Trojan.MulDrop29.3764

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22531' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7782' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21988' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28046' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10372' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6715' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1370' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8997' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16352' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16839' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30676' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27266' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29928' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30333' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28400' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15480' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22419' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12592' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26610' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '704' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10736' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18003' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30543' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4925' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11859' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10136' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5628' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10957' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32543' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27682' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5248' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7120' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29851' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21686' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7366' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1135' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7402' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13716' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11351' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2504' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28846' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4376' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9443' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13870' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26835' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11454' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2361' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4371' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30241' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24127' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10007' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9690' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14275' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31159' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25712' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22158' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7669' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25122' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24533' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7469' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3407' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29697' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26466' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19373' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13454' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2114' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22275' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30113' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3602' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5904' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16762' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26481' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28558' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31328' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '324' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5499' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6166' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26584' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17598' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23907' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11679' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17019' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32190' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25553' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30061' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2873' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25815' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21881' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13521' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21399' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29292' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3248' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7079' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7838' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2976' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7823' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27210' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8176' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28194' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20968' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17049' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11992' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20886' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1396' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29579' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19019' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8243' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22389' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6346' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26938' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15321' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19244' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8515' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19163' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31066' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16121' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22168' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12136' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15413' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23984' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2140' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6176' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21752' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24091' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26548' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11561' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27030' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32610' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22783' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18850' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10490' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18367' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4048' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21491' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13023' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6427' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30308' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18014' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24758' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1227' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10946' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10567' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16906' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5469' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20563' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '32179' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14198' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5212' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19358' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3315' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22117' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13649' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15521' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5484' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30087' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15767' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9536' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15803' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12659' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31836' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19188' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26543' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17973' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10202' = '<Full path to file>'
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2991' = '<Full path to file>'

Malicious functions

To bypass firewall, removes or modifies the following registry keys

[HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'

Launches a large number of processes

Modifies file system

Creates the following files

C:\lsass.exe

Network activity

Connects to

'11#.#5.90.224':3128
'12#.#38.124.229':3128
'24.##8.74.91':3128
'82.##7.136.54':3128
'20#.#43.63.23':3128
'78.##.167.42':3128
'82.##1.119.31':3128
'22#.#12.239.225':3128
'72.#31.89.7':3128
'19#.#7.242.6':3128
'11#.#54.190.226':3128
'16#.#46.219.24':3128
'18#.#2.244.10':3128
'24.##1.155.22':3128
'75.##0.202.167':3128
'19#.#98.252.27':3128
'92.##.201.174':3128
'11#.#2.140.228':3128
'67.##4.228.190':3128
'11#.#62.7.152':3128
'19#.#06.210.150':3128
'69.##5.90.14':3128
'20#.#10.86.8':3128
'19#.#98.158.205':3128
'19#.#1.205.76':3128
'19#.#9.79.85':3128
'87.##6.251.221':3128
'19#.#49.156.176':3128
'20#.#4.200.198':3128
'67.##2.55.202':3128
'89.##8.253.200':3128
'19#.#09.66.244':3128
'97.##.24.152':3128
'21#.#31.114.204':3128
'89.##.248.30':3128
'22#.#21.137.112':3128
'11#.#66.71.13':3128
'11#.#97.2.66':3128
'68.##.198.131':3128
'19#.#73.75.11':3128
'86.##.139.19':3128
'87.##6.41.231':3128
'89.##.94.130':3128
'69.##1.89.102':3128
'76.##.123.28':3128
'19#.#7.255.61':3128
'19#.#37.206.244':3128
'93.##3.11.83':3128
'19#.#7.48.16':3128
'18#.#04.218.52':3128
'76.##.179.145':3128
'62.##5.124.82':3128
'20#.#8.152.74':3128
'20#.#73.11.235':3128
'11#.#4.234.237':3128
'86.##.164.92':3128
'18#.#0.57.24':3128
'20#.#2.10.16':3128
'22#.#61.135.65':3128
'60.##.188.190':3128
'20#.#5.131.109':3128
'83.##.149.206':3128
'12#.#9.152.99':3128
'72.##6.65.161':3128
'20#.#05.149.42':3128
'12#.#31.28.47':3128
'20#.#5.152.34':3128
'67.##1.137.134':3128
'20#.#52.145.21':3128
'19#.#04.187.119':3128
'22#.#38.228.160':3128
'78.##.210.31':3128
'22#.#01.149.150':3128
'20#.#4.205.137':3128
'24.#.12.235':3128
'75.##.87.119':3128
'20#.#5.132.165':3128
'70.##7.56.37':3128
'20#.#7.220.197':3128
'68.##9.49.117':3128
'20#.#.155.119':3128
'68.##.139.244':3128
'88.##8.33.218':3128
'84.##8.117.46':3128
'21#.#5.199.194':3128
'20#.#.129.103':3128
'75.##.31.100':3128
'11#.#43.14.15':3128
'89.##.187.86':3128
'80.##.139.153':3128
'76.##6.42.189':3128
'18#.#20.178.25':3128
'84.##.144.188':3128
'86.##6.14.42':3128
'11#.#5.228.209':3128
'69.#07.0.14':3128
'20#.#55.158.93':3128
'98.##4.149.92':3128
'11#.#5.130.229':3128
'92.##0.118.228':3128
'17#.#00.165.202':3128
'16#.#32.242.201':3128
'67.##1.139.79':3128
'79.##8.33.238':3128
'18#.#.230.159':3128
'77.##2.202.168':3128
'19#.#9.13.58':3128
'87.##7.120.157':3128
'77.##7.132.23':3128
'20#.#9.201.32':3128
'80.##6.242.104':3128
'20#.#20.249.179':3128
'68.##5.124.123':3128
'21#.#51.110.57':3128
'12#.#25.41.58':3128
'21#.#27.18.93':3128
'19#.#58.0.164':3128
'68.##.236.201':3128
'21#.#88.235.88':3128
'89.##5.38.55':3128
'12#.#62.63.207':3128
'91.#2.39.2':3128
'81.##1.54.11':3128
'67.#2.3.13':3128
'78.#8.37.39':3128
'20#.#58.26.200':3128
'18#.#7.73.247':3128
'77.##8.10.228':3128
'24.##9.121.0':3128
'20#.#49.82.170':3128
'18#.#8.229.150':3128
'62.##9.153.204':3128
'18#.#03.97.52':3128
'77.##.13.183':3128
'20#.#.205.176':3128
'80.##3.159.169':3128
'20#.#13.40.160':3128
'22#.#39.163.216':3128
'78.##.65.162':3128
'22#.#01.32.142':3128
'92.##.24.192':3128
'19#.#64.136.46':3128
'18#.#4.99.231':3128
'18#.#0.242.232':3128
'12#.#31.220.21':3128
'21#.#48.255.97':3128
'20#.#49.64.197':3128
'69.##9.80.49':3128
'87.##6.105.67':3128
'88.##2.152.120':3128
'18#.#1.41.99':3128
'19#.#00.64.87':3128
'18#.#.204.156':3128
'24.##1.44.232':3128

Miscellaneous

Creates and executes the following

'C:\lsass.exe' exe <Full path to file>

Executes the following

'<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней