Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Towoo' = '"%APPDATA%\Obta\towoo.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Obta\towoo.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\MBT7FEC.bat
- <LS_APPDATA>\boyhof.dyg
- %APPDATA%\Obta\towoo.exe
- '86.##5.144.6':6728
- '22#.#55.223.183':5693
- '84.##4.151.23':3646
- '10#.#37.180.117':1277
- '86.##7.226.12':3553
- '11#.#6.169.62':3789
- '20#.#7.138.118':8922
- '17#.#45.217.122':2943
- '31.##.83.104':5003
- '82.##1.142.218':2382
- '80.##9.35.230':4577
- '21#.#.140.14':9770
- '16#.#43.197.68':8471
- '86.##7.49.221':2984
- '86.##9.154.247':5468
- ClassName: 'Indicator' WindowName: ''