Защити созданное

Другие наши ресурсы

  • free.drweb.kz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.kz — сетевая лечащая утилита Dr.Web CureNet!
Закрыть

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

+ Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск
Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

KZ

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader26.50654

Добавлен в вирусную базу Dr.Web: 2018-06-13

Описание добавлено:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18721' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20382' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27437' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13214' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9840' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21358' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8808' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31481' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28608' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32429' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5434' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5294' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27047' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14469' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11457' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28079' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27716' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5071' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9031' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22362' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28162' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18848' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25065' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24648' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26461' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20326' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17844' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1920' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14609' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11820' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4681' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3956' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11932' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13912' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7833' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19350' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16338' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20155' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16924' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27659' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24844' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15415' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25649' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26459' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '608' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30728' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25903' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1613' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29891' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17314' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20409' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29417' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4792' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27660' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21916' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4848' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1055' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7107' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18067' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16310' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3927' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17396' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28775' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10759' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15387' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2060' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21664' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18318' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20298' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13996' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11597' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21189' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31370' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4012' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8558' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32681' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8418' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12235' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9004' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19739' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19490' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7495' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13381' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21804' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11987' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17481' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6633' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18681' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25736' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19405' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2701' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8669' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18764' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17900' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6215' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14802' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10621' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29639' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16408' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2840' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29109' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27967' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16672' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18150' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14190' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14776' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23058' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9421' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11401' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18290' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8975' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4319' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20716' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21191' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21301' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28218' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27633' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16059' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10842' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7916' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31537' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19207' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9310' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12239' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18541' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24561' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18903' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7775' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13296' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27632' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20938' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26237' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11733' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8055' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16923' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13602' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24007' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10147' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24397' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14330' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1752' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4624' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16783' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17508' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30337' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1641' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14274' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31508' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27548' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15305' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5628' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3648' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26739' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14497' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4820' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