ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader23.50317

Добавлен в вирусную базу Dr.Web: 2017-01-28

Описание добавлено:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28457' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12106' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1902' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32447' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22244' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5892' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18319' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30745' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14394' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4190' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1967' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24532' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8180' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6683' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23100' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12897' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10674' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '470' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16887' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29313' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9818' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32382' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16031' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19110' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2758' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26169' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20607' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6934' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29498' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13147' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17072' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '721' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23285' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29563' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9222' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31786' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15435' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19360' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3009' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25573' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18709' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8506' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24922' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27356' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20672' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10468' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14719' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27210' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10859' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27275' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31136' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20932' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4581' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27025' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9307' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25723' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15520' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19445' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3094' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19510' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31937' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11595' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28011' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17808' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21733' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5382' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21798' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21148' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10944' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27361' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31286' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14934' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4731' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11009' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23436' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13232' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29649' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '806' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17222' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7019' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1457' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2042' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18459' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8321' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6033' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28597' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12246' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24737' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4395' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20812' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4461' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8386' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30950' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14599' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13883' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30299' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20096' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24021' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7670' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30234' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3745' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16171' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5968' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22384' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26309' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9958' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32522' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31851' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32161' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24886' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32586' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2272' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29392' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20350' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17461' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13541' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31965' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '879' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2922' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19654' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12379' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3389' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9602' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1742' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29879' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29944' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19740' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10558' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5206' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24086' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1110' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19180' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19690' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12416' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10867' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '327' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16744' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6541' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24279' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13415' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11712' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29105' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21125' