Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ebuw' = '"%APPDATA%\Diavo\ebuw.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Diavo\ebuw.exe'
- <SYSTEM32>\ctfmon.exe
- <LS_APPDATA>\yckaq.siq
- %APPDATA%\Diavo\ebuw.exe
- '19#.#2.161.35':23153
- '19#.#37.43.166':20914
- '17#.#5.134.131':14623
- '81.##3.189.232':10880
- '17#.#3.238.72':22869
- '98.##1.143.22':19595
- '84.##.222.81':10378
- '71.##3.224.27':12893
- '14#.#36.161.103':14675
- '83.##.214.39':13647
- '19#.#4.127.98':25549
- '18#.#24.226.182':15726
- '41.##3.148.193':16876
- '64.##0.155.194':19894
- '18#.#41.97.79':16114
- '78.##9.187.6':14384
- '79.##.186.127':12827
- '69.##.132.197':20764
- ClassName: 'Indicator' WindowName: ''