Trojan.Inject5.59083

Техническая информация

Вредоносные функции

Внедряет код в

следующие системные процессы:

<SYSTEM32>\relog.exe

Изменения в файловой системе

Создает следующие файлы

%WINDIR%\windowsshell884303.log
%WINDIR%\windowssystemupdate870.log

Самоудаляется.

Сетевая активность

Подключается к

'47.#8.35.46':36281
'<LOCALNET>..83.0':51420
'<LOCALNET>..83.2':51420
'<LOCALNET>..83.1':51420
'<LOCALNET>..83.4':51420
'<LOCALNET>..83.6':51420
'<LOCALNET>..83.3':51420
'<LOCALNET>..83.5':51420
'<LOCALNET>..83.7':51420
'<LOCALNET>..83.8':51420
'<LOCALNET>..83.10':51420
'<LOCALNET>..83.12':51420
'<LOCALNET>..83.11':51420
'<LOCALNET>..83.9':51420
'<LOCALNET>..83.14':51420
'<LOCALNET>..83.16':51420
'<LOCALNET>..83.18':51420
'<LOCALNET>..83.13':51420
'<LOCALNET>..83.15':51420
'<LOCALNET>..83.20':51420
'<LOCALNET>..83.19':51420
'<LOCALNET>..83.17':51420
'<LOCALNET>..83.22':51420
'<LOCALNET>..83.21':51420
'<LOCALNET>..83.24':51420
'<LOCALNET>..83.23':51420
'<LOCALNET>..83.26':51420
'<LOCALNET>..83.28':51420
'<LOCALNET>..83.25':51420
'<LOCALNET>..83.27':51420
'<LOCALNET>..83.29':51420
'<LOCALNET>..83.30':51420
'<LOCALNET>..83.32':51420
'<LOCALNET>..83.34':51420
'<LOCALNET>..83.38':51420
'<LOCALNET>..83.44':51420
'<LOCALNET>..83.40':51420
'<LOCALNET>..83.36':51420
'<LOCALNET>..83.42':51420
'<LOCALNET>..83.33':51420
'<LOCALNET>..83.43':51420
'<LOCALNET>..83.39':51420
'<LOCALNET>..83.35':51420
'<LOCALNET>..83.41':51420
'<LOCALNET>..83.47':51420
'<LOCALNET>..83.46':51420
'<LOCALNET>..83.37':51420
'<LOCALNET>..83.31':51420
'<LOCALNET>..83.45':51420
'<LOCALNET>..83.48':51420
'<LOCALNET>..83.50':51420
'<LOCALNET>..83.49':51420
'<LOCALNET>..83.54':51420
'<LOCALNET>..83.52':51420
'<LOCALNET>..83.56':51420
'<LOCALNET>..83.53':51420
'<LOCALNET>..83.58':51420
'<LOCALNET>..83.55':51420
'<LOCALNET>..83.57':51420
'<LOCALNET>..83.62':51420
'<LOCALNET>..83.51':51420
'<LOCALNET>..83.60':51420
'<LOCALNET>..83.64':51420
'<LOCALNET>..83.66':51420
'<LOCALNET>..83.63':51420
'<LOCALNET>..83.61':51420
'<LOCALNET>..83.67':51420
'<LOCALNET>..83.68':51420
'<LOCALNET>..83.65':51420
'<LOCALNET>..83.59':51420
'<LOCALNET>..83.70':51420
'<LOCALNET>..83.72':51420
'<LOCALNET>..83.69':51420
'<LOCALNET>..83.74':51420
'<LOCALNET>..83.73':51420
'<LOCALNET>..83.71':51420
'<LOCALNET>..83.75':51420
'<LOCALNET>..83.77':51420
'<LOCALNET>..83.76':51420
'<LOCALNET>..83.79':51420
'<LOCALNET>..83.78':51420
'<LOCALNET>..83.81':51420
'<LOCALNET>..83.83':51420
'<LOCALNET>..83.80':51420
'<LOCALNET>..83.85':51420
'<LOCALNET>..83.87':51420
'<LOCALNET>..83.91':51420
'<LOCALNET>..83.89':51420
'<LOCALNET>..83.84':51420
'<LOCALNET>..83.86':51420
'<LOCALNET>..83.82':51420
'<LOCALNET>..83.88':51420
'<LOCALNET>..83.90':51420
'<LOCALNET>..83.92':51420
'<LOCALNET>..83.93':51420
'<LOCALNET>..83.95':51420
'<LOCALNET>..83.97':51420
'<LOCALNET>..83.94':51420
'<LOCALNET>..83.96':51420
'<LOCALNET>..83.99':51420
'<LOCALNET>..83.101':51420
'<LOCALNET>..83.103':51420
'<LOCALNET>..83.98':51420