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4773' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23500' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18902' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8698' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14911' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29651' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29967' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31398' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9610' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21366' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22136' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30607' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28940' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3166' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19247' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29947' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22216' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31368' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7184' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32437' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16086' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30475' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9807' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26224' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9873' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14123' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26549' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10198' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32763' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3920' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20336' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10133' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11510' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1306' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17723' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21648' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5297' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27861' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1371' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13798' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3594' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20011' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23936' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7585' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30149' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16411' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17062' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '711' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23275' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21052' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10849' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27265' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6924' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11174' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '971' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17387' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29488' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4961' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27526' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28903' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18699' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2348' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6208' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22624' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28837' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18764' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31191' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20987' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4636' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8561' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24977' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14774' = '<Full path to file>'
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Executes the following:
  • 'C:\lsass.exe' exe <Full path to file>
Modifies file system:
Creates the following files:
  • C:\lsass.exe
Network activity:
Connects to:
  • '84.##8.198.129':3128
  • '79.##2.82.233':3128
  • '84.##0.49.72':3128
  • '78.#8.23.20':3128
  • '20#.#31.186.98':3128
  • '77.#48.49.9':3128
  • '81.##0.210.162':3128
  • '95.#5.143.5':3128
  • '93.##4.48.144':3128
  • '89.#3.29.65':3128
  • '79.##8.128.156':3128
  • '89.##.151.49':3128
  • '81.##.244.227':3128
  • '92.#3.25.11':3128
  • '78.#3.71.68':3128
  • '24.##1.13.11':3128
  • '88.##6.109.207':3128
  • '88.##6.21.64':3128
  • '78.##.13.101':3128
  • '86.##1.168.70':3128
  • '79.##5.135.107':3128
  • '19#.#6.201.92':3128
  • '86.##7.8.127':3128
  • '89.##3.129.12':3128
  • '86.##2.65.81':3128
  • '20#.#42.123.167':3128
  • '77.#8.37.43':3128
  • '19#.#7.191.83':3128
  • '81.##2.186.240':3128
  • '80.##0.29.111':3128
  • '88.##4.158.30':3128
  • '24.##3.68.216':3128
  • '20#.#4.195.242':3128
  • '85.#5.5.224':3128
  • '78.##.187.223':3128
  • '82.##4.121.182':3128
  • '94.##0.163.13':3128
  • '86.##6.42.38':3128
  • '85.##.215.24':3128
  • '89.##7.223.179':3128
  • '78.##.214.119':3128
  • '82.##9.64.61':3128
  • '19#.#6.170.247':3128
  • '87.#9.66.85':3128
  • '89.##.200.80':3128
  • '89.##8.244.109':3128
  • '95.##1.76.208':3128
  • '77.##.194.210':3128
  • '19#.#6.56.94':3128
  • '19#.#84.44.18':3128
  • '66.##0.96.64':3128
  • '94.##1.36.144':3128
  • '21#.#42.72.166':3128
  • '19#.#6.240.229':3128
  • '78.##.125.29':3128
  • '78.#3.65.7':3128
  • '95.##4.89.51':3128
  • '86.#3.157.9':3128
  • '89.##5.80.149':3128
  • '77.##2.81.175':3128
  • '21#.#5.124.34':3128
  • '83.##1.105.189':3128
  • '21#.#43.70.81':3128
  • '67.##0.38.123':3128
  • '89.##5.38.160':3128
  • '88.##3.57.97':3128
  • '95.##.179.47':3128
  • '19#.#7.201.7':3128
  • '89.##.246.40':3128
  • '89.##.246.232':3128
  • '21#.#34.6.228':3128
  • '81.##0.98.254':3128
  • '85.##7.169.177':3128
  • '85.##0.110.121':3128
  • '99.##6.134.64':3128
  • '92.##5.249.205':3128
  • '88.##6.17.13':3128
  • '89.##2.103.153':3128
  • '95.##4.44.71':3128
  • '89.##5.212.210':3128
  • '85.#7.2.95':3128
  • '21#.#0.222.59':3128
  • '89.##.231.221':3128
  • '62.##1.152.90':3128
  • '89.##.249.95':3128
  • '87.##1.122.102':3128
  • '89.##.204.162':3128
  • '86.##5.197.46':3128
  • '20#.#1.105.100':3128
  • '19#.#3.91.155':3128
  • '89.##7.66.162':3128
  • '88.##6.154.35':3128
  • '89.##.73.148':3128
  • '79.#39.0.32':3128
  • '78.##.51.194':3128
  • '92.##5.184.157':3128
  • '21#.#6.140.181':3128
  • '59.##.239.197':3128
  • '77.##9.25.140':3128
  • '20#.82.33.1':3128
  • 'localhost':3
  • '21#.#04.96.180':3128
  • '91.##.69.223':3128
  • '94.##0.210.75':3128
  • '89.##.140.72':3128
  • '89.##.210.166':3128
  • '93.##3.47.104':3128
  • '19#.#7.71.101':3128
  • '82.##6.228.62':3128
  • '83.##5.175.196':3128
  • '79.#0.98.34':3128
  • '19#.#7.70.235':3128
  • '85.#5.20.84':3128
  • '94.##2.80.61':3128
  • '94.##2.2.176':3128
  • '82.##1.195.46':3128
  • '85.##9.136.178':3128
  • '19#.#5.178.57':3128
  • '88.##3.149.23':3128
  • '65.##.113.221':3128
  • '89.##6.166.36':3128
  • '84.##.152.85':3128
  • '20#.#.14.144':3128
  • '86.##2.65.36':3128
  • '93.##3.183.141':3128
  • '19#.#9.97.28':3128
  • '93.##5.121.169':3128
  • '64.#6.51.27':3128
  • '19#.#5.238.98':3128
  • '82.##2.146.90':3128
  • '80.##.90.181':3128
  • '79.##9.48.211':3128
  • '87.##0.191.77':3128
  • '77.##.224.13':3128
  • '20#.#41.194.137':3128
  • '85.##.196.109':3128
  • '89.##.96.111':3128
  • '89.##.56.142':3128
  • '87.##0.81.241':3128
  • '78.##.94.112':3128
  • '95.##.248.19':3128
  • '21#.#10.10.154':3128
  • '85.#7.2.164':3128
  • '20#.#10.218.121':3128
  • '89.##0.71.27':3128
  • '77.##.63.169':3128
  • '78.#0.40.95':3128
  • '94.#6.61.16':3128
  • '89.##5.69.248':3128
  • '65.##.103.110':3128
  • '88.##2.11.164':3128
  • '21#.#67.4.208':3128
  • '89.##5.102.133':3128
  • '84.##7.21.73':3128
  • '85.##8.61.184':3128
  • '19#.#8.222.77':3128
  • '20#.#7.207.94':3128
  • '19#.#7.185.109':3128
  • '89.##3.228.187':3128
  • '86.##7.230.165':3128
  • '88.##4.19.39':3128
  • '94.##8.100.237':3128
  • '86.##6.214.14':3128
  • '92.##5.57.228':3128
