Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SonyAgent' = '<Полный путь к вирусу>'
- '<SYSTEM32>\conhost.exe'
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80070422_76a4385aa7fdcd3dc476f7ea51e8ea5565f02fd_0ad111cb\Report.wer
- <Полный путь к вирусу>
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- '17#.#50.138.2':80
- 'localhost':49202
- 'localhost':49205
- 'localhost':49208
- '46.##9.162.39':80
- '92.##.102.149':80
- '77.#22.60.4':80
- 'localhost':49193
- 'localhost':49196
- 'localhost':49199
- '21#.#11.238.49':80
- '37.##9.104.20':80
- '91.#18.91.2':80
- '10#.#00.230.8':80
- '20#.#6.232.182':80
- '17#.#6.76.20':80
- 'localhost':49217
- 'localhost':49211
- '17#.#1.153.4':80
- '11#.#2.80.47':80
- '21#.#3.48.137':80
- 'localhost':49214
- '17#.#58.218.93':80
- 'localhost':49169
- 'localhost':49172
- 'localhost':49175
- '91.##2.145.19':80
- '19#.#07.132.19':80
- '93.#7.92.93':80
- 'localhost':49160
- 'localhost':49163
- 'localhost':49166
- '10#.#6.241.246':80
- 'localhost':49187
- '37.##9.87.161':80
- '93.#7.164.2':80
- '17#.#72.177.48':80
- 'localhost':49190
- 'localhost':49184
- 'localhost':49178
- '37.#7.52.99':80
- '91.##5.93.227':80
- '77.#7.29.52':80
- 'localhost':49181
- 91.##2.145.19/file.htm
- 17#.#6.76.20/start.htm
- 37.##9.104.20/main.htm
- 10#.#00.230.8/main.htm
- DNS ASK wa####.microsoft.com
- '22#.0.0.252':5355