Защити созданное

Другие наши ресурсы

  • free.drweb.kz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.kz — сетевая лечащая утилита Dr.Web CureNet!
Закрыть

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

+ Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск
Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

KZ

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader26.50958

Добавлен в вирусную базу Dr.Web: 2018-06-15

Описание добавлено:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22324' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17460' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7512' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8481' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31755' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18053' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8274' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16207' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2852' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3642' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28877' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28675' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8582' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '240' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22096' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8578' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27403' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20260' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28193' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4409' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1691' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5782' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32362' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6351' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20347' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21624' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13503' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31403' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30892' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5556' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3247' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4120' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7247' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17451' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2027' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24058' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23874' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8491' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32251' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15913' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14270' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32632' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7994' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23456' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2871' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18520' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24241' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32068' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1324' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23846' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4221' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19012' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2288' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1030' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27466' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28478' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23827' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24029' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '447' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22809' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16973' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7310' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15831' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27032' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27706' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3541' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20761' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14756' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6250' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3835' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30612' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3059' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8389' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11860' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25003' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29914' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28574' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23152' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24424' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30328' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31094' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6929' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22202' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21634' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4240' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28165' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18337' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28969' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25880' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26651' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12722' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7117' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24612' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23258' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32063' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28974' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7503' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10987' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20646' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3069' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5363' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2293' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24998' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27224' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17566' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19736' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10886' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11855' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5604' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11773' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1662' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26352' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26448' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29735' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10110' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8669' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23740' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15624' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13204' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19393' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32352' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21152' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6452' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15441' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10997' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10823' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15079' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11589' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6370' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23576' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18356' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2794' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20000' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14780' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31986' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26766' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11204' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28410' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7628' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1599' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9271' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21257' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16038' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '476' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28024' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12462' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7242' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24448' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8886' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3666' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20872' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15652' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '90' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32371' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27152' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6563' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22125' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27345' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9137' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21123' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22767' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7204' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1985' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19190' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13971' