Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ycqo' = '"%TEMP%\Gaan\ycqo.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\cf008dff28201b86] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\cf008dff28201b86] 'ImagePath' = '<DRIVERS>\cf008dff28201b86.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\2c1df] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Gaan\ycqo.exe'
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: cf008dff28201b86.sys
- NtOpenProcess, драйвер-обработчик: cf008dff28201b86.sys
- <DRIVERS>\cf008dff28201b86.sys
- %APPDATA%\pyxi.tey
- <DRIVERS>\2c1df.sys
- %TEMP%\Gaan\ycqo.exe
- %TEMP%\OTW479F.bat
- '11#.#3.65.162':2573
- '16#.#3.211.182':8424
- '23.##.64.182':7013
- '37.##.41.161':2190
- '87.##3.112.229':5528
- '31.##.186.225':7922
- '13#.91.2.62':9700
- '61.##4.150.9':6958
- '13#.#7.198.100':2430
- '11#.#4.187.155':3957
- ClassName: 'Indicator' WindowName: '(null)'