25345' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13102' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3425' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23198' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20295' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23951' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25122' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12879' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23394' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16784' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15194' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11290' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2114' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '133' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20241' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27158' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10927' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8417' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2031' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29529' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32066' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23115' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24342' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8892' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10872' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1028' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14163' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27354' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3368' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '386' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2199' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18625' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30644' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5350' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7191' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4179' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26684' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5127' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3677' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30561' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26238' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '721' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19267' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9367' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15697' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22640' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15613' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23617' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29696' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25513' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10928' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2087' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6548' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7358' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6466' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10119' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25820' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26349' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23810' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29025' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31620' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7218' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25011' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9924' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20911' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13940' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16282' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17174' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17398' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15780' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21943' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11151' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3984' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '358' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15501' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12127' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27046' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28469' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18539' = '<Full path to file>'
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Injects code into
the following system processes:
  • %WINDIR%\XXInstall\ps.exe
Hides the following processes:
  • C:\lsass.exe
Modifies file system:
Creates the following files:
  • C:\lsass.exe
  • <Full path to file>
Network activity:
Connects to:
  • '11#.#07.8.73':3128
  • '19#.#69.218.149':3128
  • '61.#.187.4':3128
  • '17#.#44.12.32':3128
  • '20#.#60.203.191':3128
  • '21#.#12.103.10':3128
  • '12#.#38.112.160':3128
  • '11#.#9.179.121':3128
  • '89.##5.161.115':3128
  • '12#.#68.220.59':3128
  • '78.##.218.137':3128
  • '12#.#45.146.52':3128
  • '95.##6.170.20':3128
  • '11#.#99.118.66':3128
  • '41.##7.156.19':3128
  • '87.##6.28.235':3128
  • '59.##.198.14':3128
  • '86.##6.249.145':3128
  • '95.##6.173.212':3128
  • '11#.#96.7.140':3128
  • '78.##.123.163':3128
  • '11#.#41.40.117':3128
  • '60.##.148.121':3128
  • '21#.#20.91.2':3128
  • '17#.#1.167.22':3128
  • '19#.#8.232.117':3128
  • '59.#.25.149':3128
  • '21#.#14.159.204':3128
  • '11#.#05.144.151':3128
  • '22#.#49.84.42':3128
  • '20#.#66.64.254':3128
  • '12#.#3.30.121':3128
  • '11#.#02.182.30':3128
  • '12#.#05.159.2':3128
  • '20#.#77.215.190':3128
  • '11#.#4.132.185':3128
  • '12#.#68.129.38':3128
  • '11#.#01.106.205':3128
  • '78.#.41.134':3128
  • '79.##8.186.245':3128
  • '20#.#7.52.183':3128
  • '89.##.88.140':3128
  • '88.##3.174.191':3128
  • '80.##1.56.54':3128
  • '81.##5.164.52':3128
  • '90.##0.221.64':3128
  • '20#.#71.178.39':3128
  • '22#.#1.224.93':3128
  • '85.##0.24.145':3128
  • '11#.#54.180.252':3128
  • '78.##.24.108':3128
  • '21#.#5.32.117':3128
  • '77.##.173.135':3128
  • '12#.#7.160.81':3128
  • '11#.40.1.26':3128
  • '95.##.167.45':3128
  • '89.##2.102.203':3128
  • '18#.#1.86.103':3128
  • '81.##3.159.26':3128
  • '79.##3.15.57':3128
  • '88.#47.9.18':3128
  • '21#.#42.212.31':3128
  • '79.##9.31.116':3128
  • '77.##2.5.218':3128
  • '11#.#41.40.218':3128
  • '41.##0.10.146':3128
  • '21#.#3.74.241':3128
  • '18#.#9.68.85':3128
  • '18#.#22.62.250':3128
  • '95.#3.23.36':3128
  • '78.##.157.80':3128
  • '95.##6.209.130':3128
  • '11#.#97.121.99':3128
  • '83.#7.12.74':3128
  • '11#.#41.40.159':3128
  • '19#.#48.200.251':3128
  • '11#.#7.178.203':3128
  • '84.#.29.47':3128
  • '89.##.138.116':3128
  • '20#.#64.33.2':3128
  • '17#.#44.13.84':3128
  • '11#.#97.113.200':3128
  • '91.##7.127.149':3128
  • '78.##.84.169':3128
  • '22#.#36.141.191':3128
  • '11#.#49.173.156':3128
  • '85.##1.41.214':3128
  • '12#.#01.173.150':3128
  • '11#.#96.4.245':3128
  • '21#.#7.94.88':3128
  • '78.##.211.110':3128
  • '59.##.87.154':3128
  • '17#.#0.111.6':3128
  • '24.##8.235.234':3128
  • '83.##.173.131':3128
  • '77.##0.216.169':3128
  • '20#.#0.29.245':3128
  • '41.##0.17.63':3128
  • '21#.#6.112.137':3128
  • '19#.#13.40.42':3128
  • '80.#0.93.30':3128
  • '19#.#17.205.107':3128
  • '18#.#9.107.39':3128
  • '21#.#19.194.130':3128
  • '85.##0.9.211':3128
  • '82.##9.88.187':3128
  • '82.##3.221.63':3128
  • '11#.#97.112.123':3128
  • '83.#6.84.5':3128
  • '82.##5.148.104':3128
  • '22#.#6.6.230':3128
  • '11#.#99.112.143':3128
  • '21#.#62.227.153':3128
  • '41.#2.7.207':3128
  • '89.##3.148.31':3128
  • '95.##6.197.121':3128
  • '10.#.1.254':3128
  • '80.#0.94.95':3128
  • '18#.#3.204.41':3128
  • '21#.#12.102.28':3128
  • '11#.#4.131.242':3128
  • '12#.#31.186.241':3128
  • '58.#8.8.189':3128
  • '88.##4.88.103':3128
  • '82.##6.163.238':3128
  • '78.##5.47.227':3128
  • '85.#0.9.37':3128
  • '89.##3.153.110':3128
  • '82.##2.73.51':3128
  • '20#.#87.239.17':3128
  • '77.##2.16.90':3128
  • '59.##.245.66':3128
  • '78.##.185.170':3128
  • '17#.#44.22.189':3128
  • '85.##.90.180':3128
  • '41.##0.37.59':3128
  • '82.##2.103.247':3128
  • '83.##.48.177':3128
  • '61.#.86.195':3128
  • '12#.#31.99.252':3128
  • '78.#.153.8':3128
  • '11#.#98.172.43':3128
  • '80.#48.5.28':3128
  • '91.##2.146.35':3128
  • 'localhost':2373
  • '41.##0.250.116':3128
  • '95.##6.143.90':3128
  • '12#.#21.124.110':3128
  • '77.##7.93.57':3128
  • '89.##2.224.30':3128
  • '58.##6.254.87':3128
  • '22#.#3.115.13':3128
  • '20#.#67.215.225':3128
  • '20#.#19.64.30':3128
  • '77.##.73.167':3128
  • '78.##.209.139':3128
  • '59.##.243.174':3128
  • '11#.#04.64.122':3128
  • '20#.#5.20.232':3128
  • '20#.#15.74.90':3128
  • '11#.#54.178.165':3128
  • '67.##0.65.27':3128
  • '85.##.201.214':3128
  • '18#.#62.9.188':3128
  • '11#.#41.40.233':3128
  • '20#.#19.72.164':3128
  • '12#.#90.207.50':3128
  • '83.##.96.188':3128
  • '78.#.152.158':3128
  • '11#.#06.35.163':3128
  • '21#.#12.102.52':3128
  • '78.##.23.141':3128
  • '21#.#50.170.26':3128
  • '12#.#79.17.243':3128
  • '87.##.229.210':3128
  • '20#.#30.145.191':3128
  • '85.##7.57.116':3128
  • '95.##.177.58':3128
  • '83.##9.11.193':3128
  • '88.##.106.237':3128
  • '41.##1.68.54':3128
  • '22#.#18.110.238':3128
  • '81.##3.129.89':3128
  • '85.##0.242.90':3128
  • '59.##.219.21':3128
  • '20#.#1.51.77':3128