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31177' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15614' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10395' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27600' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22381' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27638' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4052' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17161' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12530' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12708' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14568' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29171' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2018' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27827' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12264' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1729' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18934' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30921' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '15358' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10139' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14356' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2182' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16525' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31605' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24062' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1835' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19040' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '13821' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31027' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25807' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10245' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27450' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22231' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6669' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1449' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18655' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16027' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12076' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30641' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '9859' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '27065' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11503' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6283' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23489' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18269' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2707' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '30255' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '14693' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '31899' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '26679' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4056' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '22616' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '17397' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '5411' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '10630' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24549' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '3281' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20486' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4924' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32472' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16910' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '11691' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28896' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '23677' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8115' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '25320' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20101' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4538' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29282' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16043' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32087' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28511' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12949' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7729' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '24935' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '19715' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4153' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '21359' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '16139' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '577' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '28125' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '12563' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '29769' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8500' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '962' = '<Full path to file>'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '20477' = '<Full path to file>'
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Modifies file system:
Creates the following files:
  • C:\lsass.exe
  • <Full path to file>
Network activity:
Connects to:
  • '20#.#4.178.160':3128
  • '87.##0.121.97':3128
  • '93.##3.32.100':3128
  • '19#.#6.68.122':3128
  • '85.##1.75.88':3128
  • '82.##7.55.202':3128
  • '20#.#39.230.195':3128
  • '24.##0.177.144':3128
  • '78.##.228.140':3128
  • '21#.#07.29.216':3128
  • '59.#.100.14':3128
  • '79.##5.64.191':3128
  • '19#.#8.83.165':3128
  • '20#.#4.116.227':3128
  • '86.##.233.153':3128
  • '78.##4.238.77':3128
  • '21#.#16.72.50':3128
  • '68.##.201.239':3128
  • '84.##.94.171':3128
  • '19#.#8.190.188':3128
  • '89.#5.85.68':3128
  • '82.##0.187.97':3128
  • '76.##.29.145':3128
  • '72.##5.227.121':3128
  • '19#.#0.55.99':3128
  • '89.#30.7.8':3128
  • '20#.#22.165.27':3128
  • '19#.#5.110.25':3128
  • '88.##9.17.111':3128
  • '20#.#9.223.250':3128
  • '71.##3.163.37':3128
  • '75.#1.83.29':3128
  • '20#.#8.2.210':3128
  • '89.##5.183.139':3128
  • '21#.#32.128.144':3128
  • '70.##.202.16':3128
  • '20#.#33.128.175':3128
  • '89.##0.120.127':3128
  • '89.##4.140.95':3128
  • '89.##.33.140':3128
  • '22#.#46.180.186':3128
  • '78.##.189.82':3128
  • '89.##4.212.6':3128
  • '93.##5.158.181':3128
  • '71.##7.78.44':3128
  • '87.#.90.176':3128
  • '67.##2.11.22':3128
  • '20#.#2.114.60':3128
  • '21#.#33.12.147':3128
  • '24.##1.2.151':3128
  • '89.##3.151.172':3128
  • '77.##.45.206':3128
  • '84.##5.137.134':3128
  • '85.##.116.219':3128
  • '24.##.175.131':3128
  • '82.##1.107.51':3128
  • '79.##4.242.66':3128
  • '96.##.139.59':3128
  • '85.#6.39.45':3128
  • '82.#41.77.5':3128
  • '20#.#0.132.37':3128
  • '83.##2.208.6':3128
  • '18#.#1.102.244':3128
  • '98.##5.223.4':3128
  • '68.##.225.240':3128
  • '20#.#5.50.254':3128
  • '69.##3.251.8':3128
  • '85.##.46.186':3128
  • '68.##.192.178':3128
  • '78.##.157.105':3128
  • '89.##6.137.228':3128
  • '85.##2.157.70':3128
  • '84.##6.91.230':3128
  • '20#.#33.22.252':3128
  • '81.##5.131.53':3128
  • '98.##0.39.21':3128
  • '80.##9.104.84':3128
  • '89.##9.77.10':3128
  • '20#.#11.53.77':3128
  • '18#.#8.55.24':3128
  • '64.##2.113.59':3128
  • '62.##7.16.70':3128
  • '20#.#6.142.51':3128
  • '93.##.165.54':3128
  • '89.##.145.179':3128
  • '91.##7.152.4':3128
  • '90.##1.41.23':3128
  • '20#.#10.169.58':3128
  • '20#.#17.8.35':3128
  • '24.##4.21.124':3128
  • '90.##8.209.207':3128
  • '82.##8.135.207':3128
  • '88.##2.149.42':3128
  • '21#.#7.23.36':3128
  • '89.##6.57.57':3128
  • '78.#57.0.37':3128
  • '78.##.53.124':3128
  • '86.##6.177.75':3128
  • '87.##0.150.98':3128
  • '68.##7.51.142':3128
  • '88.##3.22.102':3128
  • '78.##.196.53':3128
  • '77.##.62.108':3128
  • '82.##8.61.15':3128
  • '85.##.200.213':3128
  • '20#.#48.54.102':3128
  • '88.##8.60.110':3128
  • '19#.#0.171.130':3128
  • '81.##.151.184':3128
  • '93.##6.69.125':3128
  • '21#.#2.212.54':3128
  • '89.##2.174.242':3128
  • '76.##9.94.110':3128
  • '91.##5.114.6':3128
  • '22#.#2.130.137':3128
  • '72.##0.241.227':3128
  • '88.##6.34.86':3128
  • '20#.#7.9.192':3128
  • '69.##3.253.126':3128
  • '24.##0.28.32':3128
  • '79.##4.227.227':3128
  • '76.##9.56.111':3128
  • '87.##.19.157':3128
  • '89.##.119.125':3128
  • '89.##6.177.135':3128
  • '78.#7.6.147':3128
  • '84.##.106.162':3128
  • '77.##.135.125':3128
  • '19#.#2.53.44':3128
  • '86.##1.25.192':3128
  • '18#.#9.64.237':3128
  • '89.##.121.31':3128
  • '84.##1.139.72':3128
  • '68.##.136.70':3128
  • '77.##6.117.5':3128
  • '20#.#88.255.90':3128
  • '87.##6.105.67':3128
  • '98.##7.165.95':3128
  • '89.##.56.125':3128
  • '68.##7.179.213':3128
  • '21#.#6.192.212':3128
  • '82.##7.242.242':3128
  • '80.##9.117.180':3128
  • '20#.#9.120.112':3128
  • '79.##.200.39':3128
  • '96.##.112.155':3128
  • '99.##5.234.179':3128
  • '20#.#6.66.14':3128
  • '20#.#2.35.195':3128
  • '82.##4.82.17':3128
  • '20#.#7.194.48':3128
  • '87.##6.230.97':3128
  • '80.##3.30.165':3128
  • '82.##7.206.89':3128
  • '19#.5.30.42':3128
  • '80.##.165.89':3128
  • '19#.#4.204.172':3128
  • '84.##7.174.56':3128
  • '19#.#83.136.242':3128
  • '67.##7.132.53':3128
  • '20#.#.111.225':3128
  • '89.##5.116.140':3128
  • '81.##6.134.70':3128
  • '79.##.150.185':3128
  • '70.##0.225.250':3128
  • '89.##5.52.196':3128
  • '19#.#74.130.236':3128
  • '19#.#29.93.210':3128
  • '19#.#58.29.252':3128
  • '68.##9.40.45':3128
  • '21#.#41.92.224':3128
  • '83.##.145.189':3128
  • '78.##.151.215':3128
  • '88.##6.215.72':3128
  • '21#.#0.223.161':3128
  • '64.##.137.184':3128
  • '79.##2.11.250':3128
  • '75.##.114.56':3128
  • '19#.#9.188.246':3128
  • '89.##.40.133':3128
  • '65.##.73.218':3128
  • '78.##.105.37':3128
  • '92.##4.119.219':3128
  • '76.##.13.139':3128
  • '20#.#6.86.191':3128
  • '20#.#0.16.39':3128
  • '68.#.120.249':3128
  • '91.##9.238.68':3128
  • '19#.#00.115.23':3128
  • '24.##5.47.40':3128
  • '89.##4.124.167':3128
  • '60.##3.24.44':3128
  • '84.#.29.177':3128
  • '87.##.137.175':3128
  • '93.##2.155.128':3128
