Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{1D476073-5E7F-AD41-B897-60D4A63F43C6}' = '"%APPDATA%\Ytpop\utyqmu.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmp5d50f40b.bat"
- '%APPDATA%\Ytpop\utyqmu.exe'
- <SYSTEM32>\cscript.exe
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- %TEMP%\tmp5d50f40b.bat
- <LS_APPDATA>\vecau.ucu
- %APPDATA%\Ytpop\utyqmu.exe
- '99.#6.3.38':11350
- '14#.#35.102.139':19653
- '71.#3.217.3':11403
- '71.#.233.139':18736
- '19#.#98.30.168':28965
- '89.##8.56.134':14650
- '17#.#10.150.207':16149
- '85.##.24.228':23667
- '19#.#4.127.98':25549
- '80.##2.59.142':20199
- '10#.#62.73.132':29913
- '18#.#6.96.87':14524
- '98.##.107.213':17482
- '19#.#6.167.31':23853
- '66.##9.110.89':28898
- '18#.#3.42.225':23222
- '10#.#11.64.46':23323
- '50.#2.46.49':26927