ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader26.51191

Добавлен в вирусную базу Dr.Web: 2018-06-16

Описание добавлено:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29908' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10730' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14441' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2231' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5942' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26501' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30212' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16183' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19894' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7685' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11396' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15107' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2898' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27167' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28577' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30878' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1821' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22380' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26091' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13882' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17593' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21304' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9095' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12805' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '596' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4307' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24866' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7019' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6609' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19228' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13328' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15630' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19341' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7132' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10843' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31401' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2344' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22903' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26614' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14405' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18116' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21827' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9618' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1119' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20304' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4830' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8541' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29100' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1898' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22457' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4823' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29879' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '822' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21381' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25092' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12882' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16593' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15517' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24123' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28203' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25645' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8536' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29095' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '38' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20596' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24307' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12098' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15809' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19520' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7311' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11022' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31580' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2523' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26793' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21934' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30504' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18295' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22006' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25717' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13508' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17218' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5009' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8720' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12431' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '222' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3933' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24492' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4825' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27839' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17034' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20412' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13436' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17147' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20858' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8649' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12360' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '150' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3861' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24420' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28131' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15922' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19633' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25199' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1375' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9612' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11914' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15625' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19335' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7126' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10837' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31396' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2339' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6050' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26609' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30320' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18110' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21821' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13323' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6234' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24128' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3236' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32059' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29680' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7635' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21510' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27148' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21207' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22504' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21535' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28618' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12211' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13205' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17208' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11036' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18306' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9395' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17704' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22409' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9082' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3433' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13669' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19599' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18035' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9680' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8855' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7850' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28552' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25047' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23138' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18778' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25767' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12189' