Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ugqee' = '"%TEMP%\Jyyga\ugqee.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\bb1090191570f745] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\bb1090191570f745] 'ImagePath' = '<DRIVERS>\bb1090191570f745.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\2d99d] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%TEMP%\Jyyga\ugqee.exe'
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: bb1090191570f745.sys
- NtOpenProcess, драйвер-обработчик: bb1090191570f745.sys
- <DRIVERS>\bb1090191570f745.sys
- %APPDATA%\fifoo.huy
- %TEMP%\Jyyga\ugqee.exe
- <DRIVERS>\2d99d.sys
- <DRIVERS>\2d99d.sys
- '37.##.41.161':2190
- '16#.#1.80.142':9272
- '19#.#34.52.206':9329
- '31.##.75.203':1704
- '65.##.206.250':3232
- '37.##3.28.115':3878
- '76.##.162.44':5877
- '21#.#7.147.155':7673
- '99.##.173.219':8302
- '75.#.220.146':2763
- '10#.#53.212.95':4808
- '23.##.42.224':2837
- ClassName: 'Indicator' WindowName: '(null)'