Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Haufli' = '"%APPDATA%\Lary\haufli.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Lary\haufli.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\DRIEB88.bat
- <LS_APPDATA>\desoqo.mye
- %APPDATA%\Lary\haufli.exe
- '19#.#62.42.76':10519
- '18#.#7.50.91':27916
- '17#.#03.226.84':19014
- '99.##.73.189':29677
- '84.##.222.81':10378
- '69.##5.15.127':16901
- '78.##0.36.98':20877
- '95.##4.169.221':11922
- '21#.#09.241.213':16882
- '10#.#4.172.39':18939
- '79.##.133.216':13135
- ClassName: 'Indicator' WindowName: ''