Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{D9B1D445-AEFE-5B83-BCB50F636B53C270}' = '%ALLUSERSPROFILE%\Application Data\wepizup.exe'
Изменения в файловой системе:
Создает следующие файлы:
- %ALLUSERSPROFILE%\Application Data\wepizup.exe
Присваивает атрибут 'скрытый' для следующих файлов:
- %ALLUSERSPROFILE%\Application Data\wepizup.exe
Сетевая активность:
Подключается к:
- '1.#.1.1':443
- '12#.#59.1.188':445
- '<LOCALNET>.0.160':445
- '<LOCALNET>.0.159':445
- '16#.#7.102.196':445
- '<LOCALNET>.0.158':445
- '11#.#07.87.70':445
- '<LOCALNET>.0.157':445
- '<LOCALNET>.0.156':445
- 'po##.#inexmr.com':4444
- '12#.#29.251.139':445
- '<LOCALNET>.0.155':445
- '<LOCALNET>.0.154':445
- '40.##6.46.14':445
- '<LOCALNET>.0.153':445
- '<LOCALNET>.0.152':445
- '19#.#22.49.250':445
- '<LOCALNET>.0.151':445
- '<LOCALNET>.0.150':445
- '22#.#44.168.240':445
- '<LOCALNET>.0.149':445
- '<LOCALNET>.0.148':445
- '21#.#2.231.141':445
- '<LOCALNET>.0.147':445
- '<LOCALNET>.0.161':445
- '<LOCALNET>.0.162':445
- '16#.#5.62.224':445
- '<LOCALNET>.0.163':445
- '15#.#1.184.203':445
- '<LOCALNET>.0.179':445
- '<LOCALNET>.0.178':445
- '<LOCALNET>.0.177':445
- '18#.#26.80.190':445
- '<LOCALNET>.0.176':445
- '21#.#11.74.252':445
- '<LOCALNET>.0.175':445
- '<LOCALNET>.0.174':445
- '<LOCALNET>.0.173':445
- '15#.#51.236.204':445
- '<LOCALNET>.0.171':445
- '<LOCALNET>.0.172':445
- '15#.#37.249.99':445
- '<LOCALNET>.0.170':445
- '<LOCALNET>.0.169':445
- '58.##.39.250':445
- '<LOCALNET>.0.168':445
- '<LOCALNET>.0.167':445
- '84.##8.149.222':445
- '<LOCALNET>.0.166':445
- '<LOCALNET>.0.165':445
- '16#.#34.67.190':445
- '<LOCALNET>.0.164':445
- '<LOCALNET>.0.180':445
- '<LOCALNET>.0.146':445
- '16#.#6.67.223':445
- '<LOCALNET>.0.145':445
- '46.##.147.243':445
- '13#.#3.24.117':445
- '94.##1.248.51':445
- '8.###.178.71':445
- '10#.#90.123.129':445
- '10#.#7.124.19':445
- '14#.#0.159.62':445
- '<LOCALNET>.0.137':445
- '20#.#6.71.119':445
- '20#.#99.75.101':445
- '69.##1.175.19':445
- '42.##3.96.62':445
- '<LOCALNET>.0.136':445
- '13#.#6.154.115':445
- '15#.#9.208.83':445
- '95.##0.96.250':445
- '21#.#4.225.215':445
- '<LOCALNET>.0.135':445
- '16#.#54.166.151':445
- '17#.#01.111.229':445
- '21#.#5.151.180':445
- '15#.#83.234.83':445
- '<LOCALNET>.0.134':445
- '15#.#31.84.26':445
- '11#.#07.224.163':445
- '58.##4.94.45':445
- '<LOCALNET>.0.138':445
- '<LOCALNET>.0.144':445
- '<LOCALNET>.0.143':445
- '10#.#17.186.124':445
- '<LOCALNET>.0.142':445
- '62.##7.228.86':445
- '65.##.39.185':445
- '18#.#6.241.193':445
- '<LOCALNET>.0.141':445
- '64.##.172.21':445
- '13.##9.47.132':445
- '49.#.43.51':445
- '21#.#45.224.224':445
- '53.##0.239.171':445
- '<LOCALNET>.0.140':445
- '41.##1.171.125':445
- '50.##8.238.142':445
