Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Sabi' = '"%APPDATA%\Ecokg\sabi.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Ecokg\sabi.exe'
- <SYSTEM32>\ctfmon.exe
- <LS_APPDATA>\ynkymu.buq
- %APPDATA%\Ecokg\sabi.exe
- '94.##.13.112':24673
- '18#.#8.107.81':12179
- '85.##7.88.92':17186
- '12#.#38.67.96':4636
- '18#.#7.50.91':27873
- '41.##0.242.122':27119
- '31.##6.117.229':21130
- '64.#.28.119':5848
- '94.#6.45.35':29109
- '19#.#1.64.155':10928
- '1.###.59.216':4479
- '75.##7.188.145':6865
- '78.##0.36.98':20877
- '89.##2.155.200':17472
- '24.##0.165.58':4842
- '66.##.204.26':24382
- '84.##.138.75':7605
- ClassName: 'Indicator' WindowName: ''