Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11082' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25227' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21016' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2817' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28746' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19836' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '456' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23556' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32622' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18588' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7829' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5112' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9322' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5335' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15002' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16386' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32534' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32422' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14780' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9099' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18767' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28435' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22754' = '<Полный путь к вирусу>'
Вредоносные функции:
Для обхода брандмауэра удаляет или модифицирует следующие ключи реестра:
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Создает и запускает на исполнение:
- C:\lsass.exe exe <Полный путь к вирусу>
Изменения в файловой системе:
Создает следующие файлы:
- C:\lsass.exe
Сетевая активность:
Подключается к:
- '41.##0.11.88':3128
- '58.#48.5.2':3128
- '95.##.131.119':3128
- '21#.#35.175.244':3128
- '14#.#27.180.200':3128
- '89.##5.21.229':3128
- '95.##6.195.246':3128
- '22#.#65.120.116':3128
- '20#.#37.228.52':3128
- '11#.#10.166.163':3128
- '88.##3.125.206':3128
- '19#.#17.50.8':3128
- '22#.#65.9.203':3128
- '20#.#09.60.66':3128
- '19#.#06.184.63':3128
- '22#.#04.2.156':3128
- '95.##.128.175':3128
- '12#.#04.17.18':3128
- '93.##4.80.225':3128
- '95.##.154.46':3128
- '22#.#52.0.163':3128
- '20#.#1.51.74':3128
- '18#.#9.68.85':3128
- '11#.#7.9.125':3128
- '88.##5.71.68':3128
- '83.##5.1.131':3128
- '12#.#43.239.200':3128
- '95.##.169.67':3128
- '89.##8.93.24':3128
- '89.##2.145.50':3128
- '89.##5.26.221':3128
- '21#.#58.95.136':3128
- '22#.#9.252.37':3128
- '87.##8.19.66':3128
- '88.##3.179.180':3128
- '81.##6.224.25':3128
- '12#.#57.20.183':3128
- '59.##.128.180':3128
- '11#.#93.46.246':3128
- '14#.#23.168.168':3128
- '12#.#68.61.254':3128
- '20#.#6.171.5':3128
- '21#.#2.242.130':3128
- '11#.#9.179.121':3128
- '59.##.228.138':3128
- '19#.#6.84.58':3128
- '82.##1.37.107':3128
- '19#.#48.146.122':3128
- '19#.#4.164.157':3128
- '12#.#31.186.81':3128
- '20#.#77.215.190':3128
- '82.##2.103.247':3128
- '11#.#17.227.164':3128