- '53.##.27.200':445
- '14#.#.47.195':445
- '21#.#3.218.101':445
- '34.##4.177.128':445
- '<LOCALNET>.0.139':445
- '10#.#3.45.177':445
- '15#.#49.172.82':445
- '19#.#.157.59':445
- '98.##5.67.147':445
- '<LOCALNET>.0.181':445
- '57.##8.108.238':445
- '<LOCALNET>.0.182':445
- '<LOCALNET>.0.237':445
- '<LOCALNET>.0.236':445
- '13#.#92.228.25':445
- '<LOCALNET>.0.235':445
- '<LOCALNET>.0.234':445
- '14.##7.72.81':445
- '<LOCALNET>.0.233':445
- '<LOCALNET>.0.232':445
- '<LOCALNET>.0.231':445
- '<LOCALNET>.0.230':445
- '5.###.255.137':445
- '<LOCALNET>.0.228':445
- '<LOCALNET>.0.238':445
- '84.##6.183.3':445
- '<LOCALNET>.0.227':445
- '<LOCALNET>.0.226':445
- '50.##.102.186':445
- '<LOCALNET>.0.225':445
- '<LOCALNET>.0.224':445
- '<LOCALNET>.0.223':445
- '13#.#16.244.213':445
- '<LOCALNET>.0.222':445
- '14#.#4.4.152':445
- '<LOCALNET>.0.229':445
- '18#.#05.165.45':445
- '<LOCALNET>.0.239':445
- '10#.#5.226.207':445
- '15#.#69.133.167':445
- '<LOCALNET>.0.255':445
- '<LOCALNET>.0.254':445
- '35.##.58.255':445
- '<LOCALNET>.0.253':445
- '<LOCALNET>.0.252':445
- '8.##.55.82':445
- '<LOCALNET>.0.251':445
- '19#.#6.88.235':445
- '<LOCALNET>.0.250':445
- '<LOCALNET>.0.221':445
- '19#.#8.47.241':445
- '24.#.169.166':445
- '<LOCALNET>.0.247':445
- '<LOCALNET>.0.246':445
- '86.#.54.116':445
- '<LOCALNET>.0.245':445
- '<LOCALNET>.0.244':445
- '<LOCALNET>.0.243':445
- '20#.#06.55.49':445
- '<LOCALNET>.0.242':445
- '<LOCALNET>.0.241':445
- '<LOCALNET>.0.240':445
- '<LOCALNET>.0.248':445
- '70.##1.107.214':445
- '<LOCALNET>.0.220':445
- '21#.#13.241.65':445
- '<LOCALNET>.0.219':445
- '<LOCALNET>.0.190':445
- '<LOCALNET>.0.198':445
- '<LOCALNET>.0.197':445
- '19#.#2.68.235':445
- '<LOCALNET>.0.196':445
- '<LOCALNET>.0.195':445
- '19#.#37.57.241':445
- '<LOCALNET>.0.194':445
- '<LOCALNET>.0.193':445
- '11#.#63.82.232':445
- '<LOCALNET>.0.192':445
- '12#.#29.175.122':445
- '13#.#5.234.122':445
- '40.##.56.204':445
- '<LOCALNET>.0.189':445
- '82.##6.51.252':445
- '<LOCALNET>.0.188':445
- '<LOCALNET>.0.187':445
- '15#.#4.89.131':445
- '<LOCALNET>.0.186':445
- '<LOCALNET>.0.185':445
- '<LOCALNET>.0.184':445
- '16#.#22.17.221':445
- '<LOCALNET>.0.183':445
- '<LOCALNET>.0.191':445
- '<LOCALNET>.0.210':445
- '<LOCALNET>.0.200':445
- '<LOCALNET>.0.202':445
- '<LOCALNET>.0.201':445
- '<LOCALNET>.0.218':445
- '38.##0.53.37':445
- '<LOCALNET>.0.217':445
- '<LOCALNET>.0.216':445
- '<LOCALNET>.0.215':445
- '88.##8.231.188':445
- '<LOCALNET>.0.214':445
- '<LOCALNET>.0.213':445
- '10#.#44.231.230':445
- '<LOCALNET>.0.212':445
- '27.##7.8.252':445
- '<LOCALNET>.0.211':445
- '<LOCALNET>.0.199':445
- '<LOCALNET>.0.209':445
- '19#.#25.149.239':445
- '<LOCALNET>.0.208':445
- '<LOCALNET>.0.207':445
- '4.##.37.73':445