  • '95.##0.30.23':3128
  • '87.##.141.148':3128
  • '11#.#42.144.145':3128
  • '11#.#41.41.57':3128
  • '12#.#11.92.54':3128
  • '24.##2.201.196':3128
  • '21#.#28.216.119':3128
  • '58.#46.4.54':3128
  • '20#.#2.86.183':3128
  • '11#.#06.32.223':3128
  • '21#.#1.202.225':3128
  • '12#.#33.206.131':3128
  • '11#.#97.112.105':3128
  • '11#.#41.41.7':3128
  • '20#.#60.119.120':3128
  • '59.##.248.163':3128
  • '86.##5.240.217':3128
  • '16#.#6.228.56':3128
  • '21#.#05.6.49':3128
  • '21#.#0.137.116':3128
  • '19#.#17.234.9':3128
  • '91.##.227.60':3128
  • '11#.#54.28.193':3128
  • '77.##4.48.97':3128
  • '17#.#44.70.152':3128
  • '20#.#19.228.166':3128
  • '85.##6.255.123':3128
  • '12#.#66.42.229':3128
  • '11#.#97.115.128':3128
  • '88.##5.71.68':3128
  • '93.##3.208.108':3128
  • '18#.#0.73.34':3128
  • '19#.#5.144.163':3128
  • '84.##.203.72':3128
  • '77.##.204.31':3128
  • '88.##3.230.71':3128
  • '95.##.103.111':3128
  • '89.##3.203.165':3128
  • '11#.#41.41.35':3128
  • '12#.#3.105.87':3128
  • '21#.#31.57.239':3128
  • '20#.#9.150.232':3128
  • '59.##.228.138':3128
  • '93.#88.8.66':3128
  • '12#.#39.146.119':3128
  • '11#.#99.115.112':3128
  • '82.##9.127.108':3128
  • '91.##0.40.138':3128
  • '95.##4.2.178':3128
  • '21#.#2.240.163':3128
  • '12#.#21.123.63':3128
  • '83.##.112.182':3128
  • '21#.#6.132.49':3128
  • '59.##0.240.98':3128
  • '79.##3.12.112':3128
  • '82.##.196.74':3128
  • '18#.#4.4.161':3128
  • '60.##9.154.100':3128
  • '11#.#99.117.217':3128
  • '89.##5.44.119':3128
  • '12#.#74.21.99':3128
  • '19#.#13.68.233':3128
  • '83.##.191.235':3128
  • '80.##2.241.216':3128
  • '81.##.115.138':3128
  • '19#.#05.222.20':3128
  • '93.##.14.187':3128
  • '95.##6.206.174':3128
  • '19#.#17.221.150':3128
  • '20#.#0.117.44':3128
  • '18#.#4.152.34':3128
  • '41.##3.86.79':3128
  • '21#.#23.84.207':3128
  • '89.##1.44.30':3128
  • '12#.#42.25.16':3128
  • '83.##.51.230':3128
  • '94.##.16.116':3128
  • '18#.2.151.6':3128
  • '12#.#38.66.38':3128
  • '21#.#52.114.48':3128
  • '11#.#62.6.44':3128
  • '21#.#0.226.152':3128
  • '12#.#05.146.223':3128
  • '89.##7.75.85':3128
  • '89.##2.66.80':3128
  • '21#.#73.242.137':3128
  • '20#.68.50.2':3128
  • '86.##.126.79':3128
  • '11#.#99.114.246':3128
  • '11#.#9.172.89':3128
  • '12#.#43.33.50':3128
  • '12#.#0.230.6':3128
  • '83.##4.167.52':3128
  • '22#.#36.131.125':3128
  • '21#.#44.187.199':3128
  • '17#.#1.205.14':3128
  • '18#.#16.176.131':3128
  • '61.#.86.211':3128
  • '21#.#0.134.129':3128
  • '85.##.183.163':3128
  • '11#.#02.186.22':3128
  • '59.##.210.86':3128
  • '82.##.177.62':3128
  • '20#.#5.242.65':3128
  • '78.##7.114.21':3128
  • '88.##.249.111':3128
  • '18#.#27.129.97':3128
  • '19#.#00.146.141':3128
  • '78.##.196.84':3128
  • '22#.#11.79.6':3128
  • '17#.#44.15.155':3128
  • '77.##9.116.126':3128
  • '61.##.240.63':3128
  • '84.##9.220.28':3128
  • '80.##4.71.210':3128
  • '12#.#38.66.128':3128
  • '11#.#08.201.253':3128
  • '11#.#4.56.147':3128
  • '19#.#07.115.91':3128
  • '79.#4.4.66':3128
  • '20#.#19.75.232':3128
  • '18#.#5.241.225':3128
  • '12#.#38.66.252':3128
  • '11#.#41.40.178':3128
  • '85.#6.3.108':3128
  • '59.##.190.60':3128
  • '18#.#31.221.132':3128
  • '17#.88.2.21':3128
  • '83.##.75.142':3128
  • '17#.#44.12.19':3128
  • '21#.#81.149.162':3128
  • '84.##.176.227':3128
  • '22#.#36.142.63':3128
  • '83.##3.188.59':3128
  • '85.##.185.143':3128
  • '21#.#0.222.99':3128
  • '11#.#99.117.228':3128
  • '19#.#0.40.81':3128
  • '80.#91.68.8':3128
  • '17#.#44.50.173':3128
  • '81.##4.146.201':3128
  • '88.##6.79.53':3128
  • '21#.#14.37.106':3128
  • '78.##8.18.147':3128
  • '89.##3.142.181':3128
  • '18#.#6.135.106':3128
  • '18#.#4.4.161':3
TCP:
HTTP POST requests:
  • http://11#.#07.8.73/+12373.html
  • http://20#.#5.20.232/+12373.html
  • http://20#.#15.74.90/+12373.html
  • http://11#.#54.178.165/+12373.html
  • http://67.##0.65.27/+12373.html
  • http://85.##.201.214/+12373.html
  • http://18#.#62.9.188/+12373.html
  • http://95.##6.143.90/+12373.html
  • http://88.##4.88.103/+12373.html
  • http://78.##5.47.227/+12373.html
  • http://91.##2.146.35/+12373.html
  • http://85.#0.9.37/+12373.html
  • http://89.##3.153.110/+12373.html
  • http://82.##2.73.51/+12373.html
  • http://20#.#87.239.17/+12373.html
  • http://77.##2.16.90/+12373.html
  • http://59.##.245.66/+12373.html
  • http://78.##.185.170/+12373.html
  • http://17#.#44.22.189/+12373.html
  • http://85.##.90.180/+12373.html
  • http://41.##0.37.59/+12373.html
  • http://82.##2.103.247/+12373.html
  • http://59.##.243.174/+12373.html
  • http://11#.#04.64.122/+12373.html
  • http://78.##.209.139/+12373.html
  • http://77.##.73.167/+12373.html
  • http://78.##.211.110/+12373.html
  • http://59.##.87.154/+12373.html
  • http://17#.#0.111.6/+12373.html
