Trojan.DownLoader10.8797

Техническая информация

Для обеспечения автозапуска и распространения:

Создает следующие сервисы:

[<HKLM>\SYSTEM\ControlSet001\Services\MSWindows] 'Start' = '00000002'

Вредоносные функции:

Создает и запускает на исполнение:

'<SYSTEM32>\urdvxc.exe' /uninstallservice patch:<Полный путь к вирусу>
'<SYSTEM32>\urdvxc.exe' /service
'<SYSTEM32>\urdvxc.exe' /installservice
'<SYSTEM32>\urdvxc.exe' /start

Запускает на исполнение:

'<SYSTEM32>\dumprep.exe' 1140 -dm 7 7 %TEMP%\WER683c.dir00\svchost.exe.mdmp 16325836412032116

Изменения в файловой системе:

Создает следующие файлы:

%CommonProgramFiles%\Microsoft Shared\Stationery\bcwvzwbh.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\xrljqjzn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\qjllsjhl.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\czjevcet.exe
%TEMP%\WER683c.dir00\svchost.exe.mdmp
<SYSTEM32>\urdvxc.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bhrhnkht.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\vkjljzrn.exe

Самоудаляется.

Сетевая активность:

Подключается к:

'21#.#09.122.233':445
'21#.#09.145.12':445
'21#.#09.114.177':139
'21#.#09.121.115':139
'21#.#09.229.170':445
'21#.#09.151.177':445
'21#.#09.170.123':445
'21#.#09.132.152':445
'21#.#09.121.241':445
'21#.#09.177.50':139
'21#.#09.197.169':139
'21#.#09.101.240':139
'21#.#09.87.151':139
'21#.#09.132.152':139
'21#.#09.170.123':139
'21#.#09.178.138':139
'21#.#09.166.254':139
'21#.#09.61.104':139
'21#.#09.19.23':445
'21#.#09.177.84':445
'21#.#09.17.140':445
'21#.#09.32.164':445
'21#.#09.109.6':445
'21#.#09.180.63':445
'21#.#09.18.238':445
'21#.#09.168.238':445
'21#.#09.249.148':445
'21#.#09.10.126':445
'21#.#09.191.214':445
'21#.#09.221.94':445
'21#.#09.77.107':445
'21#.#09.252.149':445
'21#.#09.80.28':445
'21#.#09.234.20':445
'21#.#09.225.115':445
'21#.#09.61.111':445
'21#.#09.24.42':445
'21#.#09.255.233':445
'21#.#09.151.177':139
'21#.#09.255.233':139
'21#.#09.145.12':139
'21#.#09.17.140':139
'21#.#09.249.148':139
'21#.#09.10.126':139
'21#.#09.58.126':139
'21#.#09.61.111':139
'21#.#09.8.99':139
'21#.#09.57.27':139
'21#.#09.109.6':139
'21#.#09.191.214':139
'21#.#09.26.186':139
'21#.#09.122.233':139
'21#.#09.234.20':139
'21#.#09.198.219':139
'21#.#09.221.94':139
'21#.#09.174.58':139
'21#.#09.18.238':139
'21#.#09.77.107':139
'21#.#09.51.52':139
'21#.#09.32.192':139
'21#.#09.180.63':139
'21#.#09.19.23':139
'21#.#09.235.193':139
'21#.#09.225.115':139
'21#.#09.177.84':139
'21#.#09.220.167':139
'21#.#09.136.44':139
'21#.#09.229.170':139
'21#.#09.184.131':139
'21#.#09.32.164':139
'21#.#09.80.28':139
'21#.#09.1.87':139
'21#.#09.121.241':139
'21#.#09.249.96':139
'21#.#09.168.238':139
'21#.#09.182.202':139
'21#.#09.252.149':139
'21#.#09.136.223':139
'21#.#09.53.190':139
'21#.#09.242.56':139
'21#.#09.138.237':139
'21#.#09.224.105':139
'21#.#09.179.173':139
'21#.#09.74.2':139
'21#.#09.131.22':139
'21#.#09.90.133':139
'21#.#09.80.155':139
'21#.#09.211.248':139
'21#.#09.50.47':139
'21#.#09.43.211':139
'21#.#09.251.64':139
'21#.#09.93.70':139
'21#.#09.232.251':139
'21#.#09.175.153':139
'21#.#09.125.160':139
'21#.#09.118.93':139
'21#.#09.49.13':139
'21#.#09.55.21':139
'21#.#09.44.164':139
'21#.#09.6.192':139
'21#.#09.160.114':139
'21#.#09.242.56':445
'21#.#09.55.21':445
'21#.#09.9.109':139
'21#.#09.202.50':445
'21#.#09.136.128':139
'21#.#09.150.23':139
'21#.#09.232.26':139
'21#.#09.175.79':139
'21#.#09.131.68':139
'21#.#09.22.32':139
'21#.#09.72.132':139
'21#.#09.122.59':139
'21#.#09.171.11':139
'21#.#09.95.171':139
'21#.#09.91.125':139
'21#.#09.198.219':445
'21#.#09.220.167':445
'21#.#09.1.87':445
'21#.#09.32.192':445
'21#.#09.51.52':445
'21#.#09.101.240':445
'21#.#09.178.138':445
'21#.#09.182.202':445
'21#.#09.235.193':445
'21#.#09.197.169':445
'21#.#09.87.151':445
'21#.#09.174.58':445
'21#.#09.57.27':445
'21#.#09.26.186':445
'21#.#09.58.126':445