- '11#.#1.227.148':3128
- '12#.#33.206.123':3128
- '18#.#58.3.133':3128
- '59.##1.64.115':3128
- '85.##5.205.250':3128
- '82.##9.181.50':3128
- '11#.#17.186.231':3128
- '11#.#55.3.189':3128
- '59.##3.155.205':3128
- '19#.#48.35.199':3128
- '89.##.88.140':3128
- '20#.#66.18.32':3128
- '12#.#2.55.239':3128
- '20#.#08.151.226':3128
- '21#.#50.170.26':3128
- '14#.#15.73.142':3128
- '61.##.240.63':3128
- '89.##5.23.181':3128
- '12#.#31.186.241':3128
- '82.##6.163.238':3128
- '89.##8.102.246':3128
- '11#.#05.144.151':3128
- '21#.#74.143.206':3128
- '83.##0.228.151':3128
- '83.##.81.250':3128
- '59.#4.74.7':3128
- '19#.#78.102.65':3128
- '21#.#4.68.214':3128
- '61.#.20.9':3128
- '21#.#5.80.208':3128
- '11#.#41.40.164':3128
- '89.##5.44.119':3128
- '19#.#69.218.149':3128
- '93.##.14.187':3128
- '19#.0.69.33':3128
- '95.##6.131.174':3128
- '95.##6.129.220':3128
- '85.##7.57.116':3128
- '14#.#20.85.105':3128
- '19#.#46.106.12':3128
- '12#.#42.82.246':3128
- '19#.#17.61.104':3128
- '19#.#.147.59':3128
- '82.##5.60.11':3128
- '79.#.186.199':3128
- '18#.#58.3.100':3128
- '89.##5.16.143':3128
- '21#.#18.109.50':6667
- '81.##.224.52':3128
- '20#.68.50.2':3128
- '82.##7.100.20':3128
- '59.#8.192.9':3128
- '95.##.150.109':3128
- '16#.#6.228.56':3128
- '11#.#32.246.128':3128
- '83.##6.143.132':3128
- '11#.#34.29.177':3128
- '88.##0.143.38':3128
- '59.##1.100.191':3128
- '11#.#98.89.132':3128
- '18#.#58.11.246':3128
- '19#.#78.114.229':3128
- '89.##5.10.162':3128
- '18#.#5.159.151':3128
- '19#.#17.203.6':3128
- '89.##5.246.91':3128
- '14#.#24.5.127':3128
- '20#.#54.245.125':3128
- '89.##2.110.12':3128
- '19#.#06.186.17':3128
- '11#.#97.4.42':3128
- '18#.#58.11.113':3128
- '12#.#60.167.200':3128
- '82.##9.127.108':3128
- '95.##.181.210':3128
- '20#.#67.215.225':3128
- '89.##5.21.236':3128
- '13#.#32.249.191':3128
- '85.##.185.143':3128
- '20#.#03.160.98':3128
- '19#.#17.97.218':3128
- '94.##9.185.44':3128
- '88.##6.79.53':3128
- '95.##.184.217':3128
- '14#.#17.69.132':3128
- '16#.#46.210.174':3128
- '59.#5.21.75':3128
- '41.##0.18.235':3128
- '95.##6.209.146':3128
- '21#.#16.162.1':3128
- '89.##5.11.156':3128
- '19#.#48.146.31':3128
- '41.##1.165.132':3128
- '11#.47.8.40':3128
- '81.##1.192.103':3128
- '21#.#4.213.104':3128
- '41.##0.163.21':3128
- '89.##5.8.208':3128
- '11#.#34.29.93':3128
- '21#.#29.158.83':3128
- '86.##5.240.217':3128
- '93.##3.67.210':3128
- '24.##.62.190':3128
- '86.##.112.93':3128
- '24.##2.201.196':3128
- '78.##4.134.7':3128
- '19#.#.103.42':3128
- '11#.#4.24.192':3128
- '19#.#33.137.187':3128
- '11#.#58.95.112':3128
- '59.##.18.183':3128
- '86.##.125.152':3128
- '19#.#17.51.210':3128
- '22#.#41.102.175':3128
- '11#.#92.139.154':3128
- '59.##.210.80':3128
- '22#.#18.110.238':3128
- '19#.#17.25.99':3128
- '12#.#68.217.244':3128
- '61.#7.38.28':3128
- '22#.#0.47.136':3128
- '89.##3.203.165':3128
- '95.##.133.222':3128
- '19#.#07.115.91':3128
- '19#.#48.69.120':3128