  • http://24.##8.235.234/+12373.html
  • http://83.##.173.131/+12373.html
  • http://77.##0.216.169/+12373.html
  • http://20#.#0.29.245/+12373.html
  • http://41.##0.17.63/+12373.html
  • http://21#.#6.112.137/+12373.html
  • http://19#.#13.40.42/+12373.html
  • http://80.#0.93.30/+12373.html
  • http://58.#8.8.189/+12373.html
  • http://82.##6.163.238/+12373.html
  • http://11#.#41.40.233/+12373.html
  • http://41.##0.250.116/+12373.html
  • http://12#.#21.124.110/+12373.html
  • http://77.##7.93.57/+12373.html
  • http://89.##2.224.30/+12373.html
  • http://58.##6.254.87/+12373.html
  • http://22#.#3.115.13/+12373.html
  • http://20#.#67.215.225/+12373.html
  • http://20#.#19.64.30/+12373.html
  • http://21#.#7.94.88/+12373.html
  • http://83.##.48.177/+12373.html
  • http://61.#.86.195/+12373.html
  • http://12#.#31.99.252/+12373.html
  • http://88.#47.9.18/+12373.html
  • http://89.##5.161.115/+12373.html
  • http://12#.#68.220.59/+12373.html
  • http://61.#.187.4/+12373.html
  • http://17#.#44.12.32/+12373.html
  • http://20#.#60.203.191/+12373.html
  • http://12#.#38.112.160/+12373.html
  • http://11#.#99.118.66/+12373.html
  • http://11#.#9.179.121/+12373.html
  • http://86.##6.249.145/+12373.html
  • http://78.#.41.134/+12373.html
  • http://78.##.218.137/+12373.html
  • http://12#.#45.146.52/+12373.html
  • http://95.##6.170.20/+12373.html
  • http://41.##7.156.19/+12373.html
  • http://87.##6.28.235/+12373.html
  • http://59.##.198.14/+12373.html
  • http://11#.#01.106.205/+12373.html
  • http://79.##8.186.245/+12373.html
  • http://20#.#7.52.183/+12373.html
  • http://89.##.88.140/+12373.html
  • http://11#.#96.7.140/+12373.html
  • http://12#.#68.129.38/+12373.html
  • http://21#.#12.103.10/+12373.html
  • http://20#.#77.215.190/+12373.html
  • http://91.##7.127.149/+12373.html
  • http://11#.#98.172.43/+12373.html
  • http://80.#48.5.28/+12373.html
  • http://78.##.84.169/+12373.html
  • http://11#.#97.113.200/+12373.html
  • http://79.##3.15.57/+12373.html
  • http://78.##.123.163/+12373.html
  • http://11#.#41.40.117/+12373.html
  • http://60.##.148.121/+12373.html
  • http://21#.#20.91.2/+12373.html
  • http://19#.#8.232.117/+12373.html
  • http://17#.#1.167.22/+12373.html
  • http://59.#.25.149/+12373.html
  • http://21#.#14.159.204/+12373.html
  • http://11#.#05.144.151/+12373.html
  • http://22#.#49.84.42/+12373.html
  • http://20#.#66.64.254/+12373.html
  • http://12#.#3.30.121/+12373.html
  • http://11#.#4.132.185/+12373.html
  • http://11#.#02.182.30/+12373.html
  • http://12#.#05.159.2/+12373.html
  • http://19#.#69.218.149/+12373.html
  • http://78.#.153.8/+12373.html
  • http://11#.#96.4.245/+12373.html
  • http://12#.#01.173.150/+12373.html
  • http://85.##1.41.214/+12373.html
  • http://77.##9.116.126/+16118.html
  • http://83.##.96.188/+16118.html
  • http://21#.#2.240.163/+16118.html
  • http://83.##4.167.52/+16118.html
  • http://67.##0.65.27/+16118.html
  • http://11#.#97.121.99/+16118.html
  • http://95.##0.30.23/+16118.html
  • http://12#.#79.17.243/+16118.html
  • http://18#.#9.107.39/+16118.html
  • http://18#.#3.204.41/+16118.html
  • http://21#.#14.37.106/+16118.html
  • http://91.##0.40.138/+16118.html
  • http://12#.#21.124.110/+16118.html
  • http://12#.#68.220.59/+16118.html
  • http://21#.#62.227.153/+16118.html
  • http://11#.#42.144.145/+16118.html
  • http://82.##.196.74/+16118.html
  • http://12#.#31.186.241/+16118.html
  • http://11#.#08.201.253/+16118.html
  • http://12#.#33.206.131/+16118.html
  • http://20#.#66.64.254/+16118.html
  • http://91.##7.127.149/+16118.html
  • http://61.##.240.63/+16118.html
  • http://78.#.41.134/+16118.html
  • http://20#.#77.215.190/+16118.html
  • http://19#.#48.200.251/+16118.html
  • http://89.##3.203.165/+16118.html
  • http://11#.#05.144.151/+16118.html
  • http://89.##1.44.30/+16118.html
  • http://79.##3.12.112/+16118.html
  • http://21#.#6.112.137/+16118.html
  • http://86.##.126.79/+16118.html
  • http://85.#6.3.108/+16118.html
  • http://20#.#64.33.2/+16118.html
  • http://89.##.88.140/+16118.html
  • http://22#.#49.84.42/+16118.html
  • http://80.#48.5.28/+16118.html
  • http://85.##0.24.145/+16118.html
  • http://87.##6.28.235/+16118.html
  • http://78.##.196.84/+16118.html
  • http://84.##.203.72/+16118.html
  • http://11#.#54.180.252/+16118.html
  • http://21#.#19.194.130/+16118.html
  • http://41.##3.86.79/+16118.html
  • http://11#.#02.182.30/+16118.html
  • http://20#.#2.86.183/+16118.html
  • http://20#.#71.178.39/+16118.html
  • http://83.##.48.177/+16118.html
  • http://21#.#0.226.152/+16118.html
  • http://20#.#5.20.232/+16118.html
  • http://81.##4.146.201/+16118.html
  • http://80.#0.94.95/+12373.html
  • http://11#.#97.112.123/+12373.html
  • http://83.#6.84.5/+12373.html
  • http://82.##5.148.104/+12373.html
