Техническая информация
Для обеспечения автозапуска и распространения:
Создает или изменяет следующие файлы:
- %WINDIR%\Tasks\SA.DAT
Вредоносные функции:
Запускает на исполнение:
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\dumprep.exe' 1132 -dm 7 7 %TEMP%\WER5c1e.dir00\svchost.exe.mdmp 16325836412029208
Изменения в файловой системе:
Создает следующие файлы:
- %CommonProgramFiles%\Microsoft Shared\Stationery\bcwvzwbh.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\czjevcet.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\qjllsjhl.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\vkjljzrn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bhrhnkht.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\xrljqjzn.exe
Сетевая активность:
Подключается к:
- '59.##3.5.185':139
- '59.##3.120.5':139
- '59.##3.177.104':139
- '59.##3.184.177':139
- '59.##3.87.143':139
- '59.##3.22.75':139
- '59.##3.27.26':139
- '59.##3.150.188':139
- '59.##3.226.168':139
- '59.##3.6.227':139
- '59.##3.74.167':139
- '59.##3.168.74':139
- '59.##3.68.108':139
- '59.##3.178.91':139
- '59.##3.181.7':139
- '59.##3.108.238':139
- '59.##3.152.197':139
- '59.##3.139.155':139
- '59.##3.113.124':139
- '59.##3.12.145':445
- '59.##3.184.146':445
- '59.##3.191.180':445
- '59.##3.237.13':445
- '59.##3.29.80':445
- '59.##3.12.145':139
- '59.##3.242.174':139
- '59.##3.21.51':139
- '59.##3.183.120':139
- '59.##3.11.245':139
- '59.##3.221.33':139
- '59.##3.174.183':139
- '59.##3.121.119':139
- '59.##3.45.173':139
- '59.##3.196.73':445
- '59.##3.45.243':9988
- '59.##3.190.25':445
- '59.##3.12.204':445
- '59.##3.29.80':139
- '59.##3.184.146':139
- '59.##3.42.158':9988
- '59.##3.237.13':139
- '59.##3.26.89':445
- '59.##3.14.187':445
- '59.##3.66.123':445
- '59.##3.66.108':445
- '59.##3.58.198':445
- '59.##3.64.250':445
- '59.##3.32.61':445
- '59.##3.157.210':445
- '59.##3.52.157':139
- '59.##3.83.99':139
- '59.##3.124.227':139
- '59.#03.67.1':139
- '59.##3.82.195':139
- '59.##3.64.85':139
- '59.##3.161.111':139
- '59.##3.237.160':139
- '59.##3.211.82':139
- '59.##3.205.234':139
- '59.##3.191.180':139
- '59.##3.12.93':139
- '59.#03.1.26':139
- '59.##3.227.40':139
- '59.##3.130.206':139
- '59.#03.81.2':139
- '59.##3.12.93':445
- '59.##3.187.214':139
- '59.##3.106.187':139
- '59.##3.158.139':139
- '59.##3.218.37':139
- '59.##3.218.37':445
- '59.##3.187.214':445
- '59.##3.189.106':139
- '59.##3.158.139':445
- '59.##3.21.51':445
- '59.##3.221.33':445
- '59.##3.121.119':445
- '59.##3.174.183':445
- '59.##3.152.197':445
- '59.##3.139.155':445
- '59.##3.11.245':445
- '59.##3.113.124':445
- '59.##3.122.101':139
- '59.##3.0.150':139
- '59.##3.197.31':139
- '59.##3.197.215':139
- '59.##3.141.38':139
- '59.##3.83.153':139
- '59.##3.0.150':445
- '59.##3.54.73':139
- '59.##3.28.96':139
- '59.##3.103.236':139
- '59.##3.106.187':445
- '59.##3.189.106':445
- '59.##3.159.90':139
- '59.##3.22.42':139
- '59.##3.147.202':139
- '59.##3.39.149':139
- '59.##3.183.120':445
- '59.##3.161.111':445
- '59.##3.237.160':445
- '59.##3.52.157':445
- '59.##3.83.99':445
- '59.##3.45.173':445
- '59.##3.74.167':445
- '59.##3.82.195':445
- '59.##3.64.85':445
- '59.##3.130.206':445
- '59.#03.81.2':445
- '59.##3.211.82':445
- '59.##3.205.234':445
- '59.##3.124.227':445
- '59.#03.67.1':445
- '59.#03.1.26':445
