Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Amxyz' = '"%APPDATA%\Dobuk\amxyz.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Dobuk\amxyz.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\YYY5317.bat
- <LS_APPDATA>\iptay.uza
- %APPDATA%\Dobuk\amxyz.exe
- '12#.#38.67.231':4636
- '20#.#40.143.159':14885
- '94.##.25.108':11973
- '10#.#17.117.139':8593
- '19#.#0.171.114':27808
- '49.##.26.100':18738
- '85.##8.213.80':4627
- '94.##.13.112':24673
- '85.##.230.128':14557
- '20#.#14.40.201':8825
- '18#.#9.48.232':20578
- '20#.#40.185.201':24114
- '82.##1.186.140':9955
- '21#.#30.254.114':14154
- ClassName: 'Indicator' WindowName: ''