Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Enxo' = '"%APPDATA%\Powora\enxo.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Powora\enxo.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\WMLE03A.bat
- <LS_APPDATA>\niod.yze
- %APPDATA%\Powora\enxo.exe
- '83.##.173.79':10004
- '85.##8.83.87':15090
- '99.##3.42.49':26480
- '78.##5.22.181':27344
- '21#.#09.241.213':16882
- '12#.#38.64.26':25399
- '89.##2.155.200':16926
- '24.##0.165.58':24668
- '10#.#2.117.225':21677
- '18#.#30.22.70':18051
- '87.#6.14.62':21608
- '10#.#33.198.131':15847
- ClassName: 'Indicator' WindowName: ''