  • '21#.#30.119.106':3128
  • '77.##.158.250':3128
  • '79.#18.5.27':3128
  • '21#.#0.95.10':3128
  • '94.##0.96.102':3128
  • '19#.#77.205.224':3128
  • '85.##5.171.66':3128
  • '89.##.114.94':3128
  • '82.##8.221.234':3128
  • '84.##1.203.233':3128
  • '20#.#6.50.216':3128
  • '67.##1.33.242':3128
  • '85.##5.146.31':3128
  • '82.##1.119.31':3128
  • '21#.#12.26.142':3128
  • '82.##0.47.99':3128
  • '78.##.110.22':3128
  • '20#.#4.98.193':3128
  • '98.#44.33.1':3128
  • '19#.#15.60.224':3128
  • '80.##.100.81':3128
  • '21#.#86.79.206':3128
  • '82.##0.153.53':3128
  • '86.##.24.216':3128
  • '62.##9.136.101':3128
  • '79.##.12.118':3128
  • '78.##.247.68':3128
  • '84.##.250.26':3128
  • '89.##.212.219':3128
  • '88.#67.54.4':3128
  • '67.##.228.153':3128
  • '84.##4.173.94':3128
  • '19#.#57.164.57':3128
  • '84.#1.6.241':3128
  • '18#.#8.49.193':3128
  • '84.##7.208.57':3128
  • '89.##7.70.10':3128
  • '86.#.42.240':3128
  • '67.##3.217.124':3128
  • '77.##2.169.76':3128
  • '71.#3.3.97':3128
  • '19#.#9.18.108':3128
  • '75.##.115.149':3128
  • '93.##2.199.104':3128
  • '69.##.235.18':3128
  • '89.##6.58.181':3128
  • '88.#61.5.61':3128
  • '69.##.59.205':3128
  • '82.##3.47.158':3128
  • '76.##.119.208':3128
  • '89.##5.43.239':3128
  • '21#.#87.104.115':3128
  • '19#.#10.41.99':3128
  • '62.##.232.185':3128
  • '20#.#1.216.53':3128
  • '67.##.215.37':3128
  • '68.##7.179.118':3128
  • '78.#8.79.77':3128
  • '71.##9.84.249':3128
  • '19#.#4.124.227':3128
  • '21#.#3.230.189':3128
  • '79.##2.2.236':3128
  • '21#.#12.80.16':3128
  • '18#.#4.218.151':3128
  • '19#.#3.163.45':3128
  • '20#.#07.17.200':3128
  • '85.##.171.68':3128
  • '82.##0.97.85':3128
  • '69.##0.188.182':3128
  • '84.##.178.107':3128
  • '88.##5.146.127':3128
  • '93.##5.161.174':3128
  • '24.##0.159.165':3128
  • '66.#7.97.32':3128
  • '86.##0.115.204':3128
  • '20#.#3.190.107':3128
  • '18#.#8.229.249':3128
  • '19#.#7.201.210':3128
  • '78.##.51.140':3128
  • '19#.#57.196.141':3128
  • '20#.#7.5.122':3128
  • '24.##.196.202':3128
  • '93.##4.234.145':3128
  • '84.##0.58.244':3128
  • '89.##8.102.2':3128
  • '19#.#2.126.170':3128
  • '88.##6.188.86':3128
  • '20#.#.22.192':3128
  • '85.##.62.165':3128
  • '89.##3.142.181':3128
  • '84.##.205.123':3128
  • '24.##.216.33':3128
  • '79.##6.187.140':3128
  • '69.##3.43.254':3128
  • '88.##3.106.50':3128
  • '84.##.239.237':3128
  • '65.##5.77.107':3128
  • '24.##.216.247':3128
  • '19#.#39.195.34':3128
  • '81.##.21.116':3128
  • '79.#.35.14':3128
  • '20#.#42.95.161':3128
  • '84.##8.172.27':3128
  • '85.##9.112.145':3128
TCP:
HTTP POST requests:
  • http://20#.#4.178.160/+24729.html
  • http://89.##.119.125/+24729.html
  • http://89.##6.177.135/+24729.html
  • http://78.#7.6.147/+24729.html
  • http://84.##.106.162/+24729.html
  • http://98.##0.39.21/+24729.html
  • http://19#.#2.53.44/+24729.html
  • http://82.##8.135.207/+24729.html
  • http://85.##.116.219/+24729.html
  • http://84.##.94.171/+24729.html
  • http://19#.#8.190.188/+24729.html
  • http://89.#5.85.68/+24729.html
  • http://82.##0.187.97/+24729.html
  • http://76.##.29.145/+24729.html
  • http://72.##5.227.121/+24729.html
  • http://19#.#0.55.99/+24729.html
  • http://89.#30.7.8/+24729.html
  • http://20#.#22.165.27/+24729.html
  • http://80.##9.117.180/+24729.html
  • http://19#.#5.110.25/+24729.html
  • http://88.##9.17.111/+24729.html
  • http://91.##5.114.6/+24729.html
  • http://77.##.135.125/+24729.html
  • http://20#.#9.120.112/+24729.html
  • http://79.##.200.39/+24729.html
  • http://96.##.112.155/+24729.html
  • http://99.##5.234.179/+24729.html
  • http://89.##.121.31/+24729.html
  • http://20#.#6.66.14/+24729.html
  • http://20#.#33.22.252/+24729.html
  • http://18#.#9.64.237/+24729.html
  • http://76.##9.56.111/+24729.html
  • http://84.##1.139.72/+24729.html
  • http://22#.#2.130.137/+24729.html
  • http://72.##0.241.227/+24729.html
  • http://88.##6.34.86/+24729.html
  • http://20#.#7.9.192/+24729.html
  • http://69.##3.253.126/+24729.html
  • http://24.##0.28.32/+24729.html
  • http://79.##4.227.227/+24729.html
  • http://84.##6.91.230/+24729.html
  • http://87.##.19.157/+24729.html
  • http://86.##.233.153/+24729.html
  • http://70.##.202.16/+24729.html
  • http://20#.#33.128.175/+24729.html
  • http://89.##0.120.127/+24729.html
  • http://85.#6.39.45/+24729.html
  • http://82.#41.77.5/+24729.html
  • http://20#.#0.132.37/+24729.html
  • http://83.##2.208.6/+24729.html
  • http://18#.#1.102.244/+24729.html
  • http://98.##5.223.4/+24729.html
  • http://68.##.225.240/+24729.html
  • http://20#.#5.50.254/+24729.html
  • http://69.##3.251.8/+24729.html
  • http://85.##.46.186/+24729.html
  • http://68.##.192.178/+24729.html
  • http://78.##.157.105/+24729.html
  • http://89.##6.137.228/+24729.html
  • http://85.##2.157.70/+24729.html
  • http://75.#1.83.29/+24729.html
  • http://20#.#9.223.250/+24729.html
  • http://71.##3.163.37/+24729.html
  • http://19#.#8.83.165/+24729.html
  • http://89.##5.183.139/+24729.html
  • http://20#.#8.2.210/+24729.html
