Техническая информация
Для обеспечения автозапуска и распространения
Создает или изменяет следующие файлы
- %APPDATA%\microsoft\windows\start menu\programs\startup\ejjgsytml.exe
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\s.bat
- %TEMP%\<Имя файла>.exe.pid
Сетевая активность
Подключается к
- 'pi#####webdesign.com':80
- 'ca###momo.cl':443
TCP
Запросы HTTP GET
- http://91.###.118.79:3689/bots/knock?wo###################################### via 91.##0.118.79
- http://www.fi########ouchconstructionllc.com/wordpress/wp-login.php
- http://ky##.org/wp-login.php
- http://fr##ert.de/wp-login.php
- http://li###earth.com/wp-login.php
- http://yo####agutierrez.co/wp-login.php
- http://be####dergill.com/wp-login.php
- http://st#####urg-fashion.com/wp-login.php
- http://fa###window.com/wp-login.php
- http://th#####ervoyager.com/wp-login.php
- http://by###bara.com/wp-login.php
- http://sl###anca.pl/wp-login.php
- http://it####dbusiness.com/wp-login.php
- http://re####raphics.co.uk/wp-login.php
- http://gu##dena.pl/wp-login.php
- http://fo#####noflifephc.org/wp-login.php
- http://da##ly.com/wp-login.php
- http://jc###mier.com/wp-login.php
- http://kh###khab.com/wp-login.php
- http://md####hnology.net/wp-login.php
- http://ma######etronceverte.com/wp-login.php
- http://ma###ybotca.com/wp-login.php
- http://li#####weethearts.co.nz/wp-login.php
- http://au#####mancaribe.com/wp-login.php
- http://www.al#####eachhouse.com/wp-login.php
- http://ti####hysique.nl/wp-login.php
- http://ad###lyali.com/wp-login.php
- http://ja####ckjunkie.com/wp-login.php
- http://sa######oductsonline.co.uk/wp-login.php
- http://ab##.co.za/wp-login.php
- http://lo####orts.com.br/wp-login.php
- http://sa###urltd.com/wp-login.php
- http://ko##kie.biz/wp-login.php
- http://ji#####emembership.in/wp-login.php
- http://na######en-kork-ramic.de/wp-login.php
- http://be#####mebrewclub.org/wp-login.php
- http://www.le##uto.vn/88/wp-login.php
- http://br###paris.fr/wp-login.php
- http://ba######arcelonaonfoot.com/wp-login.php
- http://www.ma#####untypress.com/wp-login.php
- http://mo#####illegives.org/wp-login.php
- http://da###smacs.com/wp-login.php
- http://ma#####ringfield.com/wp-login.php
- http://ah####morchids.com/wp-login.php
- http://ct####repacheco.es/wp-login.php
- http://di####larteries.com/wp-login.php
- http://le#####t-beverstedt.de/wp-login.php
- http://pa#######hopramsbottom.co.uk/wp-login.php
- http://ae###urkina.org/wp-login.php
- http://ma##its.nl/wp-login.php
- http://ch#####icristoinpisa.it/wp-login.php
- http://to##df.ir/wp-login.php
- http://el####uildersco.com/wp-login.php
- http://st#####chaseclay.com/wp-login.php
- http://em###onalsex.ca/wp-login.php
- http://xn######hbrieirm.xn--p1ai/wp-login.php
- http://lo###tieres.fr/wp-login.php
- http://de######lacecaterers.com/wp-login.php
- http://ta####marketing.dk/wp-login.php
- http://rh####icgaze.com/wp-login.php
- http://91.###.118.79:3689/gw?wo##### via 91.##0.118.79
- http://91.###.118.79:3689/gw?wo########## via 91.##0.118.79
- http://91.###.118.79:3689/bots/chkVersion?cu#################### via 91.##0.118.79
- http://91.###.118.79:3689/project/active via 91.##0.118.79
- http://ma####onstruct.ro/wp-login.php
- http://www.be######tageinverness.co.uk/wp-login.php
- http://su###ris.com/wp-login.php
- http://so####edecor.com/wp-login.php
- http://po######thproductions.com/wp-login.php
- http://co###iddles.com/wp-login.php
- http://www.vi#####ttiamerighi.com/wp-login.php
- http://my####hineshop.com/wp-login.php
