Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Fyun' = '"%TEMP%\Uwpy\fyun.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\f16ca03d4bccf434] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\f16ca03d4bccf434] 'ImagePath' = '<DRIVERS>\f16ca03d4bccf434.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\2b24e] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Uwpy\fyun.exe'
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: f16ca03d4bccf434.sys
- NtOpenProcess, драйвер-обработчик: f16ca03d4bccf434.sys
- <DRIVERS>\f16ca03d4bccf434.sys
- %APPDATA%\ezsy.ulg
- %TEMP%\Uwpy\fyun.exe
- <DRIVERS>\2b24e.sys
- <DRIVERS>\2b24e.sys
- '16#.61.87.1':3667
- '17#.#9.110.91':1442
- '58.##0.64.112':2986
- '86.##9.38.32':2686
- '24.##4.212.47':8363
- '13#.#7.198.100':2430
- '13#.#16.229.40':8499
- '19#.#7.198.162':2096
- '17#.#5.149.157':6781
- '21#.#03.240.27':7673
- '19#.#14.152.188':9367
- '75.##.113.250':5436
- '11#.#3.65.162':1858
- ClassName: 'Indicator' WindowName: '(null)'