  • http://24.##.175.131/+24729.html
  • http://68.##.201.239/+24729.html
  • http://24.##0.177.144/+24729.html
  • http://78.##.228.140/+24729.html
  • http://87.##0.121.97/+24729.html
  • http://93.##3.32.100/+24729.html
  • http://19#.#6.68.122/+24729.html
  • http://85.##1.75.88/+24729.html
  • http://82.##7.55.202/+24729.html
  • http://20#.#39.230.195/+24729.html
  • http://78.##4.238.77/+24729.html
  • http://21#.#32.128.144/+24729.html
  • http://21#.#07.29.216/+24729.html
  • http://59.#.100.14/+24729.html
  • http://79.##5.64.191/+24729.html
  • http://20#.#4.116.227/+24729.html
  • http://79.##4.242.66/+24729.html
  • http://82.##7.242.242/+24729.html
  • http://20#.#5.50.254/+10339.html
  • http:///+10339.html via 19#.#39.195.34
  • http://88.#61.5.61/+10339.html
  • http://21#.#12.26.142/+10339.html
  • http://78.##.228.140/+10339.html
  • http://89.##4.124.167/+10339.html
  • http://19#.#29.93.210/+10339.html
  • http://88.##6.34.86/+10339.html
  • http://93.##2.199.104/+10339.html
  • http://93.##5.158.181/+10339.html
  • http://85.#6.39.45/+10339.html
  • http://93.##2.155.128/+10339.html
  • http://19#.#74.130.236/+10339.html
  • http://76.##.119.208/+10339.html
  • http://20#.#10.169.58/+10339.html
  • http://82.##0.153.53/+10339.html
  • http://79.##6.187.140/+10339.html
  • http://20#.#.111.225/+10339.html
  • http://84.#1.6.241/+10339.html
  • http://20#.#17.8.35/+10339.html
  • http://68.#.120.249/+10339.html
  • http://18#.#9.64.237/+10339.html
  • http://88.##3.106.50/+10339.html
  • http://88.#67.54.4/+10339.html
  • http://93.##4.234.145/+10339.html
  • http://24.##.216.33/+10339.html
  • http://81.##6.134.70/+10339.html
  • http://67.##1.33.242/+10339.html
  • http://79.#.35.14/+10339.html
  • http://20#.#3.190.107/+10339.html
  • http://89.##3.151.172/+10339.html
  • http://69.##.235.18/+24729.html
  • http://20#.#7.194.48/+10339.html
  • http://20#.#0.132.37/+10339.html
  • http://84.##.239.237/+10339.html
  • http://24.##5.47.40/+10339.html
  • http://84.##7.174.56/+10339.html
  • http://79.#18.5.27/+10339.html
  • http://80.##.165.89/+10339.html
  • http://84.##1.203.233/+10339.html
  • http://68.##7.179.213/+24729.html
  • http://21#.#6.192.212/+24729.html
  • http://20#.#07.17.200/+10339.html
  • http://19#.#6.68.122/+10339.html
  • http://81.##.151.184/+10339.html
  • http://89.##.121.31/+10339.html
  • http://84.##6.91.230/+10339.html
  • http://84.##7.208.57/+10339.html
  • http://21#.#2.212.54/+10339.html
  • http://69.##3.43.254/+10339.html
  • http://24.##.175.131/+10339.html
  • http://92.##4.119.219/+10339.html
  • http://89.##2.174.242/+10339.html
  • http://76.##9.94.110/+24729.html
  • http://68.##.136.70/+24729.html
  • http://77.##6.117.5/+24729.html
  • http://20#.#88.255.90/+24729.html
  • http://87.##6.105.67/+24729.html
  • http://98.##7.165.95/+24729.html
  • http://89.##.56.125/+24729.html
  • http://98.##5.223.4/+10339.html
  • http://77.##2.169.76/+10339.html
  • http://75.##.115.149/+10339.html
  • http://60.##3.24.44/+10339.html
  • http://69.##.59.205/+10339.html
  • http://89.##.212.219/+10339.html
  • http://22#.#46.180.186/+10339.html
  • http://87.##0.121.97/+10339.html
  • http://24.##4.21.124/+10339.html
  • http://78.#7.6.147/+10339.html
  • http://69.##.235.18/+10339.html
  • http://86.##1.25.192/+10339.html
  • http://82.##4.82.17/+10339.html
  • http://20#.#0.16.39/+10339.html
  • http://66.#7.97.32/+10339.html
  • http://76.##9.56.111/+10339.html
  • http://82.##0.187.97/+10339.html
  • http://78.##.105.37/+10339.html
  • http://85.##2.157.70/+10339.html
  • http://68.##7.179.118/+10339.html
  • http://79.##.150.185/+10339.html
  • http://87.##6.105.67/+10339.html
  • http://21#.#16.72.50/+24729.html
  • http://82.##1.107.51/+24729.html
  • http://67.##2.11.22/+24729.html
  • http://78.##.105.37/+24729.html
  • http://92.##4.119.219/+24729.html
  • http://84.##1.203.233/+24729.html
  • http://19#.#29.93.210/+24729.html
  • http://84.##7.174.56/+24729.html
  • http://19#.#83.136.242/+24729.html
  • http://87.##6.230.97/+24729.html
  • http://80.##3.30.165/+24729.html
  • http://80.##.165.89/+24729.html
  • http://89.##5.116.140/+24729.html
  • http://70.##0.225.250/+24729.html
  • http://82.##7.206.89/+24729.html
  • http://19#.5.30.42/+24729.html
  • http://19#.#4.204.172/+24729.html
  • http://89.##5.52.196/+24729.html
  • http://20#.#6.86.191/+24729.html
  • http://89.##.40.133/+24729.html
  • http://67.##7.132.53/+24729.html
  • http://20#.#3.190.107/+24729.html
  • http://20#.#.111.225/+24729.html
  • http://19#.#7.201.210/+24729.html
  • http://78.##.51.140/+24729.html
  • http://20#.#7.5.122/+24729.html
  • http://24.##.196.202/+24729.html
  • http://93.##4.234.145/+24729.html
  • http://67.##.228.153/+24729.html
  • http://84.##0.58.244/+24729.html
  • http://88.#61.5.61/+24729.html
  • http://82.##8.221.234/+24729.html
  • http://19#.#58.29.252/+24729.html
  • http://68.##9.40.45/+24729.html
  • http://21#.#41.92.224/+24729.html
  • http://83.##.145.189/+24729.html
  • http://78.##.151.215/+24729.html
