Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ambu' = '"%APPDATA%\Qeyhyx\ambu.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Qeyhyx\ambu.exe'
- <Служебный элемент>
- %TEMP%\tmp05bf5fb4.bat
- <LS_APPDATA>\ifje.ilo
- %APPDATA%\Qeyhyx\ambu.exe
- '78.##1.154.194':25633
- '18#.#7.50.91':27916
- '98.##.25.174':14086
- '21#.#4.159.154':17800
- '19#.#9.119.206':28683
- '63.##.81.254':29130
- '19#.#32.103.187':20318
- ClassName: 'Indicator' WindowName: ''