Защити созданное

Другие наши ресурсы

  • free.drweb.kz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.kz — сетевая лечащая утилита Dr.Web CureNet!

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск
Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

KZ

RU CN DE EN ES FR IT JP KZ UZ PL BY
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Siggen25.34343

Добавлен в вирусную базу Dr.Web: 2024-02-04

Описание добавлено:

Technical Information

To ensure autorun and distribution
Sets the following service settings
  • [HKLM\System\CurrentControlSet\Services\sfavflt] 'Start' = '00000001'
  • [HKLM\System\CurrentControlSet\Services\sfavflt] 'ImagePath' = 'system32\DRIVERS\sfavflt.sys'
  • [HKLM\System\CurrentControlSet\Services\SfavBoot] 'Start' = '00000001'
  • [HKLM\System\CurrentControlSet\Services\SfavBoot] 'ImagePath' = 'system32\DRIVERS\SfavBoot.sys'
Creates the following services
  • 'sfavflt' system32\DRIVERS\sfavflt.sys
  • 'SfavBoot' system32\DRIVERS\SfavBoot.sys
Malicious functions
Registers file system filter
  • [HKLM\System\CurrentControlSet\Services\sfavflt] 'Group' = 'FSFilter Anti-Virus'
  • [HKLM\System\CurrentControlSet\Services\SfavBoot] 'Group' = 'FSFilter System'
Modifies file system
Creates the following files
  • %TEMP%\nsb402c.tmp\system.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a1ff2830.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a0c3cc86.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a01d1cc2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9e6afd31.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9d520b32.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9d10baaf.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9d04f354.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9c8dfbd4.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9c2e7d30.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9b5697b0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a3418fda.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9b4236e0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\98ec67f0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9899ed09.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\988a38cb.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\97c02ee1.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9781f3de.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9482e63a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\93bc0acc.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\930ac5d2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\91ce3df6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\9007ae68.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\995c496c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a389800b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a389800b.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a52b08c6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b80710ed.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b7a5b843.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b7a5b843.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b75d31cc.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b727005e.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b6c5745d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b66938e9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b433981b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b42ff584.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b204d74a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b1b8a7f3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b1159c4c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b0e59380.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\aee5f10d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ae8153b9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ae1c5a5b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ad088e1d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\accbb471.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\acbb962e.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ab77eaa9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a94d09e5.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a8e3405a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\a8dee976.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8eee9575.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b81b93f0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8ec27e3a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8d86cdd1.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6f2c1157.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6e8ec1c2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6d41d539.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6cc3c4c3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6b99d060.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\68dd7389.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6869459d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\667c66d4.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\663b2fd3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\65b876bd.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6fa5da56.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\653b494a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\63ea8c08.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\62bb4a26.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\62bb4a26.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\627196d2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\626dceaf.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\611d3100.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\607986c7.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\602d1905.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5f618aec.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5f267794.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6410666e.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6faac4e3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\6faac4e3.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\706f604c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8cb5ee0f.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\89087fe6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8867006a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\87e17eb2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\876f1e28.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\861e0100.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8507df1f.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\847e15b6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\823a0832.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8160b96c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8096d0a9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\7f3d5d1d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\7d0b38bd.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\7ae9d87b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\7aaf71c0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\79ad8b43.