Техническая информация
Вредоносные функции
Запускает большое число процессов
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\781b.tmp\782c.tmp\783d.bat
- nul
- C:\temp\oldwallpaper.txt
- %TEMP%\etilqs_oghqr0oxubc1skj
- %TEMP%\etilqs_q94gyiuovpaaesk
- %TEMP%\etilqs_vlzhelg5uwwfipq
- %TEMP%\etilqs_wwwd0jp40m21g08
- %TEMP%\etilqs_9fxewg220olvyki
- %TEMP%\etilqs_2e5h3xaqeynfed4
- %TEMP%\etilqs_zwkmhoeqfmd2arn
- %TEMP%\etilqs_pz1wltwglsfhmyk
- %TEMP%\etilqs_lvjdryfbqldkv2q
Сетевая активность
Подключается к
- 'au######te.geo.opera.com':80
- 'au######te.geo.opera.com':443
- 'google.com':80
- 'se####.yahoo.com':80
- 'du###uckgo.com':443
- 'bing.com':80
- 'am##on.com':80
- 'am##on.com':443
- 'se####.yahoo.com':443
- 'en.###ipedia.org':80
- 'en.###ipedia.org':443
- 're###.opera.com':80
- 'si#####ck2.opera.com':80
TCP
Запросы HTTP GET
- http://au######te.geo.opera.com/geolocation/
- http://www.google.com/favicon.ico
- http://se####.yahoo.com/favicon.ico
- http://www.am##on.com/favicon.ico
- http://www.bing.com/s/a/bing_p.ico
- http://en.###ipedia.org/favicon.ico
- http://re###.opera.com/www.opera.com/firstrun/
- http://si#####ck2.opera.com/?ho###################################################
Другие
- 'au######te.geo.opera.com':443
- 'du###uckgo.com':443
- 'am##on.com':443
- 'se####.yahoo.com':443
- 'en.###ipedia.org':443
UDP
- DNS ASK google.com
- DNS ASK au######te.geo.opera.com
- DNS ASK se####.yahoo.com
- DNS ASK du###uckgo.com
- DNS ASK bing.com
- DNS ASK am##on.com
- DNS ASK bi##.#ikimedia.org
- DNS ASK en.###ipedia.org
- DNS ASK re###.opera.com
- DNS ASK si#####ck2.opera.com
Другое
Ищет следующие окна
- ClassName: 'Progman' WindowName: ''
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Opera Software\Opera Stable'
Запускает на исполнение
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\781B.tmp\782C.tmp\783D.bat <Полный путь к файлу>"
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=2348
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=4624
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="4260.0.846239989\130325356" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.12.1371696528\1457458846" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.11.1785309832\1658791310" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.10.962166809\1347734298" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.9.533167791\430162615" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=4904
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.8.568909827\225163492" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.7.126432487\1855266924" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3632.0.164424583\1741040651" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.6.413451863\704663865" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.5.1785022101\1941920865" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' --type=utility --channel="1088.4.2034127075\991147982" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001 /crash-reporter-parent-id=4488
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.4.2034127075\991147982" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="352.0.1105067425\1912546776" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=4260
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --extension-process --enable-we...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=3632
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1088.13.976832206\387224506" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="4904.0.1164782620\924017989" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=3916
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="4624.0.1702960247\1373927123" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gp...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=3352
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1280.0.614488373\1155673328" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=4892
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="888.0.1443277554\776956417" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1156.0.1245601630\870073941" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=1280
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=888
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="4024.0.611196181\1183955236" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=1156
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3496.0.807720298\365674120" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3484.0.569976422\543759932" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=4024
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=3484
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="4072.0.164604905\1334929277" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=3496
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3828.0.1969575259\1507831200" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gp...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3916.0.271624042\510934875" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=4072
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="2348.0.76734523\692708625" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-d...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=3828
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=4272
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --disable-client-side-phishing-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3404.0.1740935569\1433762802" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gp...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3368.0.1279573961\725518301" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401
- '%ProgramFiles(x86)%\opera\launcher.exe' -noautoupdate -- "http://moiprogrammy.net/avg-antivirus-free-download"
- '%ProgramFiles(x86)%\opera\launcher.exe' -noautoupdate -- "https://www.apponic.com/s/bitdefender-antivirus-2010/"
- '%ProgramFiles(x86)%\opera\launcher.exe' -noautoupdate -- "https://www.comss.ru/page.php?id=401"
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\taskmgr.exe'
- '<SYSTEM32>\calc.exe'
- '%ProgramFiles%\windows nt\accessories\wordpad.exe'
- '<SYSTEM32>\xcopy.exe' "wenomechainsama.bat" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
- '<SYSTEM32>\rundll32.exe' user32.dll,UpdatePerUserSystemParameters
- '<SYSTEM32>\reg.exe' add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "c:\somewhere\something.bmp" /f
- '<SYSTEM32>\rundll32.exe' user32.dll,UpdatePerUserSystemParameters 1, True
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideIcons /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\temp\petya-ransom-note.jpg /f
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "&{$p='HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StuckRects3';$v=(Get-ItemProperty -Path $p).Settings;$v[8]=3;&Set-ItemProperty -Path $p -Name Settings -Value $v;}"
- '<SYSTEM32>\findstr.exe' /ri "REG_SZ"
- '<SYSTEM32>\reg.exe' query "HKCU\Control Panel\Desktop" /V WallPaper
- '<SYSTEM32>\cmd.exe' /c reg query "HKCU\Control Panel\Desktop" /V WallPaper |findstr /ri "REG_SZ"
- '<SYSTEM32>\cacls.exe' "<SYSTEM32>\config\system"
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=1444
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=940
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1672.0.1474750940\228289688" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="940.0.210623214\785139634" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-d...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1436.0.820941539\234996901" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3292.0.1439111209\1557979927" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gp...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="632.0.801161042\202111544" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-d...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1088.0.1413607147\1053954523" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gp...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1196.0.1113603332\192071000" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1960.0.490557834\526701281" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1444.0.488320649\1262537360" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=3404
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="3056.0.988076710\65989374" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-d...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=3368
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=3292
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=3056
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=1436
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=1960
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=1196
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=632
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://moiprogrammy.net/avg-antivirus-free-download /crash-reporter-parent-id=1672
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.apponic.com/s/bitdefender-antivirus-2010/ /crash-reporter-parent-id=1088
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.comss.ru/page.php?id=401 /crash-reporter-parent-id=352
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="4892.0.726472796\354688026" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
