Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Uqfo' = '"%TEMP%\Jiejok\uqfo.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\7df10c3ed851d59a] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\7df10c3ed851d59a] 'ImagePath' = '<DRIVERS>\7df10c3ed851d59a.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\30fdf] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Jiejok\uqfo.exe'
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: 7df10c3ed851d59a.sys
- NtOpenProcess, драйвер-обработчик: 7df10c3ed851d59a.sys
- <DRIVERS>\7df10c3ed851d59a.sys
- %APPDATA%\qybeac.edw
- %TEMP%\Jiejok\uqfo.exe
- <DRIVERS>\30fdf.sys
- '23.##.133.13':7608
- '13#.#7.198.100':2430
- '37.##.41.161':2190
- '13#.#17.72.241':1768
- '67.##8.254.65':2923
- '16#.#3.211.182':8424
- '37.##4.97.84':6640
- '23.##.64.182':7013
- '89.##.59.166':5682
- '19#.#34.52.206':9329
- '16#.#1.80.142':9272
- '23.##.72.192':4945
- '2.##.58.208':5844
- '23.#6.34.43':6953
- '17#.#9.110.91':1442
- ClassName: 'Indicator' WindowName: '(null)'