Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{1D476073-5E7F-AD41-B897-60D4A63F43C6}' = '"%APPDATA%\Eliq\ojqe.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- <SYSTEM32>\cscript.exe
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- %APPDATA%\Eliq\ojqe.exe
- <LS_APPDATA>\ybkox.lue
- %TEMP%\tmp4d34e2e5.bat
- <Полный путь к файлу>
- '97.##.18.187':22652
- '13#.#94.99.180':16250
- '69.##.201.244':22972
- '17#.7.96.61':19001
- '94.##.120.226':22474
- '18#.#72.170.203':11751
- '19#.#4.127.98':25549
- '20#.#55.79.99':12982
- '75.##.231.183':20840
- '10#.#17.170.200':25116
- '1.###.47.244':16276
- '76.##.124.53':24685
- '81.##6.230.235':29447
- '76.##9.198.177':13541
- '75.##.82.110':12597
- '93.##7.174.80':28924
- '%APPDATA%\Eliq\ojqe.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmp4d34e2e5.bat"