Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemhmzig.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemxtlii.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemjjvzz.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemevtoz.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemevosj.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemulopq.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemjaxmg.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemjnwls.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqempybar.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemalrec.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemhwhwb.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemcedef.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemxwsld.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemnedqf.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemcxpzq.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemrmuyj.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemovjzp.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemwhhqn.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemyubfj.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemtjnsz.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemihrph.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemlijwu.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemajmnl.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemwgnml.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemmufln.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemumwux.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemrffgq.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemwmwjd.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemythwh.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemtroqa.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemysusg.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemfyqiu.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemmqqnb.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqembubty.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemuwkgu.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemzbooj.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemgdnwf.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemqywpq.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemtpqdt.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemzwzxm.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemskswa.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemnmacd.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemvtsgu.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemkidlf.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemsdevq.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemagudr.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemfkthb.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemvixop.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemqkonb.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemsbtpi.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemabpex.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemgpygl.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemvycnw.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemaoymt.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemkgdhh.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemktuhd.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqembsbbb.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemtyqft.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemluwzm.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemqjwhk.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemycpgp.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemiffnf.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\Sysqemddmvj.exe'
Вредоносные функции:
Создает и запускает на исполнение:
- '%TEMP%\Sysqemhmzig.exe'
- '%TEMP%\Sysqemxtlii.exe'
- '%TEMP%\Sysqemjjvzz.exe'
- '%TEMP%\Sysqemevtoz.exe'
- '%TEMP%\Sysqemevosj.exe'
- '%TEMP%\Sysqemulopq.exe'
- '%TEMP%\Sysqemjaxmg.exe'
- '%TEMP%\Sysqemjnwls.exe'
- '%TEMP%\Sysqempybar.exe'
- '%TEMP%\Sysqemalrec.exe'
- '%TEMP%\Sysqemhwhwb.exe'
- '%TEMP%\Sysqemcedef.exe'
- '%TEMP%\Sysqemxwsld.exe'
- '%TEMP%\Sysqemnedqf.exe'
- '%TEMP%\Sysqemcxpzq.exe'
- '%TEMP%\Sysqemrmuyj.exe'
- '%TEMP%\Sysqemovjzp.exe'
- '%TEMP%\Sysqemwhhqn.exe'
- '%TEMP%\Sysqemyubfj.exe'
- '%TEMP%\Sysqemtjnsz.exe'
- '%TEMP%\Sysqemihrph.exe'
- '%TEMP%\Sysqemlijwu.exe'
- '%TEMP%\Sysqemajmnl.exe'
- '%TEMP%\Sysqemwgnml.exe'
- '%TEMP%\Sysqemmufln.exe'
- '%TEMP%\Sysqemumwux.exe'
- '%TEMP%\Sysqemrffgq.exe'
- '%TEMP%\Sysqemwmwjd.exe'
- '%TEMP%\Sysqemythwh.exe'
- '%TEMP%\Sysqemtroqa.exe'
- '%TEMP%\Sysqemysusg.exe'
- '%TEMP%\Sysqemfyqiu.exe'
- '%TEMP%\Sysqemmqqnb.exe'
- '%TEMP%\Sysqembubty.exe'
- '%TEMP%\Sysqemuwkgu.exe'
- '%TEMP%\Sysqemzbooj.exe'
- '%TEMP%\Sysqemgdnwf.exe'
- '%TEMP%\Sysqemqywpq.exe'
- '%TEMP%\Sysqemtpqdt.exe'
- '%TEMP%\Sysqemzwzxm.exe'
- '%TEMP%\Sysqemskswa.exe'
- '%TEMP%\Sysqemnmacd.exe'
- '%TEMP%\Sysqemvtsgu.exe'
- '%TEMP%\Sysqemkidlf.exe'
- '%TEMP%\Sysqemsdevq.exe'
- '%TEMP%\Sysqemagudr.exe'
- '%TEMP%\Sysqemfkthb.exe'
- '%TEMP%\Sysqemvixop.exe'
- '%TEMP%\Sysqemqkonb.exe'
- '%TEMP%\Sysqemsbtpi.exe'
- '%TEMP%\Sysqemabpex.exe'
- '%TEMP%\Sysqemgpygl.exe'
- '%TEMP%\Sysqemvycnw.exe'
- '%TEMP%\Sysqemaoymt.exe'
- '%TEMP%\Sysqemkgdhh.exe'
- '%TEMP%\Sysqemktuhd.exe'
- '%TEMP%\Sysqembsbbb.exe'
- '%TEMP%\Sysqemtyqft.exe'
- '%TEMP%\Sysqemluwzm.exe'
- '%TEMP%\Sysqemqjwhk.exe'
- '%TEMP%\Sysqemycpgp.exe'
- '%TEMP%\Sysqemiffnf.exe'
- '%TEMP%\Sysqemddmvj.exe'
Запускает на исполнение:
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
Изменения в файловой системе:
Создает следующие файлы:
- %TEMP%\Sysqemxtlii.exe
- %TEMP%\Sysqemhmzig.exe
- %TEMP%\Sysqemjnwls.exe
- %TEMP%\Sysqemjjvzz.exe
- %TEMP%\Sysqemulopq.exe
- %TEMP%\Sysqemevosj.exe
- %TEMP%\Sysqemevtoz.exe
- %TEMP%\Sysqemjaxmg.exe
- %TEMP%\Sysqemalrec.exe
- %TEMP%\Sysqempybar.exe
- %TEMP%\Sysqemfyqiu.exe