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32748' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24250' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31672' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19462' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23173' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26884' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14675' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18386' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6177' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9888' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12558' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30909' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22161' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3757' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8355' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20154' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6197' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21261' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31276' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11716' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7037' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21321' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17902' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6841' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11439' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7425' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14631' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32626' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24651' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15891' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25169' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12960' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16670' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20381' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8172' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28731' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32442' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3385' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23944' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11734' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15445' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14369' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20940' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2160' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5871' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9582' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30140' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17931' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21642' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9433' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13144' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '935' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4646' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8357' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28915' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28101' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20417' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24390' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10920' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21719' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30997' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18787' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22498' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10289' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14000' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1791' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5502' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26061' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29772' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19418' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23129' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25727' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '120' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2421' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6132' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26691' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30402' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18193' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21904' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25615' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13405' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17116' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4907' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8618' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29177' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20679' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15993' = '<Full path to file>'
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Modifies file system:
Creates the following files:
  • C:\lsass.exe
  • <Full path to file>
Network activity:
Connects to:
  • '11#.#44.200.49':3128
  • '18#.#9.43.86':3128
  • '59.##.253.11':3128
  • '20#.#.210.202':3128
  • '20#.#3.36.182':3128
  • '20#.#49.79.28':3128
  • '21#.#72.243.22':3128
  • '12#.#23.25.180':3128
  • '22#.#5.38.121':3128
  • '12#.#25.47.200':3128
  • '62.##1.92.44':3128
  • '18#.28.39.6':3128
  • '12#.#63.8.85':3128
  • '20#.#7.201.124':3128
  • '61.##1.117.245':3128
  • '87.##6.105.67':3128
  • '20#.#14.6.230':3128
  • '11#.#7.223.221':3128
  • '12#.#37.186.82':3128
  • '11#.#1.168.141':3128
  • '12#.#7.48.43':3128
  • '19#.#4.31.25':3128
  • '20#.#07.119.21':3128
  • '11#.75.65.9':3128
  • '20#.#22.146.136':3128
  • '94.##3.248.124':3128
  • '12#.#22.34.145':3128
  • '18#.1.3.65':3128
  • '11#.#2.115.36':3128
  • '59.#4.49.29':3128
  • '58.#.25.46':3128
  • '20#.#71.86.216':3128
  • '11#.#98.48.230':3128
  • '21#.#02.10.234':3128
  • '12#.#71.125.14':3128
  • '78.##.163.34':3128
  • '12#.#44.69.50':3128
  • '12#.#23.131.181':3128
  • '12#.#.209.148':3128
  • '11#.#00.119.120':3128
  • '12#.#37.170.221':3128
  • '21#.#52.106.107':3128
  • '12#.#25.24.247':3128
  • '20#.#0.130.223':3128
  • '84.##1.208.36':3128
  • '12#.#23.61.229':3128
  • '59.##9.161.227':3128
  • '61.##.120.56':3128
  • '12#.#37.93.42':3128
  • '11#.#78.148.190':3128
  • '12#.#44.157.246':3128
  • '11#.#11.185.207':3128
  • '20#.#41.134.135':3128
  • '12#.#7.255.92':3128
  • '18#.#22.160.33':3128
  • '12#.#5.120.255':3128
  • '18#.#9.90.228':3128
  • '12#.#25.92.75':3128
  • '12#.#01.83.10':3128
  • '61.##.228.138':3128
  • '11#.#02.10.14':3128
  • '22#.#5.139.78':3128
  • '11#.#8.135.34':3128
  • '59.##.209.58':3128
  • '12#.#48.2.59':3128
  • '21#.#12.137.67':3128
  • '11#.#03.30.194':3128
  • '21#.#11.225.76':3128
  • '11#.#01.204.54':3128
  • '12#.#36.118.108':3128
  • '11#.#33.20.160':3128
  • '19#.#46.41.66':3128
  • '18#.#0.190.44':3128
  • '18#.#1.230.43':3128
  • '12#.#9.170.60':3128
  • '12#.#.37.129':3128
  • '12#.#8.246.162':3128
  • '18#.#0.29.199':3128
  • '11#.#11.188.90':3128
  • '18#.#3.210.242':3128
  • '11#.#02.54.37':3128
  • '12#.#23.90.198':3128
  • '11#.#5.249.236':3128
  • '20#.#49.69.115':3128
  • '60.##0.28.98':3128
  • '61.##.178.102':3128
  • '11#.#1.144.208':3128
  • '12#.#23.12.27':3128
  • '12#.#6.5.127':3128
  • '89.##8.47.21':3128
  • '12#.#46.155.76':3128
  • '68.##.139.244':3128
  • '18#.#3.85.46':3128
  • '11#.#2.222.25':3128
  • '21#.#2.183.8':3128
  • '12#.#12.36.162':3128
  • '11#.#11.184.200':3128
  • '20#.#33.48.28':3128
  • '18#.#9.124.117':3128
  • '12#.#44.101.76':3128
  • '11#.#54.41.156':3128
  • '11#.#01.89.77':3128
  • '12#.#38.66.199':3128
  • '20#.#0.156.43':3128
  • '82.##1.119.31':3128
  • '11#.#2.167.20':3128
  • '20#.#82.172.34':3128
  • '80.##3.159.169':3128
  • '61.##.205.32':3128
  • '68.##6.88.185':3128
  • '89.##.150.173':3128
  • '12#.#.210.248':3128
  • '11#.#4.121.208':3128
  • '12#.#25.191.203':3128
  • '18#.#16.37.77':3128
  • '12#.#23.121.231':3128
  • '12#.#25.42.8':3128
  • '60.#2.38.30':3128
  • '20#.#14.12.197':3128
  • '20#.#90.130.87':3128
  • '11#.#03.45.1':3128
  • '58.##2.134.242':3128
  • '12#.#81.33.153':3128
  • '11#.#18.229.64':3128
  • '20#.#10.88.2':3128
  • '11#.#32.74.36':3128
  • '59.##.35.138':3128
  • '22#.#02.72.39':3128
  • '20#.#06.218.92':3128
  • '11#.#00.182.102':3128
  • '61.##.11.230':3128
  • '11#.#52.11.236':3128
  • '22#.#37.116.213':3128
  • '78.##.196.124':3128
  • '21#.#.153.126':3128
  • '18#.#13.199.162':3128
  • '24.##.55.205':3128
  • '21#.#54.30.10':3128
  • '18#.#9.14.148':3128
  • '19#.#21.49.38':3128
  • '11#.#2.88.140':3128
  • '11#.#4.217.142':3128
  • '12#.#14.32.162':3128
  • '18#.#9.34.92':3128
  • '17#.#24.7.199':3128
  • '21#.20.7.63':3128
  • '18#.#.245.163':3128
  • '20#.80.64.9':3128
  • '11#.#6.111.125':3128
