Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ywuziq' = '"%APPDATA%\Exni\ywuziq.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Exni\ywuziq.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- <LS_APPDATA>\beiga.wys
- %TEMP%\ABVE0E3.bat
- %APPDATA%\Exni\ywuziq.exe
- '12#.#.46.119':5693
- '74.#.135.154':7381
- '20#.#51.45.31':1978
- '70.##.128.45':6596
- '12#.#42.205.5':9943
- '11#.#5.234.203':4349
- '27.##.110.77':5235
- '58.##.27.142':1667
- '61.##.242.131':9807
- '69.##.185.100':6123
- '81.##5.43.98':4704
- '79.##.247.103':9088
- ClassName: 'Indicator' WindowName: '(null)'