ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader48.64808

Добавлен в вирусную базу Dr.Web: 2025-09-12

Описание добавлено:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '12934' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23560' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '32142' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31201' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '9399' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '15706' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31931' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '22727' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '20349' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '20448' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '6302' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27070' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2987' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '17047' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '24690' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '29665' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '7735' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '32454' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '16949' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '17456' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '18182' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '507' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '22621' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '25935' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '22930' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28414' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '8055' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '24895' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '22523' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '12083' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '12388' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '6610' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '20564' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27788' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '1953' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11055' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27065' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4634' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '15499' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '1121' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '18705' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11146' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '16217' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '15693' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '16532' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19429' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27803' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19219' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '8159' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23664' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '29971' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '13428' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4224' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '12389' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '1945' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19942' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '1020' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14039' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27795' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31312' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '16730' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23037' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2465' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '29759' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11459' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28113' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31004' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27688' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2264' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23146' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '17970' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '30482' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2255' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28311' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23047' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11261' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '25418' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14556' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '32451' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '24170' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31519' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '26660' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19209' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '13121' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14056' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '5775' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '3397' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '25411' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '25410' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '8049' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '6189' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '22313' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '22521' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '3094' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19730' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '24380' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '24790' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14882' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4128' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19840' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '24800' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '18897' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '9502' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '26657' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19110' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '12392' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23353' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '30995' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '15077' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14040' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28215' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23254' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '10539' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '9507' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '6812' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28927' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '32145' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '1434' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '6917' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2475' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '17866' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28828' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '29035' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '10836' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11671' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31311' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '15597' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '20967' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '13641' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27077' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '3410' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '20036' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '5161' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2568' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '25010' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '26453' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28622' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '29968' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '21998' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '22837' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '25734' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '9401' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '12910' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '3921' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '13636' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '3508' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19733' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '10529' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '8151' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2772' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '26664' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