  • '12#.#20.29.135':3128
  • '18#.44.25.1':3128
  • '11#.#1.182.232':3128
  • '21#.#7.24.192':3128
  • '18#.#26.43.32':3128
  • '20#.#3.222.180':3128
  • '21#.#67.5.90':3128
  • '11#.#2.7.221':3128
  • '77.##9.4.170':3128
  • '22#.#36.84.6':3128
  • '18#.#1.72.73':3128
  • '18#.#9.78.157':3128
  • '18#.#23.234.182':3128
  • '12#.#36.34.91':3128
  • '12#.#37.16.23':3128
  • '89.##3.142.181':3128
  • '11#.#11.201.46':3128
  • '88.##3.211.10':3128
  • '12#.#23.119.227':3128
  • '20#.#7.23.140':3128
  • '18#.#0.39.141':3128
  • '58.##0.186.5':3128
  • '12#.#92.160.142':3128
  • '12#.#23.98.142':3128
  • '69.##9.80.49':3128
  • '20#.#2.163.96':3128
  • '11#.#3.192.166':3128
  • '11#.#00.72.196':3128
  • '59.##6.119.73':3128
  • '11#.#52.5.253':3128
  • '18#.#8.65.208':3128
  • '11#.#84.99.223':3128
  • '12#.#44.47.79':3128
  • '11#.#19.159.150':3128
  • '12#.#21.248.190':3128
  • '12#.#07.121.136':3128
  • '12#.#36.156.123':3128
  • '12#.#57.158.186':3128
  • 'localhost':6031
  • '18#.#7.139.4':3128
  • '11#.#2.233.36':3128
  • '89.#4.88.75':3128
  • '12#.#3.172.69':3128
  • '18#.#02.164.233':3128
  • '11#.#5.14.82':3128
  • '12#.#7.56.55':3128
  • '21#.#36.170.154':3128
  • '12#.#37.51.20':3128
  • '22#.#5.137.197':3128
  • '11#.#9.170.107':3128
  • '12#.#23.75.116':3128
  • '60.##.54.184':3128
  • '20#.#49.160.51':3128
  • '20#.#18.197.250':3128
  • '18#.#1.218.67':3128
  • '14#.#16.0.141':3128
  • '86.##5.49.198':3128
  • '12#.#90.135.142':3128
  • '11#.#52.174.238':3128
  • '21#.#50.62.24':3128
  • '12#.#4.134.190':3128
  • '12#.#38.67.74':3128
  • '20#.#3.205.73':3128
  • '19#.#02.43.35':3128
  • '12#.#18.91.208':3128
  • '12#.#20.41.209':3128
  • '12#.#23.139.34':3128
  • '21#.#1.92.129':3128
  • '11#.11.82.1':3128
  • '12#.#80.5.167':3128
  • '79.##2.170.211':3128
  • '18#.#5.152.254':3128
  • '21#.#2.237.163':3128
  • '12#.#25.184.7':3128
  • '18#.#.204.246':3128
  • '15#.#2.157.74':3128
  • '85.##5.119.210':3128
  • '11#.#11.205.215':3128
  • '12#.#2.125.7':3128
  • '11#.#4.134.90':3128
  • '21#.#5.92.14':3128
  • '21#.#52.136.150':3128
  • '78.##9.196.128':3128
  • '11#.#03.43.194':3128
  • '60.##.29.166':3128
  • '12#.#20.210.185':3128
  • '20#.#72.184.46':3128
  • '18#.#.143.88':3128
  • '12#.#2.37.125':3128
  • '21#.#2.129.147':3128
  • '20#.#5.200.108':3128
  • '11#.#00.73.39':3128
  • '18#.#1.6.130':3128
  • '11#.#33.100.97':3128
  • '12#.#46.252.224':3128
  • '12#.#60.140.35':3128
  • '11#.#00.220.37':3128
  • '11#.#11.186.146':3128
  • '20#.#3.176.47':3128
  • '85.##.32.151':3128
  • '22#.#36.138.127':3128
  • '11#.#5.215.223':3128
  • '78.##.148.17':3128
  • '12#.#.115.132':3128
  • '12#.#21.135.64':3128
  • '12#.#23.209.183':3128
  • '12#.#9.26.173':3128
  • '12#.#34.140.85':3128
  • '12#.#36.6.44':3128
  • '12#.#24.1.49':3128
  • '18#.#23.136.151':3128
  • '18#.#1.96.57':3128
  • '11#.#32.143.136':3128
  • '12#.#46.186.78':3128
  • '19#.#05.199.197':3128
  • '20#.#0.130.189':3128
  • '77.##7.124.250':3128
  • '12#.#07.222.13':3128
  • '12#.#80.35.197':3128
  • '20#.#0.129.23':3128
  • '11#.#01.6.52':3128
  • '11#.#46.95.113':3128
  • '12#.#23.29.151':3128
  • '11#.#5.242.147':3128
  • '69.##6.213.245':3128
  • '12#.#3.162.180':3128
  • '18#.#23.20.101':3128
  • '67.##1.137.134':3128
  • '89.#6.211.4':3128
  • '60.##.85.232':3128
  • '11#.#3.116.46':3128
  • '11#.#00.197.201':3128
  • '58.##.224.214':3128
  • '18#.#3.65.239':3128
  • '12#.#20.118.74':3128
  • '61.##.166.144':3128
  • '18#.#23.129.132':3128
  • '12#.#37.94.99':3128
  • '89.##.63.223':3128
  • '89.#2.68.39':3128
  • '60.##3.75.186':3128
  • '20#.#43.25.10':3128
  • '20#.#30.17.12':3128
  • '82.##.205.200':3128
  • '19#.#18.196.126':3128
  • '24.##.122.78':3128
  • '15#.#62.74.60':3128
  • '20#.#15.142.162':3128
  • '18#.#4.23.42':3128
  • '11#.#9.104.166':3128
  • '12#.#23.165.239':3128
  • '12#.#9.46.80':3128
  • '14#.###.26031.ht00000073':0
TCP:
HTTP POST requests:
  • http://18#.#1.218.67/+26031.html
  • http://21#.#54.30.10/+26031.html
  • http://18#.#9.14.148/+26031.html
  • http://19#.#21.49.38/+26031.html
  • http://11#.#2.88.140/+26031.html
  • http://11#.#4.217.142/+26031.html
  • http://12#.#14.32.162/+26031.html
  • http://18#.#9.34.92/+26031.html
  • http://17#.#24.7.199/+26031.html
  • http://21#.20.7.63/+26031.html
  • http://18#.#.245.163/+26031.html
  • http://12#.#25.191.203/+26031.html
  • http://20#.80.64.9/+26031.html
  • http://11#.#6.111.125/+26031.html
  • http://20#.#06.218.92/+26031.html
  • http://11#.#52.11.236/+26031.html
  • http://18#.#16.37.77/+26031.html
