Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Waafo' = '"%APPDATA%\Ofhe\waafo.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Ofhe\waafo.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\TML85C0.bat
- <LS_APPDATA>\direy.uww
- %APPDATA%\Ofhe\waafo.exe
- '99.##.73.189':29677
- '67.##3.168.19':12484
- '12#.#38.64.141':25399
- '21#.#05.236.215':10079
- '10#.#4.172.39':18939
- '79.##1.33.157':29658
- '12#.#60.33.239':11657
- '18#.#4.222.234':24357
- '21#.#4.146.36':28073
- '21#.#09.241.213':16882
- '19#.#1.86.227':21867
- '89.##2.155.200':16926
- ClassName: 'Indicator' WindowName: ''