- http://an####assage.com/wp-login.php
- http://xx##ode.com/wp-login.php
- http://bu####erzerkalo.org/wp-login.php
- http://es#####eijaflor.com.br/wp-login.php
- http://mi##ose.com/wp-login.php
- http://do###spub.ca/wp-login.php
- http://ch#####anaherbert.com/wp-login.php
- http://pe#####tertrinidad.com/wp-login.php
- http://ar##pe.com/wp-login.php
- http://ta#####ssibility.com/wp-login.php
- http://cl#######terinariaelcastell.com/wp-login.php
- http://av######.unitedsoccerstars.com/wp-login.php
- http://ow####onnorri.com/wp-login.php
- http://ni##.photo/wp-login.php
- http://al###ideo.lv/wp-login.php
- http://ki######nternational.org/wp-login.php
- http://sc#####schnackschatz.de/wp-login.php
Запросы HTTP POST
- http://ta####marketing.dk/wp-login.php
- http://ma####onstruct.ro/wp-login.php
- http://rh####icgaze.com/wp-login.php
- http://so####edecor.com/wp-login.php
- http://mi##ose.com/wp-login.php
- http://www.be######tageinverness.co.uk/wp-login.php
- http://ma#####ringfield.com/wp-login.php
- http://al###ideo.lv/wp-login.php
- http://ma##its.nl/wp-login.php
- http://to##df.ir/wp-login.php
- http://co###iddles.com/wp-login.php
- http://gu##dena.pl/wp-login.php
UDP
- DNS ASK me#######klassiekerservice.nl
- DNS ASK bu####erzerkalo.org
- DNS ASK ro####catering.com
- DNS ASK co###iddles.com
- DNS ASK ma###ybotca.com
- DNS ASK me####chicago.com
- DNS ASK ma#####untypress.com
- DNS ASK ct####repacheco.es
- DNS ASK mo#####illegives.org
- DNS ASK fi########ouchconstructionllc.com
- DNS ASK by###bara.com
- DNS ASK sa####rassard.com
- DNS ASK ou####rsports.dk
- DNS ASK ji#####emembership.in
- DNS ASK da###lite.nl
- DNS ASK da###smacs.com
- DNS ASK ro######ntsportscomplex.com
- DNS ASK be#####mebrewclub.org
- DNS ASK nh#####ctienhanh.com
- DNS ASK ba######arcelonaonfoot.com
- DNS ASK co###ry-h.co.jp
- DNS ASK ed###ger.com
- DNS ASK ta####marketing.dk
- DNS ASK le#####t-beverstedt.de
- DNS ASK oz####security.com
- DNS ASK de####homesiowa.com
- DNS ASK lo####orts.com.br
- DNS ASK de######lacecaterers.com
- DNS ASK be######tageinverness.co.uk
- DNS ASK al###ideo.lv
- DNS ASK ye####lektrik.com
- DNS ASK ja##x.nl
- DNS ASK ma######etronceverte.com
- DNS ASK st#####chaseclay.com
- DNS ASK rh####icgaze.com
- DNS ASK co##day.rs
- DNS ASK au######olsknoxville.com
- DNS ASK sl###anca.pl
- DNS ASK le##uto.vn
- DNS ASK ki###poux.com
- DNS ASK ma####onstruct.ro
- DNS ASK sa#####advocacia.com
- DNS ASK po######thproductions.com
- DNS ASK ni###itzer.com
- DNS ASK da###putter.org
- DNS ASK ab##.co.za
- DNS ASK ni######otorg.wordpress.com
- DNS ASK lo###tieres.fr
- DNS ASK ph######ssik-akademie.de
- DNS ASK ko##kie.biz
- DNS ASK hz##hz.com
- DNS ASK ch####clesofoz.com
- DNS ASK al####anehair.com
- DNS ASK th###ban.org
- DNS ASK ne####veyors.com
- DNS ASK wy#####szczecinek.pl
- DNS ASK de###ierinc.com
- DNS ASK li#####-peterborough.ca
- DNS ASK ec###novar.es
- DNS ASK la###rybag.us
- DNS ASK my####hineshop.com
- DNS ASK gc##.net.au
- DNS ASK gy###eksos.hu
- DNS ASK ie####rkeycs.org
- DNS ASK st###-design.de
- DNS ASK bo##andt.dk
- DNS ASK cl#####gbusiness.com
- DNS ASK fa###gazine.com
- DNS ASK re####basket.com
- DNS ASK kl#.org
- DNS ASK pr####hopksa.com
- DNS ASK mi###verse.de
- DNS ASK co####camera.com
- DNS ASK po#####hicpursuits.com
- DNS ASK br###paris.fr
- DNS ASK sm#####onecenter.com.mx
- DNS ASK a1##t.cz
- DNS ASK ah####morchids.com
- DNS ASK ca###momo.cl
- DNS ASK ad###lyali.com
- DNS ASK sa######oductsonline.co.uk
- DNS ASK ch#######championscircle.com