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\773e07ad.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\7719f463.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\76faf6c0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\76cb8f92.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\75d1b2ed.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\749e9e03.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\7462804f.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\8d89cda1.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b8db54bd.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b8e372ef.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\b95d5958.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f39fc864.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f387163d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f3377b1b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f30dd6ad.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f249de83.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f2487e13.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f180050a.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f180050a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f0c70a8d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f081611a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f7c50c7a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f51bb24c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\eed8c118.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ee64a828.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\eacdeb40.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e8de2f56.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e868b802.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e76df8ed.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e73d606e.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e459a9ca.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e36a6752.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e35234b1.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ef954a4e.0
  • %WINDIR%\temp\udd88be.tmp
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\f90208f7.0
  • <DRIVERS>\sfavboot.sys
  • %WINDIR%\syswow64\drivers\set849a.tmp
  • %WINDIR%\syswow64\drivers\set817e.tmp
  • <DRIVERS>\sfavflt.sys
  • %ProgramFiles%\sf\edr\agent\bin\sfshellext_3536.dll
  • %ProgramFiles%\sf\edr\agent\bin\temp\sfshellext.dll
  • %ProgramFiles%\sf\edr\agent\bin\dsf\param\rknrlminer.ini
  • %ProgramFiles%\sf\edr\agent\bin\dsf\param\runminer.ini
  • %ProgramFiles%\sf\edr\agent\bin\dsf\param\explorerminer.ini
  • %ProgramFiles%\sf\edr\agent\bin\dsf\param\ddriver.ini
  • %ProgramFiles%\sf\edr\agent\bin\dsf\dll\x86\sfvirusclean.dll
  • %ProgramFiles%\sf\edr\agent\bin\dsf\totalconfig.xml
  • %ProgramFiles%\sf\edr\agent\bin\rsmkiller\tag_bf\tag_1_bf
  • %ProgramFiles%\sf\edr\agent\bin\rsmkiller\rsmngav_io.model
  • %ProgramFiles%\sf\edr\agent\bin\rsmkiller\rsmngav.dll
  • %ProgramFiles%\sf\edr\agent\bin\rsmkiller\rsmkiller.dat
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ff59c0a0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ff34af3f.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\feffd413.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\fe8a2cd8.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\fdafbad6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\fcac10e3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\fc5a8f99.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e2eaa95a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ef2f636c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e2799e36.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e18bfb83.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e113c810.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c47d9980.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cbf06781.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cbeee9e2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cb59f961.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cb357862.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cb357862.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ca9229d6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ca6e4ad9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c8a1fab4.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c7f51c60.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c692a373.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c28a8a30.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cc450945.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c0ff1f52.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c089bbbd.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c01eb047.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\c01cdfa2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\bf53fb88.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\bf1c0841.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\bd1910d4.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\bb2d49a0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\baf79f28.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ba89ed3b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5f1e57b2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cd0ac66f.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cc450945.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cd8c0d63.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cc199b3d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\e0a6b46e.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\de6d66f3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\dddecd3b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\dd8e9d41.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\dd181f74.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\dc4d6a89.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\dc45b0bd.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\db65cc5c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\d96734d9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\d957f522.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\d887a5bb.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\d7e8dc79.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\d6325660.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\d5162c3e.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\d4dae3dd.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\d407d33a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ce6ab05b.2
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ce6ab05b.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ce6ab05b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\ce5e74ef.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cdc95418.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cd8c0d63.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\cd58d51e.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\fa5da96b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5f15c80c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\480720ec.0
