Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Qera' = '"%TEMP%\Heaw\qera.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\d9e73d4a34481383] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\d9e73d4a34481383] 'ImagePath' = '<DRIVERS>\d9e73d4a34481383.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\3101e] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Heaw\qera.exe'
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: d9e73d4a34481383.sys
- NtOpenProcess, драйвер-обработчик: d9e73d4a34481383.sys
- <DRIVERS>\d9e73d4a34481383.sys
- %APPDATA%\tiyk.idg
- %TEMP%\Heaw\qera.exe
- <DRIVERS>\3101e.sys
- <DRIVERS>\3101e.sys
- '37.##.41.161':2190
- '23.##.64.182':7013
- '2.##.58.208':5844
- '13#.#17.72.241':1768
- '23.##.133.13':7608
- '13#.#7.198.100':2430
- '89.##.59.166':5682
- '19#.#34.52.206':9329
- '16#.#1.80.142':9272
- '23.#6.34.43':6953
- '17#.#9.110.91':1442
- '23.##.72.192':4945
- ClassName: 'Indicator' WindowName: '(null)'