Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Eszun' = '"%APPDATA%\Yzoqar\eszun.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Yzoqar\eszun.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- %TEMP%\NWTCBF.bat
- <LS_APPDATA>\rexy.liy
- %APPDATA%\Yzoqar\eszun.exe
- '81.##9.16.130':4344
- '62.##.180.189':5877
- '20#.#51.45.31':1978
- '81.##8.242.90':5768
- '84.##.129.23':7605
- '10#.#96.239.26':9439
- '81.##0.77.220':2058
- '60.#44.81.6':6006
- '18#.#0.151.221':7522
- '61.##.242.131':9807
- '12#.#.46.119':5693
- '17#.#45.217.122':2943
- '36.#.242.186':9592
- '11#.#33.103.240':3363
- '58.#.158.10':4195
- ClassName: 'Indicator' WindowName: '(null)'