- '59.##3.227.40':445
- '59.##3.120.5':445
- '59.##3.27.26':445
- '59.##3.184.177':445
- '59.##3.5.185':445
- '59.##3.22.75':445
- '59.##3.242.174':445
- '59.##3.150.188':445
- '59.##3.87.143':445
- '59.##3.6.227':445
- '59.##3.181.7':445
- '59.##3.168.74':445
- '59.##3.226.168':445
- '59.##3.178.91':445
- '59.##3.177.104':445
- '59.##3.108.238':445
- '59.##3.68.108':445
- '59.##3.28.190':445
- '59.##3.189.188':139
- '59.##3.156.106':139
- '59.##3.157.210':139
- '59.##3.244.44':139
- '59.##3.33.41':139
- '59.##3.196.73':139
- '59.##3.106.46':139
- '59.##3.191.248':139
- '59.##3.64.250':139
- '59.#03.85.3':139
- '59.##3.198.196':139
- '59.##3.25.80':139
- '59.##3.46.17':139
- '59.##3.194.22':139
- '59.##3.140.239':139
- '59.##3.11.112':139
- '59.##3.145.25':139
- '59.##3.250.50':139
- '59.##3.220.135':139
- '59.##3.14.187':139
- '59.##3.251.200':139
- '59.#03.1.43':139
- '59.##3.190.25':139
- '59.##3.28.190':139
- '59.##3.254.179':139
- '59.##3.196.198':139
- '59.##3.131.169':139
- '59.##3.12.204':139
- '59.##3.149.92':139
- '59.##3.58.198':139
- '59.##3.34.199':139
- '59.##3.246.28':139
- '59.##3.113.143':139
- '59.##3.42.158':139
- '59.##3.163.77':139
- '59.##3.206.189':139
- '59.##3.137.0':139
- '59.##3.195.220':139
- '59.##3.45.243':139
- '59.##3.146.238':139
- '59.##3.234.121':139
- '59.##3.158.23':139
- '59.##3.95.228':139
- '59.##3.170.125':139
- '59.##3.8.107':139
- '59.##3.120.243':139
- '59.##3.250.24':139
- '59.##3.72.111':139
- '59.##3.24.168':139
- '59.##3.54.34':139
- '59.##3.77.18':139
- '59.##3.46.246':139
- '59.##3.99.252':139
- '59.##3.108.74':139
- '59.##3.32.61':139
- '59.##3.61.13':139
- '59.##3.241.148':139
- '59.##3.106.217':139
- '59.##3.165.140':139
- '59.##3.87.39':139
- '59.##3.216.67':139
- '59.##3.121.225':139
- '59.##3.20.203':139
- '59.##3.245.201':139
- '59.##3.53.75':139
- '59.##3.75.102':139
- '59.##3.33.41':445
- '59.##3.194.22':445
- '59.#03.85.3':445
- '59.##3.46.17':445
- '59.##3.189.188':445
- '59.##3.244.44':445
- '59.##3.106.46':445
- '59.##3.46.246':445
- '59.##3.220.135':445
- '59.##3.54.34':445
- '59.##3.77.18':445
- '59.##3.149.92':445
- '59.##3.198.196':445
- '59.##3.25.80':445
- '59.##3.99.252':445
- '59.##3.61.13':445
- '59.##3.246.28':445
- '59.##3.250.50':445
- '59.##3.254.179':445
- '59.##3.34.199':445
- '59.##3.21.149':445
- '59.##3.13.29':445
- '59.##3.242.195':445
- '59.##3.196.198':445
- '59.##3.251.200':445
- '59.##3.131.169':445
- '59.##3.156.106':445
- '59.##3.140.239':445
- '59.#03.1.43':445
- '59.##3.191.248':445
- '59.##3.145.25':445
- '59.##3.75.102':445
- '59.##3.241.148':445
- '59.##3.8.107':445
- '59.##3.158.23':445
- '59.##3.72.111':445
- '59.##3.24.168':445
- '59.##3.206.189':445
- '59.##3.250.24':445
- '59.##3.95.228':445
- '59.##3.137.0':445
- '59.##3.21.149':139
- '59.##3.13.29':139
- '59.##3.66.123':139
- '59.##3.242.195':139
- '59.##3.170.125':445
- '59.##3.42.158':445
- '59.##3.26.89':139
- '59.##3.66.108':139
- '59.##3.245.201':445
- '59.##3.20.203':445
- '59.##3.106.217':445
- '59.##3.165.140':445
- '59.##3.113.143':445
- '59.##3.108.74':445
- '59.##3.53.75':445
- '59.##3.121.225':445
- '59.##3.163.77':445
- '59.##3.234.121':445
- '59.##3.146.238':445
- '59.##3.120.243':445
- '59.##3.45.243':445
- '59.##3.216.67':445
- '59.##3.195.220':445
- '59.##3.87.39':445
