Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Otnok' = '"%TEMP%\Veav\otnok.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\9f15aa81f9755834] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\9f15aa81f9755834] 'ImagePath' = '<DRIVERS>\9f15aa81f9755834.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\2a03d] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Veav\otnok.exe'
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: 9f15aa81f9755834.sys
- NtOpenProcess, драйвер-обработчик: 9f15aa81f9755834.sys
- <DRIVERS>\9f15aa81f9755834.sys
- %APPDATA%\tazo.yzy
- %TEMP%\Veav\otnok.exe
- <DRIVERS>\2a03d.sys
- '75.#.220.146':2763
- '61.##4.150.9':6958
- '23.##.64.182':7013
- '76.##.162.44':5877
- '17#.#9.110.91':1442
- '11#.#7.210.125':2700
- '70.##.245.106':7313
- '89.##.59.166':5682
- '18#.#66.114.48':8088
- '17#.#24.109.202':2561
- '23.##.42.224':2837
- ClassName: 'Indicator' WindowName: '(null)'