  • '82.##3.148.199':3128
  • '66.##.113.90':3128
  • '94.##0.27.69':3128
  • '20#.#08.124.27':3128
  • '92.##4.122.161':3128
  • '78.##.226.90':3128
  • '82.##.71.245':3128
  • '95.##5.74.112':3128
  • '77.##.10.109':3128
  • '89.##8.27.76':3128
  • '85.##6.24.122':3128
  • '77.##.242.162':3128
  • '81.##.237.207':3128
  • '85.##.54.190':3128
  • '24.##.179.226':3128
  • '20#.#2.173.244':3128
  • '89.##.96.203':3128
  • '19#.#99.71.211':3128
  • '19#.#10.41.194':3128
  • '82.##.110.189':3128
  • '87.##8.31.228':3128
  • '82.##5.65.226':3128
  • '89.##.170.114':3128
  • '89.##9.131.61':3128
  • '89.##5.186.233':3128
  • '87.##1.26.10':3128
  • '21#.#13.242.249':3128
  • '86.##2.176.149':3128
  • '88.##9.142.24':3128
  • '78.##.134.80':3128
  • '89.##.84.247':3128
  • '78.##.183.96':3128
  • '82.##4.121.252':3128
  • '80.#40.9.22':3128
  • '77.##1.107.150':3128
  • '93.##7.179.67':3128
  • '85.##3.229.132':3128
  • '95.##4.25.120':3128
  • '22#.#3.79.36':3128
  • '62.##9.108.253':3128
  • '78.##.161.92':3128
  • '86.##7.244.21':3128
  • '81.##.243.145':3128
  • '93.##4.149.148':3128
  • '89.##1.88.61':3128
  • '93.##5.62.162':3128
  • '78.#4.94.57':3128
  • '95.##4.57.160':3128
  • '82.#9.87.66':3128
  • '82.##.244.191':3128
  • '20#.#32.79.74':3128
  • '94.##6.73.229':3128
  • '84.##1.228.19':3128
  • '86.##6.70.10':3128
  • '85.#7.70.81':3128
  • '89.##.92.121':3128
  • '78.##9.172.151':3128
  • '95.##4.15.177':3128
  • '77.##0.128.227':3128
  • '85.##.35.246':3128
  • '95.##.234.90':3128
  • '87.##.219.200':3128
  • '85.##7.161.146':3128
  • '77.##9.15.42':3128
  • '87.##1.88.225':3128
  • '89.##5.183.10':3128
  • '87.##6.133.225':3128
  • '89.#7.139.2':3128
  • '61.##.142.64':3128
  • '84.##.157.33':3128
  • '93.##.209.115':3128
  • '68.##1.35.204':3128
  • '20#.#74.220.109':3128
  • '66.##9.154.228':3128
  • '21#.#1.224.139':3128
  • '20#.#60.198.123':3128
  • '78.##.173.86':3128
  • '94.##4.251.102':3128
  • '89.#7.80.47':3128
  • '78.##9.181.129':3128
  • '78.##9.158.45':3128
  • '82.##9.227.107':3128
  • '24.##.42.198':3128
  • '93.##3.87.174':3128
  • '89.##1.9.132':3128
  • '78.##.203.15':3128
  • '89.##.237.194':3128
  • '88.##1.165.236':3128
  • '77.#1.12.40':3128
  • '85.##.165.64':3128
  • '89.##.58.226':3128
  • '81.##.229.60':3128
  • '89.#8.18.52':3128
  • '19#.#13.131.137':3128
  • '93.##4.127.147':3128
  • '90.##1.62.225':3128
  • '88.##6.115.210':3128
  • '84.##.72.249':3128
  • '86.##0.188.39':3128
  • '95.##4.14.172':3128
  • '88.##6.52.149':3128
  • '90.##9.156.86':3128
  • '89.##.62.113':3128
  • '78.##.212.193':3128
  • '86.##5.193.73':3128
  • '79.##9.88.158':3128
  • '19#.#08.74.169':3128
  • '85.##.248.60':3128
  • '21#.#47.44.177':3128
  • '86.##7.17.218':3128
  • '94.##0.137.33':3128
  • '21#.#7.152.251':3128
  • '83.##.199.159':3128
  • '91.##.240.214':3128
  • '94.##3.76.221':3128
  • '72.##2.234.181':3128
  • '70.##.209.65':3128
  • '84.##.176.211':3128
  • '86.##6.70.157':3128
  • '41.##7.136.116':3128
  • '91.##7.214.91':3128
  • '82.##4.193.130':3128
  • '81.##.251.229':3128
  • '85.##.154.175':3128
  • '78.##.144.42':3128
  • '20#.#48.53.132':3128
  • '89.##9.62.107':3128
  • '89.##6.52.69':3128
  • '95.#5.191.8':3128
  • '66.##8.18.139':3128
  • '92.##5.117.9':3128
  • '80.##.10.227':3128
  • '78.##.161.61':3128
  • '60.##3.177.246':3128
  • '86.##6.93.160':3128
  • '86.##.136.211':3128
  • '78.##.115.72':3128
TCP:
HTTP POST requests:
  • http://77.##.63.169/+3749.html
  • http://89.##5.69.248/+3749.html
  • http://85.#7.2.164/+3749.html
  • http://89.##0.71.27/+3749.html
  • http://21#.#10.10.154/+3749.html
  • http://65.##.103.110/+3749.html
  • http://85.##.196.109/+3749.html
  • http://87.##0.191.77/+3749.html
  • http://20#.#41.194.137/+3749.html
  • http://78.#0.40.95/+3749.html
  • http://94.#6.61.16/+3749.html
  • http://20#.#10.218.121/+3749.html
  • http://94.##2.80.61/+3749.html
  • http://94.##2.2.176/+3749.html
  • http://85.##9.136.178/+3749.html
  • http://19#.#5.238.98/+3749.html
  • http://82.##1.195.46/+3749.html
  • http://19#.#5.178.57/+3749.html
  • http://65.##.113.221/+3749.html
  • http://79.##9.48.211/+3749.html
  • http://88.##3.149.23/+3749.html
  • http://89.##6.166.36/+3749.html
  • http://84.##.152.85/+3749.html