'21#.#09.249.96':445
'21#.#09.8.99':445
'21#.#09.136.44':445
'21#.#09.61.104':445
'21#.#09.24.115':139
'21#.#09.118.7':139
'21#.#09.65.36':139
'21#.#09.120.184':139
'21#.#09.93.37':139
'21#.#09.171.108':139
'21#.#09.155.200':139
'21#.#09.65.84':139
'21#.#09.220.248':139
'21#.#09.195.27':445
'21#.#09.114.177':445
'21#.#09.76.224':139
'21#.#09.166.254':445
'21#.#09.177.50':445
'21#.#09.157.199':139
'21#.#09.195.27':139
'21#.#09.121.115':445
'21#.#09.76.224':445
'21#.#09.202.50':139
'21#.#09.223.172':445
'21#.#09.105.124':445
'21#.#09.29.222':139
'21#.#09.110.15':139
'21#.#09.48.11':445
'21#.#09.202.178':445
'21#.#09.135.30':445
'21#.#09.99.48':445
'21#.#09.29.249':445
'21#.#09.234.238':139
'21#.#09.124.249':139
'21#.#09.191.11':139
'21#.#09.249.85':139
'21#.#09.133.234':139
'21#.#09.113.173':139
'21#.#09.176.68':139
'21#.#09.247.234':139
'21#.#09.251.253':139
'21#.#09.32.12':139
'21#.#09.88.184':445
'21#.#09.183.117':445
'21#.#09.43.89':445
'21#.#09.197.92':445
'21#.#09.84.20':445
'21#.#09.82.193':445
'21#.#09.134.228':445
'21#.#09.253.118':445
'21#.#09.220.230':445
'21#.#09.176.193':445
'21#.#09.95.159':445
'21#.#09.247.105':445
'21#.#09.124.180':445
'21#.#09.114.186':445
'21#.#09.19.148':445
'21#.#09.41.249':445
'21#.#09.212.235':445
'21#.#09.200.80':445
'21#.#09.249.199':445
'21#.#09.85.177':139
'21#.#09.19.148':139
'21#.#09.134.228':139
'21#.#09.247.105':139
'21#.#09.37.140':139
'21#.#09.200.80':139
'21#.#09.212.235':139
'21#.#09.176.193':139
'21#.#09.249.199':139
'21#.#09.41.249':139
'21#.#09.95.159':139
'21#.#09.99.48':139
'21#.#09.105.124':139
'21#.#09.29.249':139
'21#.#09.223.172':139
'21#.#09.48.11':139
'21#.#09.124.180':139
'21#.#09.114.186':139
'21#.#09.135.30':139
'21#.#09.202.178':139
'21#.#09.100.107':139
'21#.#09.168.57':139
'21#.#09.64.88':139
'21#.#09.24.57':139
'21#.#09.107.191':139
'21#.#09.29.162':139
'21#.#09.17.161':139
'21#.#09.188.44':139
'21#.#09.13.234':139
'21#.#09.191.73':139
'21#.#09.253.118':139
'21#.#09.197.92':139
'21#.#09.84.20':139
'21#.#09.82.193':139
'21#.#09.220.230':139
'21#.#09.43.89':139
'21#.#09.88.43':139
'21#.#09.183.117':139
'21#.#09.88.184':139
'21#.#09.124.249':9988
'21#.#09.29.162':9988
'21#.#09.191.11':9988
'21#.#09.234.238':9988
'21#.#09.251.253':9988
'21#.#09.17.161':9988
'21#.#09.249.85':9988
'21#.#09.110.15':9988
'21#.#09.13.234':9988
'21#.#09.183.117':9988
'21#.#09.99.48':9988
'21#.#09.85.177':9988
'21#.#09.200.80':9988
'21#.#09.41.249':9988
'21#.#09.105.124':9988
'21#.#09.113.173':9988
'21#.#09.82.193':9988
'21#.#09.88.43':9988
'21#.#09.188.44':9988
'21#.#09.48.11':9988
'21#.#09.135.30':9988
'21#.#09.95.159':9988
'21#.#09.88.184':9988
'21#.#09.223.172':9988
'21#.#09.84.20':9988
'21#.#09.24.42':139
'21#.#09.176.193':9988
'21#.#09.247.105':9988
'21#.#09.253.118':9988
'21#.#09.64.88':9988
'21#.#09.24.57':9988
'21#.#09.100.107':9988
'21#.#09.29.222':9988
'21#.#09.133.234':9988
'21#.#09.176.68':9988
'21#.#09.249.199':9988
'21#.#09.168.57':9988
'21#.#09.32.12':9988
'21#.#09.212.235':9988
'21#.#09.249.85':445
'21#.#09.188.44':445
'21#.#09.17.161':445
'21#.#09.133.234':445
'21#.#09.124.249':445
'21#.#09.29.222':445
'21#.#09.251.253':445
'21#.#09.113.173':445
'21#.#09.191.11':445
'21#.#09.13.234':445
'21#.#09.191.73':445
'21#.#09.88.43':445
'21#.#09.37.140':445
'21#.#09.64.88':445
'21#.#09.24.57':445
'21#.#09.107.191':445
'21#.#09.85.177':445
'21#.#09.168.57':445
'21#.#09.100.107':445
'21#.#09.220.230':9988
'21#.#09.37.140':9988
'21#.#09.43.89':9988
'21#.#09.134.228':9988
'21#.#09.29.249':9988
'21#.#09.114.186':9988
'21#.#09.19.148':9988
'21#.#09.124.180':9988
'21#.#09.191.73':9988
'21#.#09.197.92':9988
'21#.#09.29.162':445
'21#.#09.110.15':445
'21#.#09.247.234':445
'21#.#09.32.12':445
'21#.#09.176.68':445
'21#.#09.202.178':9988
'21#.#09.107.191':9988
'21#.#09.234.238':445
'21#.#09.247.234':9988

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней