Техническая информация
Для обеспечения автозапуска и распространения:
Создает или изменяет следующие файлы:
- %WINDIR%\Tasks\SA.DAT
Вредоносные функции:
Запускает на исполнение:
- '<SYSTEM32>\svchost.exe' -k netsvcs
Изменения в файловой системе:
Создает следующие файлы:
- %CommonProgramFiles%\Microsoft Shared\Stationery\brvrjrke.exe
- %CommonProgramFiles%\System\ado\tsektjkj.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\ehbebsrn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\nsqjttkv.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\njbsvtll.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\sjwzlskk.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\res\lhbtcvlt.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\hltjtlne.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\jjjthqtn.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\ketssrzn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bcwvzwbh.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\czjevcet.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\xrljqjzn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\vkjljzrn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bhrhnkht.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\tlcwjrwt.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bnbtzwxt.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bzqlkhrh.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\qjllsjhl.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\elwtjnbj.exe
Сетевая активность:
Подключается к:
- '82.##5.19.210':445
- '82.##5.157.98':445
- '82.##5.120.164':445
- '82.##5.12.153':445
- '82.##5.47.61':445
- '82.##5.74.44':445
- '82.##5.29.75':445
- '82.##5.216.147':445
- '82.##5.44.37':445
- '82.##5.100.237':139
- '82.##5.74.101':139
- '82.##5.123.31':139
- '82.##5.70.169':139
- '82.##5.240.74':139
- '82.##5.148.103':445
- '82.##5.195.188':445
- '82.##5.186.208':139
- '82.##5.137.253':445
- '82.##5.188.238':445
- '82.##5.178.213':445
- '82.##5.174.59':445
- '82.##5.199.154':445
- '82.##5.36.216':445
- '82.##5.123.31':445
- '82.##5.70.169':445
- '82.##5.18.94':445
- '82.##5.66.90':445
- '82.##5.123.16':445
- '82.##5.101.113':445
- '82.##5.80.226':445
- '82.##5.104.38':445
- '82.##5.65.103':445
- '82.##5.117.149':445
- '82.##5.236.31':445
- '82.##5.233.101':445
- '82.##5.80.241':445
- '82.##5.120.164':139
- '82.##5.12.153':139
- '82.##5.148.103':139
- '82.##5.195.188':139
- '82.##5.19.210':139
- '82.##5.216.147':139
- '82.##5.44.37':139
- '82.##5.157.98':139
- '82.##5.47.61':139
- '82.##5.1.201':445
- '82.##5.122.174':445
- '82.##5.35.67':445
- '82.##5.234.161':445
- '82.##5.130.201':445
- '82.##5.196.101':445
- '82.##5.137.253':139
- '82.##5.38.102':445
- '82.##5.101.229':445
- '82.##5.174.59':139
- '82.##5.199.154':139
- '82.##5.117.149':139
- '82.##5.236.31':139
- '82.##5.188.238':139
- '82.##5.18.94':139
- '82.##5.66.90':139
- '82.##5.178.213':139
- '82.##5.36.216':139
- '82.##5.80.226':139
- '82.##5.104.38':139
- '82.##5.74.44':139
- '82.##5.29.75':139
- '82.##5.123.16':139
- '82.##5.233.101':139
- '82.##5.80.241':139
- '82.##5.101.113':139
- '82.##5.65.103':139
- '82.##5.78.202':139
- '82.##5.179.84':139
- '82.##5.88.114':139
- '82.##5.117.182':139
- '82.##5.13.102':139
- '82.##5.164.124':139
- '82.##5.170.112':139
- '82.##5.71.13':139
- '82.##5.71.76':139
- '82.##5.23.162':139
- '82.##5.16.208':139
- '82.##5.65.170':445
- '82.##5.4.217':445
- '82.##5.56.171':139
- '82.##5.41.61':139
- '82.##5.130.112':139
- '82.##5.120.247':139
- '82.##5.15.95':139
- '82.##5.88.34':139
- '82.##5.40.216':139
- '82.##5.204.238':139
- '82.##5.211.223':139
- '82.##5.85.252':139
- '82.##5.222.81':139
- '82.##5.176.136':139
- '82.##5.43.233':139
- '82.##5.37.151':139
- '82.##5.11.204':139
- '82.##5.4.121':139
- '82.##5.16.37':139
- '82.##5.64.16':139
- '82.##5.98.149':139
- '82.##5.112.175':139
- '82.##5.12.241':139
- '82.##5.229.40':139
- '82.##5.174.222':139
- '82.##5.115.68':139
- '82.##5.211.169':139