- '<LOCALNET>.0.206':445
- '<LOCALNET>.0.205':445
- '14#.#13.146.182':445
- '<LOCALNET>.0.204':445
- '<LOCALNET>.0.203':445
- '13#.#3.50.29':445
- '<LOCALNET>.0.249':445
- '11#.#15.186.171':445
- '5.###.141.183':445
- '17#.#18.60.9':445
- '<LOCALNET>.0.63':445
- '<LOCALNET>.0.62':445
- '10#.#1.31.122':445
- '<LOCALNET>.0.61':445
- '<LOCALNET>.0.60':445
- '<LOCALNET>.0.59':445
- '<LOCALNET>.0.58':445
- '<LOCALNET>.0.57':445
- '<LOCALNET>.0.56':445
- '<LOCALNET>.0.55':445
- '<LOCALNET>.0.54':445
- '<LOCALNET>.0.53':445
- '83.#46.81.5':445
- '<LOCALNET>.0.52':445
- '<LOCALNET>.0.51':445
- '<LOCALNET>.0.50':445
- '<LOCALNET>.0.49':445
- '<LOCALNET>.0.48':445
- '<LOCALNET>.0.47':445
- '12#.#22.106.217':445
- '<LOCALNET>.0.46':445
- '<LOCALNET>.0.45':445
- '<LOCALNET>.0.64':445
- '<LOCALNET>.0.65':445
- '14#.#4.57.100':445
- '<LOCALNET>.0.66':445
- '<LOCALNET>.0.87':445
- '<LOCALNET>.0.86':445
- '<LOCALNET>.0.85':445
- '71.##2.68.139':445
- '<LOCALNET>.0.84':445
- '<LOCALNET>.0.83':445
- '<LOCALNET>.0.82':445
- '<LOCALNET>.0.81':445
- '<LOCALNET>.0.80':445
- '<LOCALNET>.0.79':445
- '2.##.201.83':445
- '<LOCALNET>.0.77':445
- '<LOCALNET>.0.78':445
- '<LOCALNET>.0.76':445
- '<LOCALNET>.0.75':445
- '<LOCALNET>.0.74':445
- '<LOCALNET>.0.73':445
- '<LOCALNET>.0.72':445
- '<LOCALNET>.0.71':445
- '<LOCALNET>.0.70':445
- '<LOCALNET>.0.69':445
- '<LOCALNET>.0.68':445
- '<LOCALNET>.0.67':445
- '12#.#9.42.233':445
- '<LOCALNET>.0.88':445
- '<LOCALNET>.0.44':445
- '14#.#8.163.150':445
- '<LOCALNET>.0.43':445
- '<LOCALNET>.0.15':445
- '<LOCALNET>.0.14':445
- '<LOCALNET>.0.13':445
- '<LOCALNET>.0.12':445
- '<LOCALNET>.0.11':445
- '<LOCALNET>.0.10':445
- '<LOCALNET>.0.9':445
- '<LOCALNET>.0.8':445
- '<LOCALNET>.0.7':445
- '4.##.78.155':445
- '<LOCALNET>.0.6':445
- '<LOCALNET>.0.5':445
- '<LOCALNET>.0.4':445
- '<LOCALNET>.0.3':445
- '10#.#48.181.180':445
- '<LOCALNET_GATEWAY>':445
- '<LOCALNET>.0.0':445
- '18#.#5.218.127':445
- '14#.#85.96.5':445
- '77.##.214.158':445
- '95.##4.249.202':445
- '10#.#59.173.70':445
- '20#.#10.254.139':445
- '<LOCALNET>.0.16':445
- '<LOCALNET>.0.17':445
- '<LOCALNET>.0.18':445
- '<LOCALNET>.0.19':445
- '<LOCALNET>.0.41':445
- '<LOCALNET>.0.40':445
- '<LOCALNET>.0.39':445
- '<LOCALNET>.0.38':445
- '<LOCALNET>.0.37':445
- '<LOCALNET>.0.36':445
- '<LOCALNET>.0.35':445
- '75.#8.27.85':445
- '<LOCALNET>.0.34':445
- '<LOCALNET>.0.33':445
- '<LOCALNET>.0.32':445
- '<LOCALNET>.0.31':445
- '19#.#45.122.4':445
- '<LOCALNET>.0.30':445
- '<LOCALNET>.0.29':445
- '<LOCALNET>.0.28':445
- '<LOCALNET>.0.27':445
- '<LOCALNET>.0.26':445
- '<LOCALNET>.0.25':445
- '<LOCALNET>.0.24':445
- '<LOCALNET>.0.23':445
- '<LOCALNET>.0.22':445
- '<LOCALNET>.0.21':445
- '<LOCALNET>.0.20':445
- '<LOCALNET>.0.42':445