  • http://12#.#23.121.231/+26031.html
  • http://12#.#25.42.8/+26031.html
  • http://60.#2.38.30/+26031.html
  • http://24.##.55.205/+26031.html
  • http://18#.#13.199.162/+26031.html
  • http://21#.#.153.126/+26031.html
  • http://78.##.196.124/+26031.html
  • http://20#.#90.130.87/+26031.html
  • http://12#.#8.246.162/+26031.html
  • http://18#.#0.29.199/+26031.html
  • http://11#.#11.188.90/+26031.html
  • http://18#.#3.210.242/+26031.html
  • http://11#.#02.54.37/+26031.html
  • http://12#.#23.90.198/+26031.html
  • http://11#.#5.249.236/+26031.html
  • http://20#.#49.69.115/+26031.html
  • http://20#.#14.12.197/+26031.html
  • http://60.##0.28.98/+26031.html
  • http://12#.#.37.129/+26031.html
  • http://12#.#23.12.27/+26031.html
  • http://12#.#6.5.127/+26031.html
  • http://89.##8.47.21/+26031.html
  • http://68.##.139.244/+26031.html
  • http://11#.#2.222.25/+26031.html
  • http://11#.#00.182.102/+26031.html
  • http://11#.#4.121.208/+26031.html
  • http://22#.#37.116.213/+26031.html
  • http://61.##.178.102/+26031.html
  • http://78.##.163.34/+26031.html
  • http://11#.#1.144.208/+26031.html
  • http://12#.#7.48.43/+26031.html
  • http://11#.#98.48.230/+26031.html
  • http://18#.#22.160.33/+26031.html
  • http://11#.#7.223.221/+26031.html
  • http://12#.#23.25.180/+26031.html
  • http://22#.#5.38.121/+26031.html
  • http://18#.#9.43.86/+26031.html
  • http://59.##.253.11/+26031.html
  • http://21#.#72.243.22/+26031.html
  • http://20#.#.210.202/+26031.html
  • http://20#.#3.36.182/+26031.html
  • http://20#.#49.79.28/+26031.html
  • http://87.##6.105.67/+26031.html
  • http://12#.#71.125.14/+26031.html
  • http://12#.#25.47.200/+26031.html
  • http://62.##1.92.44/+26031.html
  • http://18#.28.39.6/+26031.html
  • http://12#.#63.8.85/+26031.html
  • http://20#.#7.201.124/+26031.html
  • http://61.##1.117.245/+26031.html
  • http://20#.#71.86.216/+26031.html
  • http://58.#.25.46/+26031.html
  • http://59.#4.49.29/+26031.html
  • http://11#.#2.115.36/+26031.html
  • http://58.##2.134.242/+26031.html
  • http://11#.#18.229.64/+26031.html
  • http://20#.#10.88.2/+26031.html
  • http://11#.#32.74.36/+26031.html
  • http://59.##.35.138/+26031.html
  • http://22#.#02.72.39/+26031.html
  • http://61.##.11.230/+26031.html
  • http://12#.#9.170.60/+26031.html
  • http://12#.#23.131.181/+26031.html
  • http://11#.#03.45.1/+26031.html
  • http://12#.#.209.148/+26031.html
  • http://12#.#81.33.153/+26031.html
  • http://11#.#1.168.141/+26031.html
  • http://19#.#4.31.25/+26031.html
  • http://20#.#07.119.21/+26031.html
  • http://11#.75.65.9/+26031.html
  • http://20#.#22.146.136/+26031.html
  • http://94.##3.248.124/+26031.html
  • http://12#.#22.34.145/+26031.html
  • http://18#.1.3.65/+26031.html
  • http://12#.#37.186.82/+26031.html
  • http://21#.#02.10.234/+26031.html
  • http://12#.#46.155.76/+26031.html
  • http://18#.#5.152.254/+8620.html
  • http://11#.#01.6.52/+8620.html
  • http://68.##6.88.185/+8620.html
  • http://11#.#9.104.166/+8620.html
  • http://11#.#11.188.90/+8620.html
  • http://21#.#5.92.14/+8620.html
  • http://11#.#98.48.230/+8620.html
  • http://11#.#03.45.1/+8620.html
  • http://18#.#4.23.42/+8620.html
  • http://89.##.150.173/+8620.html
  • http://12#.#37.94.99/+8620.html
  • http://21#.#7.24.192/+8620.html
  • http://12#.#23.29.151/+8620.html
  • http://12#.#18.91.208/+8620.html
  • http://12#.#57.158.186/+8620.html
  • http://22#.#5.139.78/+8620.html
  • http://94.##3.248.124/+8620.html
  • http://12#.#07.121.136/+8620.html
  • http://59.##.35.138/+8620.html
  • http://12#.#23.139.34/+8620.html
  • http://21#.#2.129.147/+8620.html
  • http://11#.#03.43.194/+26031.html
  • http://11#.#02.10.14/+8620.html
  • http://11#.#1.168.141/+8620.html
  • http://11#.#00.197.201/+8620.html
  • http://11#.#32.143.136/+8620.html
  • http://21#.#2.183.8/+8620.html
  • http://11#.#00.220.37/+8620.html
  • http://11#.#18.229.64/+8620.html
  • http://12#.#48.2.59/+8620.html
  • http://77.##9.4.170/+8620.html
  • http://12#.#37.93.42/+8620.html
  • http://11#.#5.215.223/+8620.html
  • http://15#.#62.74.60/+8620.html
  • http://61.##.120.56/+8620.html
  • http://12#.#63.8.85/+8620.html
  • http://86.##5.49.198/+8620.html
  • http://20#.#0.130.223/+8620.html
  • http://59.##6.119.73/+8620.html
  • http://11#.#2.222.25/+8620.html
  • http://20#.#18.197.250/+8620.html
  • http://11#.#3.192.166/+8620.html
  • http://11#.#1.144.208/+8620.html
  • http://61.##1.117.245/+8620.html
  • http://11#.#00.182.102/+8620.html
  • http://68.##6.88.185/+26031.html
