Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Qaxy' = '"%APPDATA%\Poow\qaxy.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Poow\qaxy.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\tmpe5461724.bat
- <LS_APPDATA>\onewu.pye
- %APPDATA%\Poow\qaxy.exe
- '14#.#36.161.103':14675
- '18#.#7.50.91':27916
- '18#.#48.91.99':26231
- '21#.#60.204.126':27928
- '84.##.222.81':10378
- '89.##2.155.200':10556
- '41.##6.208.63':19698
- '79.##1.39.250':13631
- '21#.#09.241.213':16882
- '93.##7.174.224':14814
- '10#.#15.99.94':17502
- '98.##.25.174':14086
- '18#.#83.176.98':18309
- '94.##.60.113':28039
- ClassName: 'Indicator' WindowName: ''