Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Xyyk' = '"%APPDATA%\Yzve\xyyk.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Yzve\xyyk.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- %TEMP%\QNE467A.bat
- <LS_APPDATA>\ajvyu.eku
- %APPDATA%\Yzve\xyyk.exe
- '18#.#44.57.70':8656
- '70.##.128.45':6596
- '13#.#11.115.91':2692
- '69.##.185.100':6123
- '10#.#96.239.26':9439
- '17#.#5.148.32':6781
- '10#.#28.68.96':3721
- '11#.#.180.154':1044
- '58.##.27.142':1667
- '10#.#55.70.117':9017
- '17#.#45.217.122':2943
- '60.#44.81.6':6006
- '89.##6.177.236':8029
- ClassName: 'Indicator' WindowName: '(null)'