  • http://89.##.150.173/+26031.html
  • http://20#.#72.184.46/+8620.html
  • http://20#.#14.6.230/+8620.html
  • http:///+26031.html via 85.##5.119.210
  • http:///+26031.html via 84.##1.208.36
  • http://21#.#2.183.8/+26031.html
  • http://12#.#12.36.162/+26031.html
  • http://11#.#11.184.200/+26031.html
  • http://20#.#33.48.28/+26031.html
  • http://18#.#9.124.117/+26031.html
  • http://12#.#44.101.76/+26031.html
  • http://11#.#54.41.156/+26031.html
  • http://11#.#01.89.77/+26031.html
  • http://12#.#38.66.199/+26031.html
  • http://20#.#0.156.43/+26031.html
  • http://82.##1.119.31/+26031.html
  • http://11#.#2.167.20/+26031.html
  • http://20#.#82.172.34/+26031.html
  • http://80.##3.159.169/+26031.html
  • http://61.##.205.32/+26031.html
  • http://85.##5.119.210/+26031.html
  • http://18#.#23.129.132/+8620.html
  • http://11#.#2.167.20/+8620.html
  • http://18#.#02.164.233/+8620.html
  • http://60.##.29.166/+8620.html
  • http://22#.#36.138.127/+8620.html
  • http://18#.#0.29.199/+8620.html
  • http://20#.#41.134.135/+8620.html
  • http://11#.#32.74.36/+8620.html
  • http://18#.#3.65.239/+8620.html
  • http://18#.#22.160.33/+8620.html
  • http://85.##.32.151/+8620.html
  • http://11#.#11.201.46/+8620.html
  • http://20#.#.210.202/+8620.html
  • http://11#.#11.184.200/+8620.html
  • http://18#.#23.20.101/+8620.html
  • http://20#.#30.17.12/+8620.html
  • http://18#.#3.85.46/+8620.html
  • http://21#.#1.92.129/+8620.html
  • http://12#.#20.29.135/+8620.html
  • http://85.##5.119.210/+8620.html
  • http://11#.#9.170.107/+8620.html
  • http://12#.#92.160.142/+8620.html
  • http://12#.#44.69.50/+8620.html
  • http://58.##0.186.5/+8620.html
  • http://12#.#22.34.145/+8620.html
  • http://20#.#14.6.230/+26031.html
  • http://12#.#44.69.50/+26031.html
  • http://18#.#0.190.44/+26031.html
  • http://11#.#52.5.253/+26031.html
  • http://18#.#8.65.208/+26031.html
  • http://11#.#84.99.223/+26031.html
  • http://12#.#44.47.79/+26031.html
  • http://11#.#19.159.150/+26031.html
  • http://12#.#21.248.190/+26031.html
  • http://12#.#07.121.136/+26031.html
  • http://12#.#36.156.123/+26031.html
  • http://12#.#92.160.142/+26031.html
  • http://58.##0.186.5/+26031.html
  • http://18#.#0.39.141/+26031.html
  • http://20#.#7.23.140/+26031.html
  • http://77.##7.124.250/+26031.html
  • http://18#.#26.43.32/+26031.html
  • http://20#.#3.222.180/+26031.html
  • http://12#.#20.41.209/+26031.html
  • http://21#.#67.5.90/+26031.html
  • http://11#.#2.7.221/+26031.html
  • http://11#.#00.72.196/+26031.html
  • http://11#.#3.192.166/+26031.html
  • http://20#.#2.163.96/+26031.html
  • http://69.##9.80.49/+26031.html
  • http://20#.#0.129.23/+26031.html
  • http://11#.#01.6.52/+26031.html
  • http://11#.#46.95.113/+26031.html
  • http://12#.#23.29.151/+26031.html
  • http://11#.#5.242.147/+26031.html
  • http://69.##6.213.245/+26031.html
  • http://12#.#3.162.180/+26031.html
  • http://18#.#23.20.101/+26031.html
  • http://67.##1.137.134/+26031.html
  • http://77.##9.4.170/+26031.html
  • http://12#.#80.35.197/+26031.html
  • http://11#.#3.116.46/+26031.html
  • http://11#.#00.197.201/+26031.html
  • http://12#.#2.125.7/+26031.html
  • http://19#.#05.199.197/+26031.html
  • http://12#.#46.252.224/+26031.html
  • http://11#.#11.205.215/+26031.html
  • http://18#.#7.139.4/+26031.html
  • http://12#.#57.158.186/+26031.html
  • http://12#.#23.98.142/+26031.html
  • http://60.##.85.232/+26031.html
  • http://21#.#1.92.129/+26031.html
  • http://89.#6.211.4/+26031.html
  • http://12#.#36.34.91/+26031.html
  • http://12#.#38.67.74/+26031.html
  • http://12#.#23.119.227/+26031.html
  • http://15#.#2.157.74/+26031.html
  • http://11#.#52.174.238/+26031.html
  • http://11#.#9.170.107/+26031.html
  • http://12#.#4.134.190/+26031.html
  • http://12#.#3.172.69/+26031.html
  • http://18#.#02.164.233/+26031.html
  • http://11#.#5.14.82/+26031.html
  • http://12#.#7.56.55/+26031.html
  • http://21#.#36.170.154/+26031.html
  • http://12#.#37.51.20/+26031.html
  • http://89.#4.88.75/+26031.html
  • http://22#.#5.137.197/+26031.html
  • http://12#.#23.75.116/+26031.html
  • http://60.##.54.184/+26031.html
  • http://20#.#49.160.51/+26031.html
  • http://14#.#16.0.141/+26031.html
  • http://20#.#18.197.250/+26031.html
  • http://18#.#.204.246/+26031.html
  • http://12#.#25.184.7/+26031.html
  • http://21#.#2.237.163/+26031.html
  • http://18#.#5.152.254/+26031.html
  • http://22#.#36.84.6/+26031.html
  • http://18#.#1.72.73/+26031.html
  • http://12#.#37.16.23/+26031.html
