Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{1D476073-5E7F-AD41-B897-60D4A63F43C6}' = '"%APPDATA%\Feyhad\hado.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Feyhad\hado.exe'
- <Служебный элемент>
- %TEMP%\tmpe8632baf.bat
- <LS_APPDATA>\ases.gou
- %APPDATA%\Feyhad\hado.exe
- '18#.#23.138.85':11774
- '83.#1.5.149':17732
- '98.##.65.183':14086
- '85.##8.56.148':17843
- '74.#5.90.59':21163
- '17#.#93.93.51':26229
- '20#.#28.247.114':16507
- '83.#.202.121':13647
- ClassName: 'Indicator' WindowName: ''