Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Suxyvu' = '"%TEMP%\Lyakir\suxyvu.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\473d31c2a19e0813] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\473d31c2a19e0813] 'ImagePath' = '<DRIVERS>\473d31c2a19e0813.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\2a54e] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Lyakir\suxyvu.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: unknown
- NtOpenProcess, драйвер-обработчик: unknown
- <LS_APPDATA>\zuom.oqf
- %TEMP%\WVS95A9.bat
- <DRIVERS>\473d31c2a19e0813.sys
- %TEMP%\Lyakir\suxyvu.exe
- <DRIVERS>\2a54e.sys
- '81.##4.111.58':2058
- '18#.#66.118.23':8088
- '89.##6.177.236':8029
- '24.##1.139.199':9324
- '81.##9.88.233':2879
- '81.##7.204.214':6591
- '50.##9.168.36':4997
- '17#.#45.217.122':2943
- '79.##9.27.234':3896
- '93.##7.152.96':8230
- '21#.#86.32.8':2622
- '80.##3.146.163':6723
- '86.##3.91.153':5768
- '11#.#72.162.34':7972
- '12#.#0.224.3':4168
- '60.#44.81.6':6006
- '11#.#8.150.35':3583
- '97.##4.63.159':7958
- '20#.#5.157.34':6449
- '11#.#26.143.176':9551
- ClassName: 'Indicator' WindowName: '(null)'