Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Guwoig' = '"%APPDATA%\Dier\guwoig.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Dier\guwoig.exe'
- <SYSTEM32>\ctfmon.exe
- <LS_APPDATA>\efpogy.owa
- %APPDATA%\Dier\guwoig.exe
- '74.##5.232.51':80
- 74.##5.232.51/
- DNS ASK www.google.com
- DNS ASK www.bing.com
- '10#.#15.44.142':20626
- '87.##2.61.18':12538
- '14#.#36.161.103':14675
- '79.##.186.127':12827
- '92.##.227.59':26890
- '78.##9.187.6':14384
- '12#.#37.228.8':19477
- '17#.#5.134.131':14623
- '19#.#1.87.51':23710
- '21#.#09.241.213':16882
- '18#.#48.91.99':16033
- '69.##.132.197':20764
- '17#.#.115.53':12116
- '17#.#3.238.72':22869
- '98.##1.143.22':19595
- '19#.#2.161.35':23153
- ClassName: 'Indicator' WindowName: ''