- '91.##0.143.157':445
- '21#.#8.18.226':445
- '<LOCALNET>.0.89':445
- '13#.#14.80.2':445
- '22#.#6.4.176':445
- '79.##0.174.90':445
- '90.##9.178.83':445
- '15#.#7.230.184':445
- '17#.#2.199.104':445
- '54.##6.177.115':445
- '<LOCALNET>.0.131':445
- '82.##6.160.29':445
- '20#.#1.153.57':445
- '19#.#50.218.1':445
- '21#.#0.24.70':445
- '43.##6.69.127':445
- '35.##.29.115':445
- '20#.#50.113.252':445
- '<LOCALNET>.0.130':445
- '36.##8.1.211':445
- '13#.#8.28.169':445
- '39.##3.86.88':445
- '82.##1.26.131':445
- '98.##4.64.110':445
- '16#.57.3.78':445
- '13#.#3.161.80':445
- '11#.#06.227.60':445
- '32.##2.207.7':445
- '12#.#22.127.190':445
- '18#.#16.244.141':445
- '18#.#36.30.20':445
- '13#.#37.160.41':445
- '90.##1.24.197':445
- '16#.#3.241.125':445
- '15#.#00.246.111':445
- '11#.#0.252.220':445
- '21#.#2.42.226':445
- '10#.#3.91.202':445
- '48.##7.127.189':445
- '<LOCALNET>.0.133':445
- '75.##.234.58':445
- '<LOCALNET>.0.132':445
- '50.##5.57.231':445
- '88.##.174.193':445
- '15#.#52.212.119':445
- '21#.#87.174.76':445
- '20#.#07.166.18':445
- '45.##7.58.26':445
- '16#.#7.209.192':445
- '15#.#99.19.167':445
- '21#.#71.148.6':445
- '21#.#.54.142':445
- '21#.#.134.166':445
- '45.##1.154.51':445
- '16#.#7.3.109':445
- '14#.#68.234.122':445
- '12#.#60.99.116':445
- '36.##.116.90':445
- '<LOCALNET>.0.100':445
- '<LOCALNET>.0.110':445
- '<LOCALNET>.0.109':445
- '97.##.18.144':445
- '<LOCALNET>.0.108':445
- '<LOCALNET>.0.107':445
- '<LOCALNET>.0.106':445
- '<LOCALNET>.0.105':445
- '<LOCALNET>.0.104':445
- '<LOCALNET>.0.103':445
- '<LOCALNET>.0.102':445
- '20#.#13.176.204':445
- '<LOCALNET>.0.112':445
- '<LOCALNET>.0.99':445
- '<LOCALNET>.0.98':445
- '<LOCALNET>.0.97':445
- '<LOCALNET>.0.96':445
- '90.##1.24.97':445
- '<LOCALNET>.0.95':445
- '<LOCALNET>.0.94':445
- '<LOCALNET>.0.93':445
- '<LOCALNET>.0.92':445
- '<LOCALNET>.0.91':445
- '<LOCALNET>.0.90':445
- '<LOCALNET>.0.101':445
- '18.##7.16.191':445
- '<LOCALNET>.0.113':445
- '<LOCALNET>.0.116':445
- '<LOCALNET>.0.114':445
- '<LOCALNET>.0.129':445
- '20#.#4.77.157':445
- '11#.#71.23.217':445
- '76.##.144.183':445
- '62.##6.106.222':445
- '19#.#81.234.207':445
- '14#.#84.237.231':445
- '69.#7.148.8':445
- '19#.#72.88.132':445
- '<LOCALNET>.0.128':445
- '<LOCALNET>.0.115':445
- '10#.#32.93.41':445
- '<LOCALNET>.0.111':445
- '<LOCALNET>.0.126':445
- '<LOCALNET>.0.125':445
- '<LOCALNET>.0.124':445
- '<LOCALNET>.0.123':445
- '<LOCALNET>.0.122':445
- '<LOCALNET>.0.121':445
- '<LOCALNET>.0.120':445
- '<LOCALNET>.0.119':445
- '<LOCALNET>.0.118':445
- '<LOCALNET>.0.117':445
- '<LOCALNET>.0.127':445
- '20#.#26.190.138':445
UDP:
- DNS ASK po##.#inexmr.com
Другое:
Создает и запускает на исполнение:
- '%ALLUSERSPROFILE%\Application Data\wepizup.exe'
