Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{1D476073-5E7F-AD41-B897-60D4A63F43C6}' = '"%APPDATA%\Ruriaz\yjnau.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Ruriaz\yjnau.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\tmpb6478e62.bat
- <LS_APPDATA>\ceejy.soe
- %APPDATA%\Ruriaz\yjnau.exe
- '37.##1.204.170':15619
- '71.#3.217.3':11403
- '70.##7.132.232':18161
- '99.##3.42.49':26480
- '19#.#4.127.98':25549
- '71.##.56.253':22652
- '69.#9.74.6':14775
- '64.##9.121.189':13503
- '14#.#35.102.139':19653
- '66.##7.77.134':15387
- '61.##.134.47':13527
- '15#.#8.151.174':10977
- '65.##.127.254':10521
- '10#.#11.64.46':23323
- '66.##9.110.89':28898
- ClassName: 'Indicator' WindowName: ''