  • http://22#.#6.6.230/+12373.html
  • http://11#.#99.112.143/+12373.html
  • http://21#.#62.227.153/+12373.html
  • http://41.#2.7.207/+12373.html
  • http://89.##3.148.31/+12373.html
  • http://95.##6.197.121/+12373.html
  • http://11#.#41.40.218/+12373.html
  • http://82.##9.88.187/+12373.html
  • http://18#.#3.204.41/+12373.html
  • http://21#.#12.102.28/+12373.html
  • http://11#.#4.131.242/+12373.html
  • http://12#.#31.186.241/+12373.html
  • http://18#.#9.107.39/+12373.html
  • http://85.##0.9.211/+12373.html
  • http://20#.#19.72.164/+12373.html
  • http://19#.#17.205.107/+12373.html
  • http://22#.#36.141.191/+12373.html
  • http://11#.#49.173.156/+12373.html
  • http://10.#.1.254/+12373.html
  • http://22#.#36.142.63/+16118.html
  • http://11#.#99.117.217/+16118.html
  • http://79.##3.15.57/+16118.html
  • http://82.##9.88.187/+16118.html
  • http://59.##.228.138/+16118.html
  • http://12#.#7.160.81/+16118.html
  • http://21#.#23.84.207/+16118.html
  • http://12#.#45.146.52/+16118.html
  • http://60.##9.154.100/+16118.html
  • http://17#.#44.12.32/+16118.html
  • http://88.##3.230.71/+16118.html
  • http://11#.#41.40.117/+16118.html
  • http://41.##1.68.54/+16118.html
  • http://78.##8.18.147/+16118.html
  • http://22#.#3.115.13/+16118.html
  • http://82.##3.221.63/+12373.html
  • http://58.#8.8.189/+16118.html
  • http://84.#.29.47/+16118.html
  • http://11#.#54.178.165/+16118.html
  • http://19#.#69.218.149/+16118.html
  • http://82.##9.127.108/+16118.html
  • http://85.##6.255.123/+16118.html
  • http://22#.#6.6.230/+16118.html
  • http://78.##5.47.227/+16118.html
  • http://59.##.210.86/+16118.html
  • http://21#.#42.212.31/+16118.html
  • http://12#.#3.105.87/+16118.html
  • http://41.##0.10.146/+12373.html
  • http://89.##.138.116/+12373.html
  • http://58.#46.4.54/+12373.html
  • http://11#.#06.32.223/+12373.html
  • http://21#.#1.202.225/+12373.html
  • http://12#.#33.206.131/+12373.html
  • http://11#.#97.112.105/+12373.html
  • http://11#.#41.41.7/+12373.html
  • http://20#.#60.119.120/+12373.html
  • http://59.##.248.163/+12373.html
  • http://86.##5.240.217/+12373.html
  • http://20#.#9.150.232/+12373.html
  • http://16#.#6.228.56/+12373.html
  • http://20#.#30.145.191/+12373.html
  • http://95.##0.30.23/+12373.html
  • http://85.##7.57.116/+12373.html
  • http://21#.#50.170.26/+12373.html
  • http://78.#.152.158/+12373.html
  • http://11#.#06.35.163/+12373.html
  • http://21#.#12.102.52/+12373.html
  • http://78.##.23.141/+12373.html
  • http://12#.#79.17.243/+12373.html
  • http://87.##.229.210/+12373.html
  • http://21#.#28.216.119/+12373.html
  • http://20#.#2.86.183/+12373.html
  • http://24.##2.201.196/+12373.html
  • http://12#.#11.92.54/+12373.html
  • http://85.#6.3.108/+12373.html
  • http://19#.#00.146.141/+12373.html
  • http://78.##.196.84/+12373.html
  • http://17#.#44.15.155/+12373.html
  • http://22#.#11.79.6/+12373.html
  • http://61.##.240.63/+12373.html
  • http://77.##9.116.126/+12373.html
  • http://84.##9.220.28/+12373.html
  • http://80.##4.71.210/+12373.html
  • http://12#.#38.66.128/+12373.html
  • http://19#.#07.115.91/+12373.html
  • http://11#.#08.201.253/+12373.html
  • http://79.#4.4.66/+12373.html
  • http://20#.#19.75.232/+12373.html
  • http://18#.#5.241.225/+12373.html
  • http://11#.#41.40.178/+12373.html
  • http://81.##.115.138/+12373.html
  • http://80.##2.241.216/+12373.html
  • http://21#.#31.57.239/+12373.html
  • http://87.##.141.148/+12373.html
  • http://11#.#42.144.145/+12373.html
  • http://11#.#41.41.57/+12373.html
  • http://78.##7.114.21/+12373.html
  • http://59.##.219.21/+12373.html
  • http://21#.#0.137.116/+12373.html
  • http://83.##9.11.193/+12373.html
  • http://93.#88.8.66/+12373.html
  • http://19#.#13.68.233/+12373.html
  • http://20#.#1.51.77/+12373.html
  • http://59.##.228.138/+12373.html
  • http://19#.#5.144.163/+12373.html
  • http://12#.#39.146.119/+12373.html
  • http://17#.#44.70.152/+12373.html
  • http://20#.#19.228.166/+12373.html
  • http://85.##6.255.123/+12373.html
  • http://12#.#66.42.229/+12373.html
  • http://11#.#97.115.128/+12373.html
  • http://88.##5.71.68/+12373.html
  • http://93.##3.208.108/+12373.html
  • http://77.##4.48.97/+12373.html
  • http://18#.#0.73.34/+12373.html
  • http://84.##.203.72/+12373.html
  • http://88.##3.230.71/+12373.html
  • http://95.##.103.111/+12373.html
  • http://89.##3.203.165/+12373.html
  • http://11#.#41.41.35/+12373.html
  • http://12#.#3.105.87/+12373.html
  • http://12#.#74.21.99/+12373.html
  • http://89.##5.44.119/+12373.html
  • http://11#.#99.117.217/+12373.html
  • http://60.##9.154.100/+12373.html
  • http://88.##.106.237/+12373.html
  • http://41.##1.68.54/+12373.html
  • http://22#.#18.110.238/+12373.html
  • http://19#.#17.234.9/+12373.html
  • http://85.##0.242.90/+12373.html
