Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14391' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27351' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24257' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16703' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21459' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24247' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14942' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15567' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32516' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2341' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5440' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9474' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9574' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30038' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17742' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13401' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3365' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1718' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13190' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22177' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14217' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6777' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31071' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2641' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17634' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10611' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22809' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15983' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '376' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16185' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21560' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14739' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24351' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15252' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22797' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10714' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8951' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24040' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19699' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10089' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10916' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '888' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28794' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5538' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9775' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20013' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13907' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4922' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17016' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5434' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17423' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1917' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32618' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2545' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20833' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28388' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28077' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31080' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24867' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9779' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25701' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5754' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6362' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '266' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8437' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3364' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8751' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30862' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '680' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18979' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9876' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8429' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1921' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6788' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '575' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14839' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6571' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13705' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4097' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13395' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17427' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12566' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1096' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20527' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11121' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7817' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14023' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28594' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4824' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30551' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31072' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28899' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8129' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11955' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4510' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8544' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23634' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12988' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22904' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2331' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30871' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22703' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15149' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26831' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6884' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8644' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3785' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7295' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2952' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24147' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27043' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4812' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19594' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20837' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18354' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17329' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6162' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1401' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22287' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17113' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22393' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12565' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8224' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9981' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8326' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27970' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18560' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32208' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18664' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31282' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10083' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '783' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20941' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3161' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27974' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32521' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20114' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30241' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13185' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8331' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6052' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23007' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8848' = '<Full path to file>'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17949' = '<Full path to file>'
Malicious functions
To bypass firewall, removes or modifies the following registry keys
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Modifies file system
Creates the following files
- C:\lsass.exe
Network activity
Connects to
- '18#.#.112.200':3128
- '19#.#1.164.93':3128
- '80.##.175.47':3128
- '59.##.187.191':3128
- '68.##2.84.184':3128
- '18#.19.1.2':3128
- '88.##6.139.9':3128
- '24.##1.27.53':3128
- '71.##3.57.202':3128
- '21#.#06.172.8':3128
- '12#.#36.145.233':3128
- '80.##.216.162':3128
- '11#.#93.99.156':3128
- '92.##8.214.50':3128
- '67.##3.168.135':3128
- '69.##6.87.254':3128
- '69.##8.238.218':3128
- '69.##8.255.138':3128
- '95.##3.32.223':3128
- '72.##1.127.98':3128
- '83.##3.164.227':3128
- '85.##6.185.251':3128
- '75.#.4.173':3128
- '19#.#35.3.233':3128
- '18#.#5.43.167':3128
- '84.##4.13.192':3128
- '17#.#9.167.7':3128
- '87.##7.40.149':3128
- '99.##3.208.73':3128
- '20#.#94.32.33':3128
- '71.##5.9.218':3128
- '99.##3.117.158':3128
- '83.##5.87.73':3128
- '70.##6.55.65':3128
- '20#.#36.227.56':3128
- '96.##.206.174':3128
- '59.#5.58.9':3128
- '96.#.109.140':3128
- '19#.#46.3.251':3128
- '74.#2.3.50':3128
- '24.##4.133.242':3128
- '68.#9.2.223':3128
- '68.##.171.45':3128
- '16#.#32.108.128':3128
- '94.##5.172.144':3128
- '89.##3.32.197':3128
- '19#.#7.44.61':3128
- '20#.#31.239.149':3128
- '20#.#.12.119':3128
- '68.#.89.93':3128
- '74.##.222.247':3128
- '69.##8.172.214':3128
- '19#.#2.134.189':3128
- '82.##2.182.2':3128
- '89.#6.57.67':3128
- '12#.#73.136.232':3128
- '82.##.183.35':3128
- '15#.#2.81.113':3128
- '19#.#01.133.104':3128
- '12#.#41.197.252':3128
- '24.##8.76.244':3128
- '11#.#6.43.114':3128
- '70.##.27.141':3128
- '17#.#0.228.144':3128
- '18#.#6.44.191':3128
- '61.#4.52.53':3128
- '21#.#69.185.183':3128
- '71.##8.102.68':3128
- '70.##5.135.139':3128
- '93.##3.188.191':3128
- '60.##.160.102':3128
- '72.##0.220.3':3128
- '85.##7.139.25':3128
- '20#.#46.230.2':3128
- '18#.#1.196.83':3128
- '86.##5.93.118':3128
- '99.##7.104.107':3128
- '71.##9.66.247':3128
- '69.##3.88.223':3128
- '83.##3.75.16':3128
- '87.##0.55.68':3128
- '17#.#0.139.110':3128
- '93.##.198.215':3128
- '17#.#4.229.40':3128
- '76.##.10.243':3128
- '20#.#7.154.235':3128
- '18#.#2.185.5':3128
- '20#.#15.235.81':3128
- '62.##1.92.44':3128
- '71.##.146.19':3128
- '77.#6.17.94':3128
- '82.##.232.100':3128
- '59.#2.1.132':3128
- '94.##8.80.183':3128
- '68.##.102.58':3128
- '21#.#53.129.127':3128
- '20#.#9.173.56':3128
- '69.##5.119.42':3128
- '78.##.49.214':3128
- '66.#.186.32':3128
- '19#.#28.31.12':3128
- '24.##1.35.196':3128
- '67.##.27.200':3128
- '59.#2.88.69':3128
- '88.##5.124.142':3128
- '76.##7.169.76':3128
- '24.##6.161.61':3128
- '60.##3.77.140':3128
- '69.##2.36.54':3128
- '64.##8.212.41':3128
- '24.##.220.189':3128
- '89.##.187.86':3128
- '21#.#45.182.186':3128
- '67.##7.119.211':3128
- '17#.#3.160.44':3128
- '74.##.93.206':3128
- '94.##9.207.169':3128
- '12#.#00.61.136':3128
- '83.##8.246.58':3128
- '85.##.135.243':3128
- '89.##6.134.251':3128
- '82.##9.204.177':3128
- '22#.#55.122.196':3128
- '20#.#.177.143':3128
- '12#.#21.118.247':3128
- '98.##1.190.110':3128
- '77.##.12.105':3128
- '17#.#8.35.43':3128
- '71.#7.7.19':3128
- '20#.1.73.9':3128
- '19#.#3.10.32':3128
- '87.#8.94.28':3128
- '60.##.240.155':3128
- '99.##5.206.135':3128
- '86.#6.58.74':3128
- '84.#05.7.15':3128
- '71.##9.47.110':3128
- '99.##8.43.79':3128
- '87.##1.223.89':3128
- '20#.#68.252.115':3128
- '20#.#8.45.56':3128
- '24.##.64.252':3128
- '20#.#50.251.146':3128
- '78.#9.2.236':3128
- '11#.#46.213.222':3128
- '99.##8.209.16':3128
- '18#.#23.206.80':3128
- '59.##.132.233':3128
- '19#.#6.17.185':3128
- '98.##6.116.193':3128
- '19#.#58.40.40':3128
- '66.#7.53.62':3128
Miscellaneous
Creates and executes the following
- 'C:\lsass.exe' exe <Full path to file>
Executes the following
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"
