Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ilda' = '"%APPDATA%\Tasai\ilda.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\76e157d3d1422e21] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\76e157d3d1422e21] 'ImagePath' = '<DRIVERS>\76e157d3d1422e21.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\2f236] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Tasai\ilda.exe'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\cscript.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- NtOpenThread, драйвер-обработчик: unknown
- NtOpenProcess, драйвер-обработчик: unknown
- <DRIVERS>\76e157d3d1422e21.sys
- <LS_APPDATA>\aqfeef.zop
- <DRIVERS>\2f236.sys
- %APPDATA%\Tasai\ilda.exe
- %TEMP%\MOQ526F.bat
- <DRIVERS>\2f236.sys
- '70.##.226.202':4422
- '17#.#45.217.122':2943
- '81.##9.88.233':2879
- '50.##9.168.36':4997
- '20#.#05.226.130':4322
- '1.###.64.211':3670
- '12#.#02.71.137':1193
- '27.##.110.77':5235
- '20#.#51.45.31':1978
- '85.#00.41.9':8835
- '11#.#26.143.176':9551
- '13#.#36.98.115':1372
- '61.#8.200.5':3397
- '11#.#37.62.27':8468
- '86.##5.39.241':1075
- '60.#44.81.6':6006
- '11#.#72.162.34':7972
- ClassName: 'Indicator' WindowName: '(null)'