  • http://88.##6.215.72/+24729.html
  • http://64.##.137.184/+24729.html
  • http://21#.#0.223.161/+24729.html
  • http://75.##.114.56/+24729.html
  • http://19#.#9.188.246/+24729.html
  • http://79.##2.11.250/+24729.html
  • http://79.##.150.185/+24729.html
  • http://62.##9.136.101/+24729.html
  • http://77.##.158.250/+24729.html
  • http://85.##5.146.31/+24729.html
  • http://24.##5.47.40/+24729.html
  • http://89.##4.124.167/+24729.html
  • http://60.##3.24.44/+24729.html
  • http://84.#.29.177/+24729.html
  • http://87.##.137.175/+24729.html
  • http://93.##2.155.128/+24729.html
  • http://19#.#00.115.23/+24729.html
  • http://21#.#30.119.106/+24729.html
  • http://79.#18.5.27/+24729.html
  • http://21#.#0.95.10/+24729.html
  • http://94.##0.96.102/+24729.html
  • http://19#.#77.205.224/+24729.html
  • http://85.##5.171.66/+24729.html
  • http://89.##.114.94/+24729.html
  • http://19#.#74.130.236/+24729.html
  • http://81.##6.134.70/+24729.html
  • http://69.##0.188.182/+24729.html
  • http://20#.#6.50.216/+24729.html
  • http://76.##.13.139/+24729.html
  • http://20#.#0.16.39/+24729.html
  • http://68.#.120.249/+24729.html
  • http://21#.#86.79.206/+24729.html
  • http://91.##9.238.68/+24729.html
  • http://82.##1.119.31/+24729.html
  • http://21#.#12.26.142/+24729.html
  • http://78.##.110.22/+24729.html
  • http://82.##0.47.99/+24729.html
  • http://20#.#4.98.193/+24729.html
  • http://79.##.12.118/+24729.html
  • http://78.##.247.68/+24729.html
  • http://98.#44.33.1/+24729.html
  • http://19#.#15.60.224/+24729.html
  • http://80.##.100.81/+24729.html
  • http://82.##0.153.53/+24729.html
  • http://86.##.24.216/+24729.html
  • http://67.##1.33.242/+24729.html
  • http://84.##.250.26/+24729.html
  • http://65.##.73.218/+24729.html
  • http://86.##0.115.204/+24729.html
  • http://89.##5.43.239/+24729.html
  • http://84.##4.173.94/+24729.html
  • http://21#.#87.104.115/+24729.html
  • http://19#.#10.41.99/+24729.html
  • http://62.##.232.185/+24729.html
  • http://20#.#1.216.53/+24729.html
  • http://67.##.215.37/+24729.html
  • http://68.##7.179.118/+24729.html
  • http://78.#8.79.77/+24729.html
  • http://71.##9.84.249/+24729.html
  • http://19#.#4.124.227/+24729.html
  • http://21#.#3.230.189/+24729.html
  • http://79.##2.2.236/+24729.html
  • http://21#.#12.80.16/+24729.html
  • http://20#.#7.194.48/+24729.html
  • http://69.##.59.205/+24729.html
  • http://86.#.42.240/+24729.html
  • http://67.##3.217.124/+24729.html
  • http://84.#1.6.241/+24729.html
  • http://76.##.119.208/+24729.html
  • http://82.##3.47.158/+24729.html
  • http://88.#67.54.4/+24729.html
  • http://89.##8.102.2/+24729.html
  • http://89.##.33.140/+24729.html
  • http://22#.#46.180.186/+24729.html
  • http://78.##.189.82/+24729.html
  • http://89.##4.212.6/+24729.html
  • http://93.##5.158.181/+24729.html
  • http://71.##7.78.44/+24729.html
  • http://89.##4.140.95/+24729.html
  • http://87.#.90.176/+24729.html
  • http://20#.#2.114.60/+24729.html
  • http://21#.#33.12.147/+24729.html
  • http://24.##1.2.151/+24729.html
  • http://89.##3.151.172/+24729.html
  • http://77.##.45.206/+24729.html
  • http://84.##5.137.134/+24729.html
  • http://86.##1.25.192/+24729.html
  • http://82.##4.82.17/+24729.html
  • http://96.##.139.59/+24729.html
  • http://19#.#57.164.57/+24729.html
  • http://18#.#8.49.193/+24729.html
  • http://19#.#57.196.141/+24729.html
  • http://24.##.216.247/+24729.html
  • http://19#.#39.195.34/+24729.html
  • http://81.##.21.116/+24729.html
  • http://79.#.35.14/+24729.html
  • http://20#.#42.95.161/+24729.html
  • http://88.##6.188.86/+24729.html
  • http://84.##8.172.27/+24729.html
  • http://89.##.212.219/+24729.html
  • http://19#.#2.126.170/+24729.html
  • http://18#.#8.229.249/+24729.html
  • http://20#.#.22.192/+24729.html
  • http://84.##.178.107/+24729.html
  • http://88.##5.146.127/+24729.html
  • http://93.##5.161.174/+24729.html
  • http://24.##0.159.165/+24729.html
  • http://66.#7.97.32/+24729.html
  • http://84.##.239.237/+24729.html
  • http://88.##3.106.50/+24729.html
  • http://65.##5.77.107/+24729.html
  • http://69.##3.43.254/+24729.html
  • http://84.##7.208.57/+24729.html
  • http://79.##6.187.140/+24729.html
  • http://89.##7.70.10/+24729.html
  • http://19#.#3.163.45/+24729.html
  • http://89.##6.58.181/+24729.html
  • http://77.##2.169.76/+24729.html
  • http://71.#3.3.97/+24729.html
  • http://19#.#9.18.108/+24729.html
  • http://75.##.115.149/+24729.html
  • http://84.##1.139.72/+10339.html
  • http://90.##1.41.23/+10339.html
  • http://18#.#4.218.151/+24729.html
  • http://20#.#07.17.200/+24729.html
  • http://85.##.171.68/+24729.html
  • http://82.##0.97.85/+24729.html
  • http://85.##.62.165/+24729.html
  • http://89.##3.142.181/+24729.html
  • http://84.##.205.123/+24729.html
  • http://24.##.216.33/+24729.html
  • http://93.##2.199.104/+24729.html
  • http://85.##.116.219/+10339.html
Miscellaneous:
Creates and executes the following:
  • 'C:\lsass.exe' exe <Full path to file>
  • '<Full path to file>' force

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play