  • %ProgramFiles%\sf\edr\agent\bin\sfavbdupdate.exe
  • %ProgramFiles%\sf\edr\agent\bin\sfesavehash\save_hashlib.dll
  • %ProgramFiles%\sf\edr\agent\bin\sciter.dll
  • %ProgramFiles%\sf\edr\agent\bin\sciter_skia.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavrk.dll
  • %ProgramFiles%\sf\edr\agent\bin\policy_index_zh.html
  • %ProgramFiles%\sf\edr\agent\bin\policy_index_en.html
  • %ProgramFiles%\sf\edr\agent\bin\sfedevidentifier.exe
  • %ProgramFiles%\sf\edr\agent\bin\sfedevmod.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfvevm.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfealivevirus\alivevirus.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavmtr.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavlog.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavrp.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavtl.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavstg.dll
  • %ProgramFiles%\sf\edr\agent\bin\rxavx.dll
  • %ProgramFiles%\sf\edr\agent\bin\lame.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavlaunch.exe
  • %ProgramFiles%\sf\edr\agent\bin\sfavui.exe
  • %ProgramFiles%\sf\edr\agent\bin\sfavtray.exe
  • %ProgramFiles%\sf\edr\agent\bin\rsmdf_debug.lua
  • %ProgramFiles%\sf\edr\agent\bin\sfrdp.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfealivevirus\mdvirlib
  • %ProgramFiles%\sf\edr\agent\bin\sfealivevirus\mdvirlibv2
  • %ProgramFiles%\sf\edr\agent\bin\sfealivevirus\sfpostrepair.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0810ba98.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\080911ac.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\06dc52d5.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\064e0aa9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\062cdee6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\047fc98a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0435b7f0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\034868d6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\03179a64.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\024dc131.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\02265526.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\00eec925.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\006016b6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\002c0b4f.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\legacy_ca
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\gray_bf
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\black_bf
  • %ProgramFiles%\sf\edr\agent\bin\sffeature\multivir.dat
  • %ProgramFiles%\sf\edr\agent\bin\rootkit\virus_family.ini
  • %ProgramFiles%\sf\edr\agent\bin\rootkit\rkvirlib
  • %ProgramFiles%\sf\edr\agent\bin\rootkit\antirk.sys
  • %ProgramFiles%\sf\edr\agent\bin\rootkit\antirk.pdb
  • %ProgramFiles%\sf\edr\agent\bin\rootkit\antirk.dll
  • %ProgramFiles%\sf\edr\agent\bin\savcmdrun.exe
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\09789157.0
  • %ProgramFiles%\sf\edr\agent\bin\sfavclassifier.dll
  • %ProgramFiles%\sf\edr\agent\bin\libcurl.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavfrep.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavffe.ini
  • %ProgramFiles%\sf\edr\agent\bin\sfavffe.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfaveng.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavcore.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavmd.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavbd.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavcld.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavcfg.ini
  • %ProgramFiles%\sf\edr\agent\bin\sfavcache.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfefileid.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavrtp.dll
  • %ProgramFiles%\sf\edr\agent\bin\save.dll
  • %ProgramFiles%\sf\edr\agent\bin\libvxf.vds
  • %ProgramFiles%\sf\edr\agent\bin\libvxf.vdl
  • %ProgramFiles%\sf\edr\agent\bin\libvxf.tdl
  • %ProgramFiles%\sf\edr\agent\bin\libvxf.dat
  • %ProgramFiles%\sf\edr\agent\bin\msvcr120.dll
  • %ProgramFiles%\sf\edr\agent\bin\msvcp120.dll
  • %ProgramFiles%\sf\edr\agent\bin\install.log
  • %TEMP%\nsb402c.tmp\sfnsiscolib.dll
  • %TEMP%\nsb402c.tmp\simplesc.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavsignature.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfefileidpl.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavqv.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavsave.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavkill.dll
  • %ProgramFiles%\sf\edr\agent\bin\signature.dll
  • %ProgramFiles%\sf\edr\agent\bin\lib7zip.dll
  • %ProgramFiles%\sf\edr\agent\bin\7zip.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfepolicy.dat
  • %ProgramFiles%\sf\edr\agent\bin\nofileatk.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfersmdf.dll
  • %ProgramFiles%\sf\edr\agent\bin\rsmkiller.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavflt.sys
  • %ProgramFiles%\sf\edr\agent\bin\sfavflt.inf
  • %ProgramFiles%\sf\edr\agent\bin\sfavflt.cat
  • %ProgramFiles%\sf\edr\agent\bin\sfavboot.sys
  • %ProgramFiles%\sf\edr\agent\bin\sfavboot.inf
  • %ProgramFiles%\sf\edr\agent\bin\sfavboot.cat
  • %ProgramFiles%\sf\edr\agent\bin\drvinstall32.exe
  • %ProgramFiles%\sf\edr\agent\bin\generalcfg.exe
  • %ProgramFiles%\sf\edr\agent\bin\sfavipc.dll
  • %ProgramFiles%\sf\edr\agent\bin\sqlite3.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfepecert.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfcorlib.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavsvc_ps.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavbreakscan.dll
  • %ProgramFiles%\sf\edr\agent\bin\sfavsvc.exe
  • %ProgramFiles%\sf\edr\agent\bin\sfrcui.exe
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0996ae1d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\09ca81a7.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0a775a30.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4304c5e5.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\42c52aa6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\415660c1.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\415660c1.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\406c9bb1.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\40547a79.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\40547a79.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4042bcee.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\40193066.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3fb36b73.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\442adcac.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4304c5e5.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3ee7e181.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3e45d192.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3e44d2f7.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3c238217.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3bde41ac.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3b2716e5.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3a7f6b22.