'<LOCALNET>..83.100':51420
'<LOCALNET>..83.102':51420
'<LOCALNET>..83.104':51420
'<LOCALNET>..83.105':51420
'<LOCALNET>..83.106':51420
'<LOCALNET>..83.107':51420
'<LOCALNET>..83.108':51420
'<LOCALNET>..83.111':51420
'<LOCALNET>..83.113':51420
'<LOCALNET>..83.115':51420
'<LOCALNET>..83.117':51420
'<LOCALNET>..83.110':51420
'<LOCALNET>..83.112':51420
'<LOCALNET>..83.114':51420
'<LOCALNET>..83.116':51420
'<LOCALNET>..83.118':51420
'<LOCALNET>..83.120':51420
'<LOCALNET>..83.109':51420
'<LOCALNET>..83.119':51420
'<LOCALNET>..83.121':51420
'<LOCALNET>..83.123':51420
'<LOCALNET>..83.124':51420
'<LOCALNET>..83.126':51420
'<LOCALNET>..83.125':51420
'<LOCALNET>..83.128':51420
'<LOCALNET>..83.122':51420
'<LOCALNET>..83.129':51420
'<LOCALNET>..83.127':51420
'<LOCALNET>..83.131':51420
'<LOCALNET>..83.130':51420
'<LOCALNET>..83.133':51420
'<LOCALNET>..83.135':51420
'<LOCALNET>..83.132':51420
'<LOCALNET>..83.134':51420
'<LOCALNET>..83.136':51420
'<LOCALNET>..83.137':51420
'<LOCALNET>..83.138':51420
'<LOCALNET>..83.140':51420
'<LOCALNET>..83.142':51420
'<LOCALNET>..83.139':51420
'<LOCALNET>..83.141':51420
'<LOCALNET>..83.143':51420
'<LOCALNET>..83.145':51420
'<LOCALNET>..83.144':51420
'<LOCALNET>..83.146':51420
'<LOCALNET>..83.148':51420
'<LOCALNET>..83.150':51420
'<LOCALNET>..83.152':51420
'<LOCALNET>..83.149':51420
'<LOCALNET>..83.156':51420
'<LOCALNET>..83.151':51420
'<LOCALNET>..83.153':51420
'<LOCALNET>..83.147':51420
'<LOCALNET>..83.154':51420
'<LOCALNET>..83.158':51420
'<LOCALNET>..83.157':51420
'<LOCALNET>..83.160':51420
'<LOCALNET>..83.155':51420
'<LOCALNET>..83.159':51420
'<LOCALNET>..83.162':51420
'<LOCALNET>..83.161':51420
'<LOCALNET>..83.164':51420
'<LOCALNET>..83.163':51420
'<LOCALNET>..83.166':51420
'<LOCALNET>..83.165':51420
'<LOCALNET>..83.168':51420
'<LOCALNET>..83.167':51420
'<LOCALNET>..83.169':51420
'<LOCALNET>..83.170':51420
'<LOCALNET>..83.171':51420
'<LOCALNET>..83.177':51420
'<LOCALNET>..83.173':51420
'<LOCALNET>..83.172':51420
'<LOCALNET>..83.174':51420
'<LOCALNET>..83.176':51420
'<LOCALNET>..83.178':51420
'<LOCALNET>..83.175':51420
'<LOCALNET>..83.180':51420
'<LOCALNET>..83.182':51420
'<LOCALNET>..83.179':51420
'<LOCALNET>..83.181':51420
'<LOCALNET>..83.183':51420
'<LOCALNET>..83.184':51420
'<LOCALNET>..83.186':51420
'<LOCALNET>..83.189':51420
'<LOCALNET>..83.185':51420
'<LOCALNET>..83.190':51420
'<LOCALNET>..83.187':51420
'<LOCALNET>..83.188':51420
'<LOCALNET>..83.191':51420
'<LOCALNET>..83.192':51420
'<LOCALNET>..83.193':51420
'<LOCALNET>..83.194':51420
'<LOCALNET>..83.195':51420
'<LOCALNET>..83.196':51420
'<LOCALNET>..83.197':51420
'<LOCALNET>..83.198':51420
'<LOCALNET>..83.199':51420
'43.##9.192.68':46283
'47.##.113.58':46282
'47.#8.35.46':36283

TCP

Другие

'47.#8.35.46':36281
'47.#8.35.46':36283

UDP

'255.255.255.255':36891

Другое

Запускает на исполнение

'<SYSTEM32>\relog.exe'
'<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<SYSTEM32>\relog.exe"
'<SYSTEM32>\cmd.exe' /c del <Полный путь к файлу> >> NUL (со скрытым окном)