Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{1D476073-5E7F-AD41-B897-60D4A63F43C6}' = '"%APPDATA%\Yqyzj\sawyyf.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmpa2218227.bat"
- '%APPDATA%\Yqyzj\sawyyf.exe'
- <SYSTEM32>\cscript.exe
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- %TEMP%\tmpa2218227.bat
- <LS_APPDATA>\faudaw.epi
- %APPDATA%\Yqyzj\sawyyf.exe
- '50.##.177.24':25517
- '10#.#11.64.46':23323
- '24.##0.165.58':21251
- '15#.#9.87.49':29036
- '19#.#4.127.98':25549
- '99.#8.30.82':14974
- '96.##.35.109':14435
- '87.##3.112.174':19469
- '66.##7.77.134':15387
- '17#.#9.102.122':13848
- '70.##7.148.5':18161
- '17#.#3.85.137':19123
- '94.#5.0.48':10408
- '89.##8.56.134':13175
- '64.##9.121.189':13503
- '76.##7.179.15':17801
- ClassName: 'Indicator' WindowName: ''