  • http://89.##7.66.162/+3749.html
  • http://89.##2.103.153/+3749.html
  • http://19#.#3.91.155/+3749.html
  • http://88.##6.154.35/+3749.html
  • http://89.##.73.148/+3749.html
  • http://95.##4.44.71/+3749.html
  • http://89.##.231.221/+3749.html
  • http://62.##1.152.90/+3749.html
  • http://89.##5.212.210/+3749.html
  • http://92.##5.249.205/+3749.html
  • http://88.##6.17.13/+3749.html
  • http://20#.#1.105.100/+3749.html
  • http://95.##.248.19/+3749.html
  • http://89.##.56.142/+3749.html
  • http://78.##.94.112/+3749.html
  • http://77.##.224.13/+3749.html
  • http://89.##.96.111/+3749.html
  • http://87.##0.81.241/+3749.html
  • http://89.##.249.95/+3749.html
  • http://87.##1.122.102/+3749.html
  • http://86.##5.197.46/+3749.html
  • http://85.#5.20.84/+3749.html
  • http://89.##.204.162/+3749.html
  • http://64.#6.51.27/+3749.html
  • http://20#.#31.186.98/+3749.html
  • http://95.#5.143.5/+3749.html
  • http://79.##2.82.233/+3749.html
  • http://78.#8.23.20/+3749.html
  • http://84.##8.198.129/+3749.html
  • http://93.##4.48.144/+3749.html
  • http://88.##4.158.30/+3749.html
  • http://24.##3.68.216/+3749.html
  • http://78.##.13.101/+3749.html
  • http://77.#48.49.9/+3749.html
  • http://81.##0.210.162/+3749.html
  • http://84.##0.49.72/+3749.html
  • http://81.##.244.227/+3749.html
  • http://89.#3.29.65/+3749.html
  • http://89.##.151.49/+3749.html
  • http://67.##0.38.123/+3749.html
  • http://86.##6.42.38/+3749.html
  • http://79.##8.128.156/+3749.html
  • http://78.#3.71.68/+3749.html
  • http://24.##1.13.11/+3749.html
  • http://88.##6.21.64/+3749.html
  • http://92.#3.25.11/+3749.html
  • http://88.##6.109.207/+3749.html
  • http://20#.#42.123.167/+3749.html
  • http://93.##3.183.141/+3749.html
  • http://86.##2.65.81/+3749.html
  • http://77.#8.37.43/+3749.html
  • http://19#.#7.191.83/+3749.html
  • http://19#.#9.97.28/+3749.html
  • http://82.##2.146.90/+3749.html
  • http://80.##.90.181/+3749.html
  • http://93.##5.121.169/+3749.html
  • http://86.##2.65.36/+3749.html
  • http://20#.#.14.144/+3749.html
  • http://89.##3.129.12/+3749.html
  • http://82.##4.121.182/+3749.html
  • http://94.##0.163.13/+3749.html
  • http://20#.#4.195.242/+3749.html
  • http://81.##2.186.240/+3749.html
  • http://80.##0.29.111/+3749.html
  • http://85.#5.5.224/+3749.html
  • http://86.##1.168.70/+3749.html
  • http://79.##5.135.107/+3749.html
  • http://86.##7.8.127/+3749.html
  • http://78.##.187.223/+3749.html
  • http://19#.#6.201.92/+3749.html
  • http://85.#7.2.95/+3749.html
  • http://20#.82.33.1/+16385.html
  • http://84.##.176.211/+16385.html
  • http://91.##.69.223/+16385.html
  • http://86.##7.244.21/+16385.html
  • http://78.#3.65.7/+16385.html
  • http://92.##5.117.9/+16385.html
  • http://20#.#48.53.132/+16385.html
  • http://78.##.214.119/+16385.html
  • http://82.##3.148.199/+16385.html
  • http://82.##5.65.226/+16385.html
  • http://89.##5.183.10/+16385.html
  • http://77.##0.128.227/+16385.html
  • http://79.#39.0.32/+16385.html
  • http://21#.#0.222.59/+16385.html
  • http://85.#7.2.164/+16385.html
  • http://78.##.125.29/+16385.html
  • http://19#.#3.91.155/+16385.html
  • http://94.##8.100.237/+16385.html
  • http://82.##.110.189/+16385.html
  • http://21#.#47.44.177/+16385.html
  • http://60.##3.177.246/+16385.html
  • http://87.##0.191.77/+16385.html
  • http://20#.#60.198.123/+16385.html
  • http://88.##6.52.149/+16385.html
  • http://93.##5.62.162/+16385.html
  • http://84.##0.49.72/+16385.html
  • http://21#.#67.4.208/+16385.html
  • http://95.##4.15.177/+16385.html
  • http://93.##.209.115/+16385.html
  • http://94.##4.251.102/+16385.html
  • http://86.##6.214.14/+16385.html
  • http://84.##.157.33/+16385.html
  • http://91.##7.214.91/+16385.html
  • http://20#.#.14.144/+16385.html
  • http://19#.#7.70.235/+16385.html
  • http://89.##.246.40/+16385.html
  • http://78.##.203.15/+16385.html
  • http://24.##3.68.216/+16385.html
  • http://86.##6.70.157/+16385.html
  • http://89.##5.69.248/+16385.html
  • http://89.##5.102.133/+16385.html
  • http://84.##.72.249/+16385.html
  • http://62.##9.108.253/+16385.html
  • http://78.##9.172.151/+16385.html
  • http://94.#6.61.16/+16385.html
  • http://77.##.194.210/+16385.html
  • http://82.##.244.191/+16385.html
