Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Piby' = '"%APPDATA%\Odycux\piby.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Odycux\piby.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- %TEMP%\UVT77AA.bat
- <LS_APPDATA>\tavo.qiu
- %APPDATA%\Odycux\piby.exe
- 'pj########uxkppfusnfxwhmrcrc.net':80
- 'ci######qghuoaeyzlizay.com':80
- 'tw######djfrwgjnpxogmd.org':80
- '74.##5.232.51':80
- 'www.bing.com':80
- pj########uxkppfusnfxwhmrcrc.net/
- ci######qghuoaeyzlizay.com/
- tw######djfrwgjnpxogmd.org/
- 74.##5.232.51/
- www.bing.com/
- DNS ASK tw######djfrwgjnpxogmd.org
- DNS ASK www.bing.com
- DNS ASK www.google.com
- DNS ASK ci######qghuoaeyzlizay.com
- DNS ASK pj########uxkppfusnfxwhmrcrc.net
- '10#.#34.133.110':8387
- '84.#9.131.0':7605
- '90.##6.118.144':2081
- '20#.#09.58.176':24069
- '10#.#17.117.139':8593
- '21#.#32.249.173':2848
- '18#.#8.208.163':6874
- '10#.#4.172.39':3059
- '66.##.204.26':24382
- '64.##6.115.72':10010
- '1.##8.60.41':1002
- '12#.#38.67.140':4636
- '46.#9.36.20':9752
- '82.##1.180.182':5457
- '10#.#93.222.108':3981
- ClassName: 'Indicator' WindowName: '(null)'