- '11#.#34.29.91':3128
- '12#.#45.92.210':3128
- '59.##.190.60':3128
- '41.##3.25.20':3128
- '85.##0.242.90':3128
- '11#.#4.131.59':3128
- '88.##5.164.219':3128
- '85.#1.153.1':3128
- '20#.#53.206.21':3128
- '11#.#34.30.64':3128
- '41.##0.158.38':3128
- '81.##.192.93':3128
- '61.##.110.22':3128
- '82.##8.148.6':3128
- '20#.#34.18.157':3128
- '21#.#0.232.183':3128
- '19#.#41.169.8':3128
- '81.##.224.236':3128
- '11#.#34.28.12':3128
- '11#.#41.40.19':3128
- '78.##.185.170':3128
- '11#.#02.184.240':3128
- '59.##8.61.156':3128
- '62.##3.38.134':3128
- '67.##0.65.27':3128
- '19#.#05.222.20':3128
- '15#.#07.61.35':3128
- '95.##6.163.128':3128
- '85.##7.158.138':3128
- '18#.#27.129.97':3128
- '91.##2.146.35':3128
- '19#.#17.139.53':3128
- '10#.#4.130.190':3128
- '11#.#58.92.75':3128
- '11#.#4.55.66':3128
- '21#.#28.216.119':3128
- '18#.#58.10.6':3128
- '89.##7.75.85':3128
- '19#.#78.73.114':3128
- '59.##8.153.121':3128
- '20#.#3.233.211':3128
- '11#.#17.231.109':3128
- '89.##5.15.183':3128
- '78.##.124.174':3128
- '12#.#36.22.172':3128
- '11#.#55.69.23':3128
- '11#.40.1.13':3128
- '21#.#11.228.71':3128
- '12#.#68.7.25':3128
- '59.##.200.52':3128
- '19#.#17.100.239':3128
- '21#.#42.212.31':3128
- '21#.#0.226.48':3128
- '41.##4.158.76':3128
- '12#.#68.4.96':3128
- '88.##5.169.190':3128
- '12#.#68.99.211':3128
- '11#.#33.65.99':3128
- '12#.#45.119.109':3128
- '77.##.176.147':3128
- '19#.#19.167.114':3128
- '11#.#7.248.5':3128
- '11#.#92.139.142':3128
- '14#.#08.141.130':3128
- '20#.#49.82.184':3128
- '19#.#17.45.181':3128
- '89.##5.21.227':3128
- '93.##3.194.136':3128
- '95.##.132.212':3128
- '11#.#34.30.140':3128
- '18#.#93.208.52':3128
- '10.#.1.254':3128
- '11#.#7.20.143':3128
- '11#.#59.83.95':3128
- '89.##3.148.31':3128
- '11#.#7.108.140':3128
- '11#.#7.7.151':3128
- '22#.#21.70.244':3128
- '95.##6.132.79':3128
- '60.##.129.136':3128
- '11#.#86.29.18':3128
- '11#.#41.40.47':3128
- '20#.#0.29.245':3128
- '77.##.173.135':3128
- '11#.#2.199.225':3128
- '81.##.115.138':3128
- '77.##0.218.213':3128
- '12#.#23.155.167':3128
- '20#.#7.198.45':3128
- '11#.#97.4.136':3128
- '41.##0.10.155':3128
- '58.#8.34.59':3128
- '95.##.139.191':3128
- '95.##6.131.89':3128
- '12#.#3.105.87':3128
- '89.##3.142.181':3128
- '82.##2.0.141':3128
- '12#.#68.30.220':3128
- '21#.#1.195.185':3128
- '11#.#7.9.198':3128
- '12#.#68.213.133':3128
- '11#.#34.137.115':3128
- '20#.#60.148.167':3128
- '88.##8.204.30':3128
- '82.##3.221.63':3128
- '95.##.157.15':3128
- '19#.#48.39.73':3128
- '83.#6.84.5':3128
- '19#.#33.141.53':3128
- '93.##4.201.226':3128
- '18#.#6.72.22':3128
- '22#.#65.120.91':3128
- '21#.#07.204.205':3128
- '59.##.40.186':3128
- '21#.#09.162.104':3128
- '18#.#58.8.190':3128
- '11#.#59.81.154':3128
- '20#.#0.121.199':3128
- '18#.#2.97.32':3128
- '78.##9.201.238':3128
- '22#.#65.120.96':3128
- '11#.#62.187.58':3128
- '11#.#98.167.99':3128
Другое:
Ищет следующие окна:
- ClassName: 'Indicator' WindowName: ''