  • http://77.##9.25.140/+3749.html
  • http://21#.#04.96.180/+3749.html
  • http://92.##5.184.157/+3749.html
  • http://59.##.239.197/+3749.html
  • http://78.##.51.194/+3749.html
  • http://91.##.69.223/+3749.html
  • http://93.##4.149.148/+16385.html
  • http://80.##0.29.111/+16385.html
  • http://86.#3.157.9/+16385.html
  • http://20#.82.33.1/+3749.html
  • http://21#.#5.124.34/+3749.hhttp://22281988.22281988.4243016.0:3128http://212.55.124.34:3128/+3749.hhttp://22281988.2228198 ��|�
  • http://21#.#6.140.181/+3749.html
  • http://93.##3.47.104/+3749.html
  • http://94.##0.210.75/+3749.html
  • http://89.##.210.166/+3749.html
  • http://21#.#0.222.59/+3749.html
  • http://79.#39.0.32/+3749.html
  • http://89.##.140.72/+3749.html
  • http://82.##6.228.62/+3749.html
  • http://83.##5.175.196/+3749.html
  • http://19#.#7.70.235/+3749.html
  • http://19#.#7.71.101/+3749.html
  • http://79.#0.98.34/+3749.html
  • http://79.##8.128.156/+16385.html
  • http://21#.#7.152.251/+16385.html
  • http://85.#5.20.84/+16385.html
  • http://93.##4.48.144/+16385.html
  • http://93.##5.121.169/+16385.html
  • http://86.##2.176.149/+16385.html
  • http://85.##.165.64/+16385.html
  • http://81.##0.98.254/+16385.html
  • http://82.##4.121.182/+16385.html
  • http://81.##.243.145/+16385.html
  • http://82.##2.146.90/+16385.html
  • http://95.##4.25.120/+16385.html
  • http://77.##.63.169/+16385.html
  • http://92.##4.122.161/+16385.html
  • http://86.##7.8.127/+16385.html
  • http://68.##1.35.204/+16385.html
  • http://89.##7.66.162/+16385.html
  • http://24.##1.13.11/+16385.html
  • http://21#.#5.124.34/+16385.html
  • http://89.##5.38.160/+16385.html
  • http://89.##.237.194/+16385.html
  • http://81.##.229.60/+16385.html
  • http://88.##3.149.23/+16385.html
  • http://89.##.170.114/+3749.html
  • http://89.##9.131.61/+3749.html
  • http://82.##.110.189/+3749.html
  • http://20#.#2.173.244/+3749.html
  • http://89.##.96.203/+3749.html
  • http://87.##8.31.228/+3749.html
  • http://82.##.71.245/+3749.html
  • http://95.##5.74.112/+3749.html
  • http://89.##8.27.76/+3749.html
  • http://82.##5.65.226/+3749.html
  • http://77.##.10.109/+3749.html
  • http://19#.#10.41.194/+3749.html
  • http://89.##5.102.133/+3749.html
  • http://19#.#8.222.77/+3749.html
  • http://21#.#67.4.208/+3749.html
  • http://85.##8.61.184/+3749.html
  • http://92.##4.122.161/+3749.html
  • http://20#.#7.207.94/+3749.html
  • http://89.##3.228.187/+3749.html
  • http://19#.#99.71.211/+3749.html
  • http://86.##7.230.165/+3749.html
  • http://19#.#7.185.109/+3749.html
  • http://78.##.226.90/+3749.html
  • http://88.##6.52.149/+3749.html
  • http://89.##.62.113/+3749.html
  • http://78.##.212.193/+3749.html
  • http://94.##3.76.221/+3749.html
  • http://72.##2.234.181/+3749.html
  • http://90.##9.156.86/+3749.html
  • http://79.##9.88.158/+3749.html
  • http://19#.#08.74.169/+3749.html
  • http://21#.#47.44.177/+3749.html
  • http://86.##5.193.73/+3749.html
  • http://85.##.248.60/+3749.html
  • http://84.##.176.211/+3749.html
  • http://77.##.242.162/+3749.html
  • http://81.##.237.207/+3749.html
  • http://24.##.179.226/+3749.html
  • http://85.##6.24.122/+3749.html
  • http://85.##.54.190/+3749.html
  • http://21#.#7.152.251/+3749.html
  • http://91.##.240.214/+3749.html
  • http://70.##.209.65/+3749.html
  • http://94.##0.137.33/+3749.html
  • http://83.##.199.159/+3749.html
  • http://86.##7.17.218/+3749.html
  • http://84.##7.21.73/+3749.html
  • http://78.##.134.80/+3749.html
  • http://78.##.183.96/+3749.html
  • http://80.#40.9.22/+3749.html
  • http://82.##4.121.252/+3749.html
  • http://87.##1.26.10/+3749.html
  • http://89.##.84.247/+3749.html
  • http://85.#7.70.81/+3749.html
  • http://77.##0.128.227/+3749.html
  • http://87.##.219.200/+3749.html
  • http://93.##4.149.148/+3749.html
  • http://86.##6.70.10/+3749.html
  • http://21#.#13.242.249/+3749.html
  • http://81.##.243.145/+3749.html
  • http://62.##9.108.253/+3749.html
  • http://22#.#3.79.36/+3749.html
  • http://77.##1.107.150/+3749.html
  • http://93.##7.179.67/+3749.html
  • http://78.##.161.92/+3749.html
  • http://95.##4.25.120/+3749.html
  • http://86.##7.244.21/+3749.html
  • http://88.##9.142.24/+3749.html
  • http://85.##3.229.132/+3749.html
  • http://86.##2.176.149/+3749.html