  • http://81.##3.129.89/+12373.html
  • http://21#.#05.6.49/+12373.html
  • http://91.##.227.60/+12373.html
  • http://11#.#54.28.193/+12373.html
  • http://11#.#99.115.112/+12373.html
  • http://91.##0.40.138/+12373.html
  • http://82.##9.127.108/+12373.html
  • http://95.##4.2.178/+12373.html
  • http://21#.#2.240.163/+12373.html
  • http://12#.#21.123.63/+12373.html
  • http://83.##.112.182/+12373.html
  • http://21#.#6.132.49/+12373.html
  • http://59.##0.240.98/+12373.html
  • http://79.##3.12.112/+12373.html
  • http://82.##.196.74/+12373.html
  • http://18#.#4.4.161/+12373.html
  • http://77.##.204.31/+12373.html
  • http://95.##.177.58/+12373.html
  • http://18#.#27.129.97/+12373.html
  • http://17#.88.2.21/+12373.html
  • http://89.##3.142.181/+12373.html
  • http://88.##3.174.191/+12373.html
  • http://77.##.173.135/+12373.html
  • http://12#.#7.160.81/+12373.html
  • http://11#.40.1.26/+12373.html
  • http://95.##.167.45/+12373.html
  • http://89.##2.102.203/+12373.html
  • http://18#.#1.86.103/+12373.html
  • http://81.##3.159.26/+12373.html
  • http://21#.#19.194.130/+12373.html
  • http://12#.#90.207.50/+12373.html
  • http://59.##.190.60/+12373.html
  • http://85.##0.24.145/+12373.html
  • http://20#.68.50.2/+12373.html
  • http://86.##.126.79/+12373.html
  • http://11#.#99.114.246/+12373.html
  • http://11#.#9.172.89/+12373.html
  • http://12#.#43.33.50/+12373.html
  • http://12#.#0.230.6/+12373.html
  • http://83.##4.167.52/+12373.html
  • http://22#.#36.131.125/+12373.html
  • http://21#.#44.187.199/+12373.html
  • http://89.##2.66.80/+12373.html
  • http://21#.#3.74.241/+12373.html
  • http://11#.#54.180.252/+12373.html
  • http://18#.#9.68.85/+12373.html
  • http://18#.#22.62.250/+12373.html
  • http://95.#3.23.36/+12373.html
  • http://11#.#97.121.99/+12373.html
  • http://95.##6.209.130/+12373.html
  • http://83.#7.12.74/+12373.html
  • http://11#.#41.40.159/+12373.html
  • http://19#.#48.200.251/+12373.html
  • http://11#.#7.178.203/+12373.html
  • http://84.#.29.47/+12373.html
  • http://17#.#1.205.14/+12373.html
  • http://78.##.24.108/+12373.html
  • http://79.##9.31.116/+12373.html
  • http://17#.#44.13.84/+12373.html
  • http://95.##6.173.212/+12373.html
  • http://21#.#42.212.31/+12373.html
  • http://77.##2.5.218/+12373.html
  • http://21#.#5.32.117/+12373.html
  • http://80.##1.56.54/+12373.html
  • http://90.##0.221.64/+12373.html
  • http://81.##5.164.52/+12373.html
  • http://20#.#71.178.39/+12373.html
  • http://20#.#64.33.2/+12373.html
  • http://22#.#1.224.93/+12373.html
  • http://18#.#16.176.131/+12373.html
  • http://61.#.86.211/+12373.html
  • http://21#.#0.134.129/+12373.html
  • http://11#.#99.117.228/+12373.html
  • http://18#.#6.135.106/+12373.html
  • http://18#.#31.221.132/+12373.html
  • http://83.##.75.142/+12373.html
  • http://17#.#44.12.19/+12373.html
  • http://21#.#81.149.162/+12373.html
  • http://84.##.176.227/+12373.html
  • http://22#.#36.142.63/+12373.html
  • http://83.##3.188.59/+12373.html
  • http://85.##.185.143/+12373.html
  • http://78.##.157.80/+12373.html
  • http://20#.#5.242.65/+12373.html
  • http://19#.#0.40.81/+12373.html
  • http://80.#91.68.8/+12373.html
  • http://83.##.191.235/+12373.html
  • http://11#.#4.56.147/+12373.html
  • http://17#.#44.50.173/+12373.html
  • http://12#.#38.66.252/+12373.html
  • http://21#.#14.37.106/+12373.html
  • http://88.##6.79.53/+12373.html
  • http://81.##4.146.201/+12373.html
  • http://78.##8.18.147/+12373.html
  • http://21#.#0.222.99/+12373.html
  • http://95.##6.206.174/+12373.html
  • http://21#.#0.226.152/+12373.html
  • http://12#.#38.66.38/+12373.html
  • http://11#.#62.6.44/+12373.html
  • http://85.##.183.163/+12373.html
  • http://11#.#02.186.22/+12373.html
  • http://59.##.210.86/+12373.html
  • http://21#.#73.242.137/+12373.html
  • http://89.##7.75.85/+12373.html
  • http://82.##.177.62/+12373.html
  • http://83.##.96.188/+12373.html
  • http://41.##3.86.79/+12373.html
  • http://12#.#05.146.223/+12373.html
  • http://21#.#52.114.48/+12373.html
  • http://19#.#05.222.20/+12373.html
  • http://88.##.249.111/+12373.html
  • http://19#.#17.221.150/+12373.html
  • http://20#.#0.117.44/+12373.html
  • http://18#.#4.152.34/+12373.html
  • http://83.##.51.230/+12373.html
  • http://21#.#23.84.207/+12373.html
  • http://89.##1.44.30/+12373.html
  • http://12#.#42.25.16/+12373.html
  • http://94.##.16.116/+12373.html
  • http://18#.2.151.6/+12373.html
  • http://93.##.14.187/+12373.html
  • http://21#.#20.91.2/+16118.html
Miscellaneous:
Creates and executes the following:
  • 'C:\lsass.exe' exe <Full path to file>
  • '<Full path to file>' force
Executes the following:
  • '%WINDIR%\XXInstall\ps.exe' exe <Full path to file>

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play