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\381ce4dd.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3513523f.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\349f2832.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3f2a05af.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5d3033c5.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4597689c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5cd81ad7.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5c44d531.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5bf5f3fa.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5ad8a5d6.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5ad8a5d6.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\58e371b4.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\57bcb2da.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\57bbd831.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\578d5c04.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\562ad774.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\54657681.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5443e9e3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5273a94c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\523e3c59.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\522b8ca3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\50f27ef2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4f9ecf48.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4f316efb.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4c4d14ac.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4bfab552.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4b718d9b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\4a6481c9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\48bec511.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\342d6469.3
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3efd4dc0.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\342d6469.2
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\342d6469.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\342d6469.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0f6fa695.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\15901598.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\157753a5.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\14bc7599.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1391d5b9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\128805a3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\116bf586.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\10e86c82.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\106f3e4d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\101edcbd.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1001acf7.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0f5dc4f3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\16751acf.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0f11b315.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0f11b315.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0d1b923b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0d0c30fe.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0cc73731.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0c4c9b6c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0bf05006.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0b759015.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0b1b94ef.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\0a9d28f5.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\5e98733a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\18856ac4.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1874d4aa.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1d3472b9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1636090b.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\32ac3f96.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\32888f65.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\3280c36a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2e5ac55d.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2e4eed3c.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2c543cd1.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2c3e3f84.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2b349938.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2ae6433e.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2ac960a2.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2a8f6cd3.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2923b3f9.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\24de25ae.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\244b5494.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\2251b13a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1ec4d31a.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1ec4d31a.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1e54e6fa.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1e303de5.1
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1e303de5.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1e09d511.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\1e08bfd1.0
  • %ProgramFiles%\sf\edr\agent\bin\sfesignature\local_certificate\ca_bundles\19cddc25.0
  • %WINDIR%\temp\udd88bf.tmp
Deletes the following files
  • %ProgramFiles%\sf\edr\agent\bin\temp\sfshellext.dll
  • %TEMP%\nsb402c.tmp\sfnsiscolib.dll
  • %TEMP%\nsb402c.tmp\simplesc.dll
  • %TEMP%\nsb402c.tmp\system.dll
  • %WINDIR%\temp\udd88be.tmp
  • %WINDIR%\temp\udd88bf.tmp
Moves the following files
  • from %WINDIR%\syswow64\drivers\set817e.tmp to %WINDIR%\syswow64\drivers\sfavflt.sys
  • from %WINDIR%\syswow64\drivers\set849a.tmp to %WINDIR%\syswow64\drivers\sfavboot.sys
Miscellaneous
Creates and executes the following
  • '%ProgramFiles%\sf\edr\agent\bin\sfavsvc.exe' /service
  • '%ProgramFiles%\sf\edr\agent\bin\sfavsvc.exe' /UpdateServer
  • '%ProgramFiles%\sf\edr\agent\bin\drvinstall32.exe' "%ProgramFiles%\SF\EDR\agent\bin\sfavflt.inf"
  • '%ProgramFiles%\sf\edr\agent\bin\drvinstall32.exe' "%ProgramFiles%\SF\EDR\agent\bin\sfavboot.inf"
  • '%WINDIR%\syswow64\regsvr32.exe' /s /u "%ProgramFiles%\SF\EDR\agent\bin\sfavsvc_ps.dll"' (with hidden window)
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles%\SF\EDR\agent\bin\sfshellext_3536.dll"' (with hidden window)
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles%\SF\EDR\agent\bin\sfavsvc_ps.dll"' (with hidden window)
  • '%ProgramFiles%\sf\edr\agent\bin\drvinstall32.exe' "%ProgramFiles%\SF\EDR\agent\bin\sfavflt.inf"' (with hidden window)
  • '%ProgramFiles%\sf\edr\agent\bin\drvinstall32.exe' "%ProgramFiles%\SF\EDR\agent\bin\sfavboot.inf"' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\regsvr32.exe' /s /u "%ProgramFiles%\SF\EDR\agent\bin\sfavsvc_ps.dll"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles%\SF\EDR\agent\bin\sfshellext_3536.dll"
  • '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles%\SF\EDR\agent\bin\sfavsvc_ps.dll"

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play