  • http://18#.#9.78.157/+26031.html
  • http://88.##3.211.10/+26031.html
  • http://12#.#90.135.142/+26031.html
  • http://86.##5.49.198/+26031.html
  • http://18#.#23.234.182/+26031.html
  • http://11#.#2.233.36/+26031.html
  • http://11#.11.82.1/+26031.html
  • http://12#.#07.222.13/+26031.html
  • http://89.##3.142.181/+26031.html
  • http://11#.#11.201.46/+26031.html
  • http://21#.#7.24.192/+26031.html
  • http://19#.#02.43.35/+26031.html
  • http://12#.#18.91.208/+26031.html
  • http://11#.#44.200.49/+26031.html
  • http://12#.#23.139.34/+26031.html
  • http://12#.#80.5.167/+26031.html
  • http://79.##2.170.211/+26031.html
  • http://20#.#3.205.73/+26031.html
  • http://21#.#50.62.24/+26031.html
  • http://59.##6.119.73/+26031.html
  • http://18#.#23.129.132/+26031.html
  • http://84.##1.208.36/+26031.html
  • http://12#.#25.24.247/+26031.html
  • http://12#.#23.61.229/+26031.html
  • http://59.##9.161.227/+26031.html
  • http://61.##.120.56/+26031.html
  • http://12#.#37.93.42/+26031.html
  • http://11#.#78.148.190/+26031.html
  • http://12#.#44.157.246/+26031.html
  • http://11#.#11.185.207/+26031.html
  • http://20#.#41.134.135/+26031.html
  • http://18#.#3.85.46/+26031.html
  • http://12#.#20.29.135/+26031.html
  • http://18#.44.25.1/+26031.html
  • http://11#.#1.182.232/+26031.html
  • http://22#.#36.138.127/+26031.html
  • http://85.##.32.151/+26031.html
  • http://11#.#5.215.223/+26031.html
  • http://78.##.148.17/+26031.html
  • http://12#.#.115.132/+26031.html
  • http://12#.#21.135.64/+26031.html
  • http://21#.#52.106.107/+26031.html
  • http://11#.#00.119.120/+26031.html
  • http://12#.#01.83.10/+26031.html
  • http://11#.#01.204.54/+26031.html
  • http://21#.#11.225.76/+26031.html
  • http://61.##.228.138/+26031.html
  • http://11#.#02.10.14/+26031.html
  • http://22#.#5.139.78/+26031.html
  • http://11#.#8.135.34/+26031.html
  • http://59.##.209.58/+26031.html
  • http://12#.#48.2.59/+26031.html
  • http://21#.#12.137.67/+26031.html
  • http://11#.#03.30.194/+26031.html
  • http://20#.#0.130.223/+26031.html
  • http://12#.#23.209.183/+26031.html
  • http://12#.#34.140.85/+26031.html
  • http://11#.#33.20.160/+26031.html
  • http://19#.#46.41.66/+26031.html
  • http://12#.#25.92.75/+26031.html
  • http://18#.#9.90.228/+26031.html
  • http://12#.#5.120.255/+26031.html
  • http://12#.#.210.248/+26031.html
  • http://12#.#37.170.221/+26031.html
  • http://12#.#7.255.92/+26031.html
  • http://12#.#36.118.108/+26031.html
  • http://12#.#9.26.173/+26031.html
  • http://12#.#36.6.44/+26031.html
  • http://18#.#1.230.43/+26031.html
  • http://82.##.205.200/+26031.html
  • http://18#.#3.65.239/+26031.html
  • http://12#.#20.118.74/+26031.html
  • http://58.##.224.214/+26031.html
  • http://12#.#37.94.99/+26031.html
  • http://89.##.63.223/+26031.html
  • http://89.#2.68.39/+26031.html
  • http://60.##3.75.186/+26031.html
  • http://20#.#43.25.10/+26031.html
  • http://12#.#3.162.180/+8620.html
  • http://12#.#60.140.35/+26031.html
  • http://19#.#18.196.126/+26031.html
  • http://24.##.122.78/+26031.html
  • http://15#.#62.74.60/+26031.html
  • http://20#.#15.142.162/+26031.html
  • http://18#.#4.23.42/+26031.html
  • http://11#.#9.104.166/+26031.html
  • http://12#.#23.165.239/+26031.html
  • http://61.##.166.144/+26031.html
  • http://12#.#9.46.80/+26031.html
  • http://20#.#30.17.12/+26031.html
  • http://11#.#02.54.37/+8620.html
  • http://11#.#33.100.97/+26031.html
  • http://20#.#5.200.108/+26031.html
  • http://18#.#1.6.130/+26031.html
  • http://12#.#24.1.49/+26031.html
  • http://18#.#23.136.151/+26031.html
  • http://18#.#1.96.57/+26031.html
  • http://11#.#32.143.136/+26031.html
  • http://11#.#11.186.146/+26031.html
  • http://12#.#46.186.78/+26031.html
  • http://20#.#0.130.189/+26031.html
  • http://20#.#3.176.47/+26031.html
  • http://11#.#00.73.39/+26031.html
  • http://11#.#4.134.90/+26031.html
  • http://11#.#00.220.37/+26031.html
  • http://21#.#52.136.150/+26031.html
  • http://78.##9.196.128/+26031.html
  • http://60.##.29.166/+26031.html
  • http://12#.#20.210.185/+26031.html
  • http://20#.#72.184.46/+26031.html
  • http://18#.#.143.88/+26031.html
  • http://12#.#2.37.125/+26031.html
  • http://21#.#2.129.147/+26031.html
  • http://21#.#5.92.14/+26031.html
  • http://78.##.163.34/+8620.html
UDP:
  • DNS ASK 14#.###.26031.ht00000073
Miscellaneous:
Creates and executes the following:
  • 'C:\lsass.exe' exe <Full path to file>
  • '<Full path to file>' force

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play