4648' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14872' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14455' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '18697' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11151' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14976' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '15393' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '811' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '7118' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '6081' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14460' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2371' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23860' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '29344' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11149' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '7227' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27375' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14563' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '8561' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11879' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '9906' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '20869' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '21076' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2877' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4955' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '25414' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '17877' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '13008' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31098' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '10955' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '30166' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '26560' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '32235' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '13635' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '23667' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '32452' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4739' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '32236' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '24582' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '32755' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '814' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '6394' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '17146' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '21587' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28102' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31111' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28411' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4744' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14145' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '31722' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '8975' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '11252' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '12180' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '7841' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '30998' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '30277' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2575' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27479' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '19724' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '20241' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '14053' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4747' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '15709' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '26862' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '29859' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '13323' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '27485' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '17155' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '28515' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '5160' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '12802' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '9081' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '8884' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '3607' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '1848' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '4227' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '2681' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '13626' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '29654' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '915' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '7537' = '<Full path to file>'
  • [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '8043' = '<Full path to file>'
Malicious functions
To bypass firewall, removes or modifies the following registry keys
  • [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
Launches a large number of processes
Modifies file system
Creates the following files
  • C:\lsass.exe
Network activity
Connects to
  • '84.##4.159.65':3128
  • '68.##4.42.224':3128
  • '59.#.25.149':3128
  • '77.##6.111.121':3128
  • '21#.#52.114.48':3128
  • '21#.#05.6.49':3128
  • '83.#6.82.5':3128
  • '17#.#31.5.242':3128
  • '21#.#7.94.88':3128
  • '21#.#2.75.97':3128
  • '21#.#42.212.31':3128
  • '24.##6.8.117':3128
  • '11#.#4.131.242':3128
  • '89.##4.127.222':3128
  • '22#.#41.159.93':3128
  • '12#.#26.56.161':3128
  • '18#.#8.180.19':3128
  • '59.##.58.189':3128
  • '82.##2.221.144':3128
  • '88.##.140.77':3128
  • '59.#5.21.75':3128
  • '12#.#68.82.74':3128
  • '24.##5.13.198':3128
  • '81.##1.154.68':3128
  • '11#.#71.175.159':3128
  • '17#.#62.126.216':3128
  • '65.##.108.44':3128
  • '12#.#73.213.250':3128
  • '18#.#3.61.167':3128
  • '24.#9.6.42':3128
  • '88.##9.56.62':3128
  • '18#.#65.194.164':3128
  • '78.##7.100.116':3128
  • '21#.#67.197.83':3128
  • '21#.#0.208.95':3128
  • '77.##.173.135':3128
  • '83.##.179.48':3128
  • '84.##2.151.196':3128
  • '14#.#29.10.62':3128
  • '81.##3.159.26':3128
  • '18#.#4.152.141':3128
  • '88.##5.140.100':3128
  • '60.##9.251.235':3128
  • '79.#6.5.21':3128
  • '21#.#97.74.131':3128
  • '21#.#24.52.73':3128
  • '85.##2.12.93':3128
  • '59.##6.187.31':3128
  • '81.##.160.171':3128
  • '19#.#10.147.23':3128
  • '82.##6.129.74':3128
  • '99.##4.39.66':3128
  • '90.##7.128.7':3128
  • '12#.#31.186.241':3128
  • '41.##3.57.76':3128
  • '24.##1.142.13':3128
  • '41.##3.57.74':3128
  • '12#.#42.25.16':3128
  • '85.##.200.110':3128
  • '20#.#0.120.166':3128
  • '18#.#22.3.177':3128
  • '90.##7.175.64':3128
  • '41.##6.12.78':3128
  • '21#.#0.232.183':3128
  • '69.##.204.14':3128
  • '81.##4.147.241':3128
  • '76.##5.70.219':3128
  • '11#.#5.233.234':3128
  • '12#.#95.152.116':3128
  • '82.##.196.74':3128
  • '58.##5.171.59':3128
  • '21#.#28.216.119':3128
  • '24.##3.216.218':3128
  • '91.##7.127.149':3128
  • '11#.#4.56.147':3128
  • '19#.#41.113.89':3128
  • '89.##5.44.119':3128
  • '89.##7.75.85':3128
  • '78.##.24.108':3128
  • '21#.#83.59.27':3128
  • '24.##1.74.229':3128
  • '59.##.14.226':3128
  • '85.##8.184.106':3128
  • '61.##.240.63':3128
  • '22#.#3.115.13':3128
  • '71.##8.227.149':3128
  • '94.##5.55.88':3128
  • '12#.#7.160.81':3128
  • '85.##4.172.232':3128
  • '21#.#12.102.193':3128
  • '20#.#2.225.34':3128
  • '95.##5.43.164':3128
  • '89.##3.148.31':3128
  • '89.##3.156.175':3128
  • '76.##6.164.81':3128
  • '20#.#17.144.22':3128
  • '19#.#15.9.189':3128
  • '20#.#09.60.66':3128
  • '85.##8.191.254':3128
  • '20#.#53.148.124':3128
  • '20#.#18.227.202':3128
  • '68.##.110.61':3128
  • '41.##9.39.44':3128
  • '76.##5.8.246':3128
  • '11#.#62.6.44':3128
  • '83.##.55.107':3128
  • '76.##5.21.230':3128
  • '59.##.87.154':3128
  • '81.##.115.138':3128
  • '11#.#2.234.90':3128
  • '76.##4.100.20':3128
  • '19#.#.239.217':3128
  • '95.##.131.102':3128
  • '94.##.202.43':3128
  • '18#.#92.79.157':3128
  • '86.##.117.117':3128
  • '14#.#29.29.94':3128
  • '21#.#83.55.221':3128
  • '76.##5.62.96':3128
  • '17#.#62.102.168':3128
  • '19#.#28.92.90':3128
  • '18#.#10.75.193':3128
  • '81.##7.196.96':3128
  • '12#.#38.112.160':3128
  • '80.##7.88.80':3128
  • '19#.#4.189.176':3128
  • '21#.#16.33.5':3128
  • '83.#0.46.17':3128
  • '11#.#41.40.233':3128
  • '84.##2.148.232':3128
  • '76.##1.143.253':3128
  • '85.##7.57.116':3128
  • '74.##.209.166':3128
  • '19#.#21.72.55':3128
  • '89.##6.80.237':3128
  • '75.##3.159.165':3128
  • '84.##2.132.194':3128
  • '88.##7.21.89':3128
  • '95.##9.239.49':3128
  • '18#.#0.58.107':3128
  • '85.##5.187.67':3128
  • '88.##6.38.243':3128
  • '94.##4.30.80':3128
  • '99.##1.64.240':3128
  • '80.#48.5.28':3128
  • '75.##.177.18':3128
  • '20#.#3.2.172':6667
  • '24.##5.13.198':6667
  • '18#.#22.3.177':6667
  • '21#.#4.4.226':6667
TCP
HTTP POST requests
  • http://89.##6.80.237/+11925.html
Miscellaneous
Creates and executes the following
  • 'C:\lsass.exe' exe <Full path to file>
Executes the following
  • '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play