Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ecwuym' = '"%APPDATA%\Ibenzu\ecwuym.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Ibenzu\ecwuym.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\WWN54B0.bat
- <LS_APPDATA>\gaihv.gyk
- %APPDATA%\Ibenzu\ecwuym.exe
- '94.##.13.112':24673
- '94.##.25.108':11973
- '21#.#7.148.66':29170
- '12#.#38.67.231':4636
- '66.##.204.26':24382
- '85.##8.213.80':4627
- '88.##.107.28':7605
- '10#.#01.120.6':1089
- '99.#2.65.71':5456
- '11#.#10.22.127':22290
- '76.##6.114.217':1684
- '20#.#14.40.201':8825
- '10#.#4.172.39':3059
- '19#.#3.50.109':8728
- '18#.#7.50.15':17051
- '21#.#30.254.114':14154
- '10#.#33.198.131':15847
- '98.##6.120.96':6227
- ClassName: 'Indicator' WindowName: ''