  • http://78.##9.172.151/+3749.html
  • http://92.##5.57.228/+3749.html
  • http://86.##6.214.14/+3749.html
  • http://20#.#32.79.74/+3749.html
  • http://89.##5.186.233/+3749.html
  • http://88.##4.19.39/+3749.html
  • http://66.##.113.90/+3749.html
  • http://94.##0.27.69/+3749.html
  • http://94.##8.100.237/+3749.html
  • http://82.##3.148.199/+3749.html
  • http://20#.#08.124.27/+3749.html
  • http://82.##.244.191/+3749.html
  • http://95.##.234.90/+3749.html
  • http://85.##.35.246/+3749.html
  • http://95.##4.15.177/+3749.html
  • http://94.##6.73.229/+3749.html
  • http://89.##.92.121/+3749.html
  • http://78.#4.94.57/+3749.html
  • http://82.#9.87.66/+3749.html
  • http://84.##1.228.19/+3749.html
  • http://93.##5.62.162/+3749.html
  • http://95.##4.57.160/+3749.html
  • http://89.##1.88.61/+3749.html
  • http://92.##5.117.9/+3749.html
  • http://78.##.125.29/+3749.html
  • http://78.#3.65.7/+3749.html
  • http://94.##1.36.144/+3749.html
  • http://77.##.194.210/+3749.html
  • http://19#.#6.56.94/+3749.html
  • http://21#.#42.72.166/+3749.html
  • http://85.##.215.24/+3749.html
  • http://89.##7.223.179/+3749.html
  • http://82.##9.64.61/+3749.html
  • http://19#.#6.240.229/+3749.html
  • http://78.##.214.119/+3749.html
  • http://66.##0.96.64/+3749.html
  • http://24.##.42.198/+3749.html
  • http://78.##.203.15/+3749.html
  • http://82.##9.227.107/+3749.html
  • http://88.##6.115.210/+3749.html
  • http://89.##1.9.132/+3749.html
  • http://77.#1.12.40/+3749.html
  • http://88.##2.11.164/+3749.html
  • http://19#.#84.44.18/+3749.html
  • http://88.##1.165.236/+3749.html
  • http://85.##.165.64/+3749.html
  • http://89.##.237.194/+3749.html
  • http://77.##2.81.175/+3749.html
  • http://21#.#5.124.34/+3749.html
  • http://85.##7.169.177/+3749.html
  • http://99.##6.134.64/+3749.html
  • http://81.##0.98.254/+3749.html
  • http://86.#3.157.9/+3749.html
  • http://88.##3.57.97/+3749.html
  • http://21#.#43.70.81/+3749.html
  • http://89.##5.38.160/+3749.html
  • http://89.##5.80.149/+3749.html
  • http://83.##1.105.189/+3749.html
  • http://85.##0.110.121/+3749.html
  • http://89.##.200.80/+3749.html
  • http://87.#9.66.85/+3749.html
  • http://95.##1.76.208/+3749.html
  • http://19#.#6.170.247/+3749.html
  • http://89.##8.244.109/+3749.html
  • http://95.##4.89.51/+3749.html
  • http://19#.#7.201.7/+3749.html
  • http://21#.#34.6.228/+3749.html
  • http://95.##.179.47/+3749.html
  • http://89.##.246.40/+3749.html
  • http://89.##.246.232/+3749.html
  • http://93.##3.87.174/+3749.html
  • http://89.##6.52.69/+3749.html
  • http://78.##.144.42/+3749.html
  • http://89.##9.62.107/+3749.html
  • http://91.##7.214.91/+3749.html
  • http://85.##.154.175/+3749.html
  • http://20#.#48.53.132/+3749.html
  • http://68.##1.35.204/+3749.html
  • http://20#.#74.220.109/+3749.html
  • http://21#.#1.224.139/+3749.html
  • http://95.##4.14.172/+3749.html
  • http://66.##9.154.228/+3749.html
  • http://41.##7.136.116/+3749.html
  • http://66.##8.18.139/+3749.html
  • http://78.##.161.61/+3749.html
  • http://95.#5.191.8/+3749.html
  • http://86.##6.70.157/+3749.html
  • http://80.##.10.227/+3749.html
  • http://86.##.136.211/+3749.html
  • http://60.##3.177.246/+3749.html
  • http://81.##.251.229/+3749.html
  • http://82.##4.193.130/+3749.html
  • http://78.##.115.72/+3749.html
  • http://86.##6.93.160/+3749.html
  • http://89.#8.18.52/+3749.html
  • http://19#.#13.131.137/+3749.html
  • http://78.##9.158.45/+3749.html
  • http://89.#7.139.2/+3749.html
  • http://61.##.142.64/+3749.html
  • http://89.##.58.226/+3749.html
  • http://86.##0.188.39/+3749.html
  • http://90.##1.62.225/+3749.html
  • http://84.##.72.249/+3749.html
  • http://93.##4.127.147/+3749.html
  • http://81.##.229.60/+3749.html
  • http://93.##.209.115/+3749.html
  • http://78.##.173.86/+3749.html
  • http://94.##4.251.102/+3749.html
  • http://78.##9.181.129/+3749.html
  • http://20#.#60.198.123/+3749.html
  • http://89.#7.80.47/+3749.html
  • http://87.##1.88.225/+3749.html
  • http://87.##6.133.225/+3749.html
  • http://84.##.157.33/+3749.html
  • http://85.##7.161.146/+3749.html
  • http://89.##5.183.10/+3749.html
  • http://77.##9.15.42/+3749.html

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play