Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SonyAgent' = '<Полный путь к вирусу>'
- '<SYSTEM32>\conhost.exe'
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80070422_76a4385aa7fdcd3dc476f7ea51e8ea5565f02fd_0ad10ecf\Report.wer
- <Полный путь к вирусу>
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- '31.##3.55.37':80
- 'localhost':49202
- 'localhost':49205
- 'localhost':49208
- '17#.8.1.70':80
- '31.##0.142.105':80
- '46.##9.187.244':80
- 'localhost':49193
- 'localhost':49196
- 'localhost':49199
- '19#.#49.114.35':80
- '17#.8.84.66':80
- '17#.#08.97.19':80
- '5.###.188.32':80
- '20#.#6.232.182':80
- '77.##2.198.58':80
- 'localhost':49217
- 'localhost':49211
- '12#.#40.242.19':80
- '83.##8.231.75':80
- '95.##.174.170':80
- 'localhost':49214
- '21#.75.17.4':80
- 'localhost':49169
- 'localhost':49172
- 'localhost':49175
- '21#.#6.47.45':80
- '10#.#7.133.43':80
- '21#.#22.233.98':80
- 'localhost':49160
- 'localhost':49163
- 'localhost':49166
- '46.##4.184.3':80
- 'localhost':49187
- '19#.#11.211.14':80
- '15#.#24.5.44':80
- '18#.#54.155.117':80
- 'localhost':49190
- 'localhost':49184
- 'localhost':49178
- '93.##5.19.122':80
- '46.##.182.10':80
- '17#.#11.184.41':80
- 'localhost':49181
- 5.###.188.32/install.htm
- 77.##2.198.58/start.htm
- 17#.8.84.66/home.htm
- 19#.#11.211.14/login.htm
- DNS ASK wa####.microsoft.com
- '22#.0.0.252':5355