Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{1D476073-5E7F-AD41-B897-60D4A63F43C6}' = '"%APPDATA%\Ukyxyn\ymwo.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Ukyxyn\ymwo.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmpdf82714e.bat"
- <SYSTEM32>\cscript.exe
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- %TEMP%\tmpdf82714e.bat
- <LS_APPDATA>\posa.sep
- %APPDATA%\Ukyxyn\ymwo.exe
- 'www.bing.com':80
- '74.##5.232.51':80
- http://www.bing.com/
- http://www.google.com/ via 74.##5.232.51
- DNS ASK www.bing.com
- DNS ASK www.google.com
- DNS ASK da########ttgydsobapfmbxobmga.ru
- '70.##.245.50':11713
- '68.##5.44.96':28486
- '67.##9.77.255':14418
- '21#.#3.205.148':12552
- '41.##.169.172':14018
- '41.##4.75.208':12296
- '17#.#3.103.212':11514
- '21#.#18.95.4':21006
- '86.##6.14.153':18860
- '87.##3.86.49':11908
- '19#.#02.83.105':15400
- '95.##8.13.250':23972
- '15#.#1.112.7':12379
- '94.##.122.57':13025
- '19#.#4.127.98':25549
- ClassName: 'Indicator' WindowName: ''