Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Elsiop' = '"%TEMP%\Igigyr\elsiop.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\51c27109ac22f193] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\51c27109ac22f193] 'ImagePath' = '<DRIVERS>\51c27109ac22f193.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\28ca6] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Igigyr\elsiop.exe'
- <SYSTEM32>\cscript.exe
- NtOpenThread, драйвер-обработчик: 51c27109ac22f193.sys
- NtOpenProcess, драйвер-обработчик: 51c27109ac22f193.sys
- <DRIVERS>\51c27109ac22f193.sys
- %APPDATA%\emore.lot
- %TEMP%\Igigyr\elsiop.exe
- <DRIVERS>\28ca6.sys
- <DRIVERS>\28ca6.sys
- '76.##4.37.14':9840
- '16#.#16.171.44':6699
- '21#.#05.67.91':7755
- '92.##.147.34':7420
- '75.##.113.250':5436
- '17#.#48.209.95':4306
- '19#.#7.198.162':2096
- '11#.#8.179.100':1724
- '61.##4.150.9':6958
- '86.##1.254.6':8342
- '21#.#35.62.68':6201
- '11#.#7.222.224':2700
- '61.##3.70.40':8240
- ClassName: 'Indicator' WindowName: ''