- %TEMP%\Sysqemhwhwb.exe
- %TEMP%\Sysqemnedqf.exe
- %TEMP%\Sysqemxwsld.exe
- %TEMP%\Sysqemcedef.exe
- %TEMP%\Sysqemcxpzq.exe
- %TEMP%\Sysqemwhhqn.exe
- %TEMP%\Sysqemovjzp.exe
- %TEMP%\Sysqemwgnml.exe
- %TEMP%\Sysqemyubfj.exe
- %TEMP%\Sysqemlijwu.exe
- %TEMP%\Sysqemihrph.exe
- %TEMP%\Sysqemtjnsz.exe
- %TEMP%\Sysqemajmnl.exe
- %TEMP%\Sysqemumwux.exe
- %TEMP%\Sysqemmufln.exe
- %TEMP%\Sysqemrmuyj.exe
- %TEMP%\Sysqemrffgq.exe
- %TEMP%\Sysqemtroqa.exe
- %TEMP%\Sysqemythwh.exe
- %TEMP%\Sysqemwmwjd.exe
- %TEMP%\Sysqemysusg.exe
- %TEMP%\Sysqemvycnw.exe
- %TEMP%\Sysqemuwkgu.exe
- %TEMP%\Sysqembubty.exe
- %TEMP%\Sysqemsdevq.exe
- %TEMP%\Sysqemzwzxm.exe
- %TEMP%\Sysqemtpqdt.exe
- %TEMP%\Sysqemqywpq.exe
- %TEMP%\Sysqemmqqnb.exe
- %TEMP%\Sysqemzbooj.exe
- %TEMP%\Sysqemvtsgu.exe
- %TEMP%\Sysqemnmacd.exe
- %TEMP%\qpath.ini
- %TEMP%\Sysqamqqvaqqd.exe
- %TEMP%\Sysqemfkthb.exe
- %TEMP%\Sysqemagudr.exe
- %TEMP%\Sysqemskswa.exe
- %TEMP%\Sysqemkidlf.exe
- %TEMP%\Sysqemabpex.exe
- %TEMP%\Sysqemsbtpi.exe
- %TEMP%\Sysqemycpgp.exe
- %TEMP%\Sysqemktuhd.exe
- %TEMP%\Sysqemkgdhh.exe
- %TEMP%\Sysqemaoymt.exe
- %TEMP%\Sysqemqkonb.exe
- %TEMP%\Sysqemgpygl.exe
- %TEMP%\Sysqemluwzm.exe
- %TEMP%\Sysqemtyqft.exe
- %TEMP%\Sysqemgdnwf.exe
- %TEMP%\Sysqemvixop.exe
- %TEMP%\Sysqemddmvj.exe
- %TEMP%\Sysqemiffnf.exe
- %TEMP%\Sysqembsbbb.exe
- %TEMP%\Sysqemqjwhk.exe
Присваивает атрибут 'скрытый' для следующих файлов:
- %TEMP%\Sysqemxtlii.exe
- %TEMP%\Sysqemhmzig.exe
- %TEMP%\Sysqemjnwls.exe
- %TEMP%\Sysqemjjvzz.exe
- %TEMP%\Sysqemulopq.exe
- %TEMP%\Sysqemevosj.exe
- %TEMP%\Sysqemevtoz.exe
- %TEMP%\Sysqemjaxmg.exe
- %TEMP%\Sysqemalrec.exe
- %TEMP%\Sysqempybar.exe
- %TEMP%\Sysqemfyqiu.exe
- %TEMP%\Sysqemhwhwb.exe
- %TEMP%\Sysqemnedqf.exe
- %TEMP%\Sysqemxwsld.exe
- %TEMP%\Sysqemcedef.exe
- %TEMP%\Sysqemcxpzq.exe
- %TEMP%\Sysqemwhhqn.exe
- %TEMP%\Sysqemovjzp.exe
- %TEMP%\Sysqemwgnml.exe
- %TEMP%\Sysqemyubfj.exe
- %TEMP%\Sysqemlijwu.exe
- %TEMP%\Sysqemihrph.exe
- %TEMP%\Sysqemtjnsz.exe
- %TEMP%\Sysqemajmnl.exe
- %TEMP%\Sysqemumwux.exe
- %TEMP%\Sysqemmufln.exe
- %TEMP%\Sysqemrmuyj.exe
- %TEMP%\Sysqemrffgq.exe
- %TEMP%\Sysqemtroqa.exe
- %TEMP%\Sysqemythwh.exe
- %TEMP%\Sysqemwmwjd.exe
- %TEMP%\Sysqemysusg.exe
- %TEMP%\Sysqembubty.exe
- %TEMP%\Sysqemmqqnb.exe
- %TEMP%\Sysqemzwzxm.exe
- %TEMP%\Sysqemuwkgu.exe
- %TEMP%\Sysqemqywpq.exe
- %TEMP%\Sysqemgdnwf.exe
- %TEMP%\Sysqemzbooj.exe
- %TEMP%\Sysqemtpqdt.exe
- %TEMP%\Sysqemnmacd.exe
- %TEMP%\Sysqemskswa.exe
- %TEMP%\Sysqemvtsgu.exe
- %TEMP%\Sysqamqqvaqqd.exe
- %TEMP%\Sysqemagudr.exe
- %TEMP%\Sysqemsdevq.exe
- %TEMP%\Sysqemkidlf.exe
- %TEMP%\Sysqemfkthb.exe
- %TEMP%\Sysqemsbtpi.exe
- %TEMP%\Sysqemqkonb.exe
- %TEMP%\Sysqemktuhd.exe
- %TEMP%\Sysqemabpex.exe
- %TEMP%\Sysqemaoymt.exe
- %TEMP%\Sysqemvycnw.exe
- %TEMP%\Sysqemgpygl.exe
- %TEMP%\Sysqemkgdhh.exe
- %TEMP%\Sysqemtyqft.exe
- %TEMP%\Sysqembsbbb.exe
- %TEMP%\Sysqemvixop.exe
- %TEMP%\Sysqemluwzm.exe
- %TEMP%\Sysqemiffnf.exe
- %TEMP%\Sysqemycpgp.exe
- %TEMP%\Sysqemqjwhk.exe
- %TEMP%\Sysqemddmvj.exe
