Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Obyxw' = '"%TEMP%\Umok\obyxw.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\d43202a82e92d8cc] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\d43202a82e92d8cc] 'ImagePath' = '<DRIVERS>\d43202a82e92d8cc.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\33029] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Umok\obyxw.exe'
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: d43202a82e92d8cc.sys
- NtOpenProcess, драйвер-обработчик: d43202a82e92d8cc.sys
- <DRIVERS>\d43202a82e92d8cc.sys
- %APPDATA%\xaoked.pep
- <DRIVERS>\33029.sys
- %TEMP%\Umok\obyxw.exe
- %TEMP%\KKNE1EE.bat
- <DRIVERS>\33029.sys
- '23.##.64.182':7013
- '37.##.41.161':2190
- '89.##.59.166':5682
- '18#.#2.179.247':8017
- '19#.#34.52.206':9329
- '31.##.186.225':7922
- '23.##.72.192':4945
- '85.##.106.65':7039
- '16#.#3.154.114':3700
- '10#.#11.248.177':5574
- '61.##4.150.9':6958
- '23.##.42.224':2837
- '16#.#3.211.182':8424
- '94.#8.99.85':8596
- '21#.#3.184.21':9158
- '17#.#9.110.91':1442
- '13#.#7.198.100':2430
- '13#.#1.49.30':2838
- ClassName: 'Indicator' WindowName: '(null)'