- DNS ASK mi###polis.org
- DNS ASK ps#######hone-readings-live.com
- DNS ASK ti####hysique.nl
- DNS ASK st###songs.com
- DNS ASK gl####dgoszczy.pl
- DNS ASK pl####ntspaving.com
- DNS ASK bu#####resources.com
- DNS ASK xn#####u8e6tc3o20y.com
- DNS ASK cu##us.es
- DNS ASK ac###lno24.ru
- DNS ASK re##i.bzh
- DNS ASK bl###nwater.com
- DNS ASK pr#####sannehotel.com
- DNS ASK sc#####schnackschatz.de
- DNS ASK bi###canica.cl
- DNS ASK au#####mancaribe.com
- DNS ASK pa#######hopramsbottom.co.uk
- DNS ASK f-#m.de
- DNS ASK ma######sindiangrill.com
- DNS ASK ma##its.nl
- DNS ASK pe#####tertrinidad.com
- DNS ASK ch#####icristoinpisa.it
- DNS ASK di####larteries.com
- DNS ASK fr####omitaly.co.uk
- DNS ASK di#####ciaindigena.com
- DNS ASK ar##pe.com
- DNS ASK ak####ohamed.com
- DNS ASK go###igger.com
- DNS ASK cl#######terinariaelcastell.com
- DNS ASK md####hnology.net
- DNS ASK or######icologiumbria.it
- DNS ASK fa###window.com
- DNS ASK an########vicesandmaintenance.com
- DNS ASK be####dergill.com
- DNS ASK do##eads.de
- DNS ASK vi#####ttiamerighi.com
- DNS ASK xx##ode.com
- DNS ASK ha##life.co
- DNS ASK st####entmow.org
- DNS ASK su###iya.com
- DNS ASK fi#####nderclover.com
- DNS ASK bc###orters.com
- DNS ASK bl#####ainbearish.com
- DNS ASK li#####weethearts.co.nz
- DNS ASK cl####odevelop.com
- DNS ASK tt##ax.nl
- DNS ASK ea###cheeky.com
- DNS ASK sn###bonne.com
- DNS ASK av######.unitedsoccerstars.com
- DNS ASK ow####onnorri.com
- DNS ASK wo####petasse.com
- DNS ASK fo###ecamp.ca
- DNS ASK li##cco.de
- DNS ASK xn######hbrieirm.xn--p1ai
- DNS ASK ki##team.ru
- DNS ASK sa###urltd.com
- DNS ASK es##r.it
- DNS ASK na######en-kork-ramic.de
- DNS ASK ni##.photo
- DNS ASK ro####orecillas.com
- DNS ASK fr##ert.de
- DNS ASK yo####agutierrez.co
- DNS ASK ch###smx.com
- DNS ASK li######braces-london.co.uk
- DNS ASK ge###islimo.biz
- DNS ASK ne####erkings.com
- DNS ASK ta#####ssibility.com
- DNS ASK no######ntryamericaninn.com
- DNS ASK em###onalsex.ca
- DNS ASK na###salon.co
- DNS ASK mi##ose.com
- DNS ASK ky##.org
- DNS ASK da##ly.com
- DNS ASK su###ris.com
- DNS ASK jc###mier.com
- DNS ASK ca#####avidez.com.br
- DNS ASK al#####eachhouse.com
- DNS ASK so####edecor.com
- DNS ASK kh###khab.com
- DNS ASK lu####cheseite.de
- DNS ASK fi#####oicegenetics.ca
- DNS ASK mo#####usereviews.com
- DNS ASK gu##dena.pl
- DNS ASK ch#####anaherbert.com
- DNS ASK ma#####ringfield.com
- DNS ASK it####dbusiness.com
- DNS ASK an####assage.com
- DNS ASK ae###urkina.org
- DNS ASK ad####ecashpro.com
- DNS ASK re####raphics.co.uk
- DNS ASK ar########ivate-investigators.com
- DNS ASK el####uildersco.com
- DNS ASK ap#######servicelasvegas.com
- DNS ASK th#####ervoyager.com
- DNS ASK te##tv.gr
- DNS ASK to##df.ir
- DNS ASK li###earth.com
- DNS ASK bw##.com.au
- DNS ASK co###nland.fi
- DNS ASK qu###page.fr
- DNS ASK pp##.net
- DNS ASK se###nline.com
- DNS ASK es#####eijaflor.com.br
- DNS ASK ra##arc.com
- DNS ASK pi#####webdesign.com
- DNS ASK fo#####noflifephc.org
- DNS ASK em#####resnikoff.com
- DNS ASK we####line.co.nz
- DNS ASK ki######nternational.org
- DNS ASK do###spub.ca
- DNS ASK st#####urg-fashion.com
- DNS ASK ma##etv.it
- DNS ASK si###pse.com
- DNS ASK li#####ernatifsbobet.us
- DNS ASK ja####ckjunkie.com
- DNS ASK st###dasinfo.nl
- DNS ASK ad##biz.dk
- DNS ASK wh#####arrelgifts.scot
Другое
Создает и запускает на исполнение
- '%WINDIR%\syswow64\cmd.exe' /Q /C %LOCALAPPDATA%\Temp/s.bat' (со скрытым окном)
Запускает на исполнение
- '%WINDIR%\syswow64\cmd.exe' /Q /C %LOCALAPPDATA%\Temp/s.bat
