Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15116' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9888' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31941' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5002' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31731' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13845' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18563' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8320' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31700' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28403' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '651' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31249' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27071' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10490' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '20823' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18595' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27380' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7340' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5720' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21252' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14695' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11209' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5201' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27994' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14385' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25614' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24482' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6051' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8897' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15109' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3739' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26521' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15208' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15355' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19035' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14506' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19837' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21363' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27590' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29551' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11528' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25724' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5532' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24675' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9358' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4431' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4389' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29472' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12168' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21032' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4059' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9201' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14249' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26584' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30311' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '12918' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6129' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8399' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25603' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16666' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '620' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27873' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2853' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '311' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '3340' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11539' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10407' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24744' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29430' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5778' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26741' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6092' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23873' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19853' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22002' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23082' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25331' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1490' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31191' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2339' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2989' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27270' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '2292' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15906' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26893' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '11020' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26683' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19863' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14338' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15775' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '672' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29661' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15156' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28371' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26201' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22023' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '5442' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '16314' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13515' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21127' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24246' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28481' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15198' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31469' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '7188' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9930' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8797' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23134' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22432' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29152' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1160' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19963' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13085' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21373' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13987' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13206' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9458' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14789' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30919' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29902' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9301' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21944' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21902' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '14218' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15937' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '29682' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1123' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19386' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15565' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '13547' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9940' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '22474' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27863' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '31600' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '18474' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6480' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '24503' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '26872' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10737' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '9421' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '30489' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6758' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15245' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25063' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10118' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10019' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '4750' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '21237' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '17426' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10470' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '28020' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10076' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23292' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '19004' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1411' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '27532' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '25913' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '23045' = '<Full path to file>'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '15596' = '<Full path to file>'
Malicious functions
To bypass firewall, removes or modifies the following registry keys
- [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Launches a large number of processes
Modifies file system
Creates the following files
- C:\lsass.exe
Network activity
Connects to
- '19#.#7.194.91':3128
- '70.##.221.230':3128
- '24.##2.66.136':3128
- '88.##6.39.70':3128
- '19#.#97.235.233':3128
- '20#.#49.66.233':3128
- '93.##.198.215':3128
- '74.##.229.18':3128
- '81.##.178.223':3128
- '17#.#8.35.43':3128
- '19#.#10.210.249':3128
- '18#.#6.69.56':3128
- '82.#0.97.10':3128
- '93.##2.18.197':3128
- '83.##7.27.91':3128
- '19#.#10.212.37':3128
- '93.##6.211.243':3128
- '89.##6.160.80':3128
- '85.##7.235.212':3128
- '15#.#2.171.210':3128
- '68.#.89.93':3128
- '94.##8.73.218':3128
- '83.##3.181.27':3128
- '92.##7.27.61':3128
- '19#.#0.204.181':3128
- '83.##8.246.58':3128
- '88.##5.130.250':3128
- '78.#8.57.82':3128
- '96.##.29.193':3128
- '66.#.186.32':3128
- '85.##3.106.231':3128
- '19#.#03.157.175':3128
- '82.##4.132.226':3128
- '18#.#4.153.216':3128
- '94.##0.2.168':3128
- '78.##.132.216':3128
- '95.##0.7.103':3128
- '19#.#59.78.58':3128
- '18#.#0.104.81':3128
- '99.##5.102.167':3128
- '62.#3.96.25':3128
- '74.##.222.247':3128
- '14#.#29.202.106':3128
- '19#.#53.3.193':3128
- '21#.#7.128.4':3128
- '89.##5.38.55':3128
- '66.#7.53.62':3128
- '83.##5.87.73':3128
- '79.##2.156.150':3128
- '76.#5.59.59':3128
- '18#.#5.20.49':3128
- '84.##0.107.220':3128
- '89.##.63.214':3128
- '88.##7.188.31':3128
- '85.##6.16.248':3128
- '72.##8.61.162':3128
- '96.##.21.179':3128
- '19#.#20.116.74':3128
- '78.##.150.87':3128
- '20#.#26.194.243':3128
- '78.##.60.101':3128
- '20#.#7.119.37':3128
- '75.##2.28.160':3128
- '92.##.226.31':3128
- '89.##.49.183':3128
- '78.##.214.156':3128
- '83.##.201.101':3128
- '78.##3.76.17':3128
- '12#.#38.145.126':3128
- '21#.#46.232.162':3128
- '81.##4.157.121':3128
- '79.##6.140.234':3128
- '80.##2.50.172':3128
- '89.##6.134.251':3128
- '85.##.251.133':3128
- '79.##.58.229':3128
- '85.##1.181.176':3128
- '15#.#4.180.246':3128
- '67.##7.119.211':3128
- '59.##.171.133':3128
- '77.##6.207.125':3128
- '75.##4.74.25':3128
- '21#.#06.172.8':3128
- '78.##.121.236':3128
- '85.##1.143.183':3128
- '19#.#6.103.100':3128
- '69.##6.200.241':3128
- '20#.#43.209.219':3128
- '61.##.209.29':3128
- '78.#9.29.58':3128
- '76.##7.169.76':3128
- '68.#48.8.84':3128
- '90.##5.122.87':3128
- '89.##.104.90':3128
- '20#.#46.230.2':3128
- '89.##.127.117':3128
- '85.##7.139.25':3128
- '89.##5.185.80':3128
- '18#.#3.239.15':3128
- '68.##2.84.184':3128
- '82.##.232.100':3128
- '20#.#8.198.215':3128
- '87.##.200.56':3128
- '19#.#13.35.88':3128
- '20#.#76.4.219':3128
- '19#.#9.253.138':3128
- '12#.#85.50.36':3128
- '20#.#1.137.105':3128
- '18#.#4.16.102':3128
- '89.##.187.86':3128
- '12#.#44.227.211':3128
- '18#.#02.7.191':3128
- '86.##.136.109':3128
- '88.##5.124.142':3128
- '82.#9.86.31':3128
- '17#.#3.47.108':3128
- '89.##8.64.84':3128
- '13#.#11.135.214':3128
- '78.##.96.232':3128
- '14#.#61.47.226':3128
- '18#.#20.3.18':3128
- '24.##.247.153':3128
- '17#.#5.130.196':3128
- '64.##8.212.41':3128
- '69.##5.17.215':3128
- '98.##2.142.139':3128
- '21#.#2.114.246':3128
- '71.##9.47.110':3128
- '99.##8.227.3':3128
- '71.##.248.79':3128
- '11#.#66.70.125':3128
- '79.##2.11.220':3128
- '70.##.137.114':3128
- '82.##2.182.2':3128
- '75.##.184.145':3128
- '21#.#44.254.34':3128
- '21#.#07.221.117':3128
- '95.#6.0.161':3128
- '19#.#0.59.194':3128
- '99.##8.209.16':3128
- '24.##.145.138':3128
- '24.##8.212.53':3128
- '67.##.158.50':3128
- '87.#.153.216':3128
- '74.#6.42.68':3128
- '79.#.41.183':3128
- '59.##.215.23':3128
- '95.##.201.237':3128
- '68.##.130.204':3128
- '93.##.41.179':3128
- '18#.#1.244.33':3128
Miscellaneous
Creates and executes the following
- 'C:\lsass.exe' exe <Full path to file>
Executes the following
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"
