Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ruvev' = '"%APPDATA%\Yppoy\ruvev.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Yppoy\ruvev.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- %TEMP%\ORR839A.bat
- <LS_APPDATA>\kyipoh.huf
- %APPDATA%\Yppoy\ruvev.exe
- '17#.#45.217.122':5751
- '84.##.129.23':7605
- '24.##.85.208':5157
- '58.##5.131.158':8303
- '17#.#4.181.172':5001
- '79.#0.53.54':5161
- '85.#00.41.9':8835
- '70.##.226.202':4422
- '86.##3.91.153':5768
- '75.##8.122.102':8227
- '60.#44.81.6':6006
- '89.##6.177.236':8029
- '22#.#48.161.99':1667
- '24.##4.134.143':3055
- '81.##0.124.209':2058
- '18#.#6.203.9':3935
- ClassName: 'Indicator' WindowName: '(null)'