- '82.##5.29.105':139
- '82.##5.200.29':139
- '82.##5.246.211':139
- '82.##5.236.78':139
- '82.##5.218.119':139
- '82.#25.5.60':139
- '82.##5.159.112':139
- '82.##5.240.74':445
- '82.##5.186.208':445
- '82.##5.100.237':445
- '82.##5.74.101':445
- '82.##5.181.125':139
- '82.#25.60.2':139
- '82.##5.157.139':139
- '82.##5.156.181':139
- '82.##5.122.156':139
- '82.##5.211.169':445
- '82.##5.246.211':445
- '82.##5.200.29':445
- '82.##5.115.68':445
- '82.#25.5.60':445
- '82.##5.218.119':445
- '82.##5.111.191':445
- '82.##5.159.112':445
- '82.##5.236.78':445
- '82.##5.4.217':139
- '82.##5.181.125':445
- '82.##5.111.191':139
- '82.##5.65.170':139
- '82.##5.156.181':445
- '82.##5.157.139':445
- '82.##5.29.105':445
- '82.##5.122.156':445
- '82.#25.60.2':445
- '82.##5.160.86':445
- '82.##5.130.92':139
- '82.##5.2.230':139
- '82.##5.154.68':139
- '82.##5.141.166':139
- '82.##5.163.204':139
- '82.##5.173.98':445
- '82.##5.203.252':445
- '82.##5.36.120':139
- '82.##5.223.5':445
- '82.##5.130.231':139
- '82.##5.162.79':139
- '82.##5.146.233':139
- '82.##5.105.170':139
- '82.##5.188.67':139
- '82.##5.21.164':139
- '82.##5.69.63':139
- '82.##5.50.188':139
- '82.##5.134.172':139
- '82.##5.169.114':445
- '82.##5.83.242':445
- '82.##5.209.154':445
- '82.##5.10.127':445
- '82.##5.198.60':445
- '82.##5.10.138':445
- '82.##5.48.219':445
- '82.##5.72.140':445
- '82.##5.192.166':445
- '82.##5.76.62':445
- '82.##5.28.158':445
- '82.##5.206.203':445
- '82.##5.132.207':445
- '82.##5.139.219':445
- '82.##5.194.67':445
- '82.##5.127.194':445
- '82.##5.24.199':445
- '82.##5.34.113':445
- '82.##5.127.194':139
- '82.##5.209.154':139
- '82.##5.34.113':139
- '82.##5.194.67':139
- '82.##5.10.127':139
- '82.##5.198.60':139
- '82.##5.72.140':139
- '82.##5.169.114':139
- '82.##5.83.242':139
- '82.##5.203.252':139
- '82.##5.206.203':139
- '82.##5.223.5':139
- '82.##5.173.98':139
- '82.##5.132.207':139
- '82.##5.139.219':139
- '82.##5.24.199':139
- '82.##5.76.62':139
- '82.##5.28.158':139
- '82.##5.39.37':139
- '82.##5.221.38':139
- '82.##5.207.125':139
- '82.##5.37.86':139
- '82.##5.114.245':139
- '82.##5.208.62':139
- '82.##5.62.208':139
- '82.##5.93.131':139
- '82.##5.181.3':139
- '82.##5.48.219':139
- '82.##5.208.48':139
- '82.##5.192.166':139
- '82.##5.10.138':139
- '82.##5.113.73':139
- '82.##5.130.17':139
- '82.##5.37.37':139
- '82.##5.104.217':139
- '82.##5.250.50':139
- '82.##5.253.252':139
- '82.##5.75.45':139
- '82.##5.192.166':9988
- '82.##5.169.114':9988
- '82.##5.62.45':139
- '82.##5.134.59':139
- '82.##5.88.69':139
- '82.##5.2.169':139
- '82.##5.56.34':139
- '82.##5.83.242':9988
- '82.##5.130.17':9988
- '82.##5.10.138':9988
- '82.##5.39.37':9988
- '82.##5.250.50':9988
- '82.##5.37.37':9988
- '82.##5.221.38':9988
- '82.##5.113.73':9988
- '82.##5.198.60':9988
- '82.##5.75.45':445
- '82.##5.62.45':445
- '82.##5.196.101':139
- '82.##5.253.252':445
- '82.##5.2.169':445
- '82.##5.88.69':445
- '82.##5.34.203':445
- '82.##5.56.34':445
- '82.##5.134.59':445
- '82.##5.35.67':139
- '82.##5.234.161':139
- '82.##5.34.203':139
- '82.##5.160.86':139
- '82.##5.1.201':139
- '82.##5.38.102':139
- '82.##5.101.229':139
- '82.##5.122.174':139
- '82.##5.130.201':139
- '82.##5.93.131':445
- '82.##5.181.3':445
- '82.##5.221.38':445
- '82.##5.114.245':445
- '82.##5.208.62':445
- '82.##5.105.170':445
- '82.##5.130.231':445
- '82.##5.62.208':445
- '82.##5.146.233':445
- '82.##5.104.217':445
- '82.##5.250.50':445
- '82.##5.208.48':445
- '82.##5.113.73':445
- '82.##5.130.17':445
- '82.##5.37.86':445
- '82.##5.39.37':445
- '82.##5.37.37':445
- '82.##5.207.125':445
- '82.##5.36.120':445
- '82.##5.223.5':9988
- '82.##5.2.230':445
- '82.##5.163.204':445
- '82.##5.206.203':9988
- '82.##5.28.158':9988
- '82.##5.139.219':9988
- '82.##5.173.98':9988
- '82.##5.203.252':9988
- '82.##5.50.188':445
- '82.##5.134.172':445
- '82.##5.162.79':445
- '82.##5.188.67':445
- '82.##5.21.164':445
- '82.##5.141.166':445
- '82.##5.130.92':445
- '82.##5.69.63':445
- '82.##5.154.68':445
