%\iexplore.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4e0cf755238a399c349aa8ac627b0ec4' = '"%TEMP%\iexplore.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationalfie] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\iexplore.exe' = '%TEMP%\iexplore.exe:*:Enabled:iexplore.exe'
- '<SYSTEM32>\lyxrym.exe'
- '%TEMP%\iexplore.exe'
- '%APPDATA%\c.exe'
- '%APPDATA%\e.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\iexplore.exe" "iexplore.exe" ENABLE
- <SYSTEM32>\lyxrym.exe
- %TEMP%\iexplore.exe
- %APPDATA%\c.exe
- %APPDATA%\e.exe
- 'any':8080
- 'vi#####end.codns.com':8080
- DNS ASK vi#####end.codns.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'