ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.DownLoader26.39323

Added to the Dr.Web virus database: 2018-04-21

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WikiZ' = '%APPDATA%\WikiZ\WikiZ.exe su'
Malicious functions:
Executes the following:
  • '<SYSTEM32>\taskkill.exe' /F /IM au.exe
Modifies file system:
Creates the following files:
  • %APPDATA%\WikiZ\AutoUpdater.Config
  • %TEMP%\nw2960_24220\node_modules\node-uuid\benchmark\bench.sh
  • %TEMP%\nw2960_24220\node_modules\node-uuid\benchmark\benchmark-native.c
  • %TEMP%\nw2960_24220\node_modules\node-uuid\benchmark\benchmark.js
  • %TEMP%\nw2960_24220\node_modules\node-uuid\bower.json
  • %TEMP%\nw2960_24220\node_modules\node-uuid\component.json
  • %TEMP%\nw2960_24220\node_modules\node-uuid\benchmark\README.md
  • %TEMP%\nw2960_24220\node_modules\node-uuid\benchmark\bench.gnu
  • %TEMP%\nw2960_24220\node_modules\node-uuid\package.json
  • %TEMP%\nw2960_24220\node_modules\node-uuid\test\test.js
  • %TEMP%\nw2960_24220\node_modules\node-uuid\uuid.js
  • %TEMP%\nw2960_24220\node_modules\oauth-sign\README.md
  • %TEMP%\nw2960_24220\node_modules\oauth-sign\index.js
  • %TEMP%\nw2960_24220\node_modules\oauth-sign\package.json
  • %TEMP%\nw2960_24220\node_modules\node-uuid\test\compare_v1.js
  • %TEMP%\nw2960_24220\node_modules\node-uuid\test\test.html
  • %TEMP%\nw2960_24220\node_modules\pinkie-promise\index.js
  • %TEMP%\nw2960_24220\node_modules\oauth-sign\test.js
  • %TEMP%\nw2960_24220\node_modules\mime-types\package.json
  • %TEMP%\nw2960_24220\node_modules\lru-cache\test\basic.js
  • %TEMP%\nw2960_24220\node_modules\lru-cache\test\foreach.js
  • %TEMP%\nw2960_24220\node_modules\lru-cache\test\memory-leak.js
  • %TEMP%\nw2960_24220\node_modules\lru-cache\test\serialize.js
  • %TEMP%\nw2960_24220\node_modules\node-uuid\LICENSE.md
  • %TEMP%\nw2960_24220\node_modules\lru-cache\lib\lru-cache.js
  • %TEMP%\nw2960_24220\node_modules\node-uuid\README.md
  • %TEMP%\nw2960_24220\node_modules\mime-db\HISTORY.md
  • %TEMP%\nw2960_24220\node_modules\mime-db\package.json
  • %TEMP%\nw2960_24220\node_modules\mime-types\HISTORY.md
  • %TEMP%\nw2960_24220\node_modules\mime-types\README.md
  • %TEMP%\nw2960_24220\node_modules\mime-types\index.js
  • %TEMP%\nw2960_24220\node_modules\mime-db\README.md
  • %TEMP%\nw2960_24220\node_modules\mime-db\db.json
  • %TEMP%\nw2960_24220\node_modules\mime-db\index.js
  • %TEMP%\nw2960_24220\node_modules\locks\index.js
  • %TEMP%\nw2960_24220\node_modules\pinkie-promise\package.json
  • %TEMP%\nw2960_24220\node_modules\qs\test\index.js
  • %TEMP%\nw2960_24220\node_modules\qs\test\stringify.js
  • %TEMP%\nw2960_24220\node_modules\qs\test\utils.js
  • %TEMP%\nw2960_24220\node_modules\readable-stream\README.md
  • %TEMP%\nw2960_24220\node_modules\readable-stream\doc\stream.markdown
  • %TEMP%\nw2960_24220\node_modules\qs\package.json
  • %TEMP%\nw2960_24220\node_modules\readable-stream\doc\wg-meetings\2015-01-30.md
  • %TEMP%\nw2960_24220\node_modules\qs\test\parse.js
  • %TEMP%\nw2960_24220\node_modules\readable-stream\lib\_stream_duplex.js
  • %TEMP%\nw2960_24220\node_modules\readable-stream\lib\_stream_readable.js
  • %TEMP%\nw2960_24220\node_modules\readable-stream\lib\_stream_transform.js
  • %TEMP%\nw2960_24220\node_modules\readable-stream\lib\_stream_writable.js
  • %TEMP%\nw2960_24220\node_modules\readable-stream\package.json
  • %TEMP%\nw2960_24220\node_modules\readable-stream\duplex.js
  • %TEMP%\nw2960_24220\node_modules\qs\lib\utils.js
  • %TEMP%\nw2960_24220\node_modules\readable-stream\lib\_stream_passthrough.js
  • %TEMP%\nw2960_24220\node_modules\qs\lib\stringify.js
  • %TEMP%\nw2960_24220\node_modules\qs\lib\parse.js
  • %TEMP%\nw2960_24220\node_modules\pinkie\index.js
  • %TEMP%\nw2960_24220\node_modules\pinkie\readme.md
  • %TEMP%\nw2960_24220\node_modules\process-nextick-args\index.js
  • %TEMP%\nw2960_24220\node_modules\process-nextick-args\license.md
  • %TEMP%\nw2960_24220\node_modules\process-nextick-args\package.json
  • %TEMP%\nw2960_24220\node_modules\process-nextick-args\readme.md
  • %TEMP%\nw2960_24220\node_modules\process-nextick-args\test.js
  • %TEMP%\nw2960_24220\node_modules\pinkie\package.json
  • %TEMP%\nw2960_24220\node_modules\qs\CHANGELOG.md
  • %TEMP%\nw2960_24220\node_modules\qs\README.md
  • %TEMP%\nw2960_24220\node_modules\qs\bower.json
  • %TEMP%\nw2960_24220\node_modules\qs\component.json
  • %TEMP%\nw2960_24220\node_modules\qs\dist\qs.js
  • %TEMP%\nw2960_24220\node_modules\qs\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\lru-cache\README.md
  • %TEMP%\nw2960_24220\node_modules\qs\CONTRIBUTING.md
  • %TEMP%\nw2960_24220\node_modules\lru-cache\package.json
  • %TEMP%\nw2960_24220\node_modules\locks\package.json
  • %TEMP%\nw2960_24220\node_modules\locks\component.json
  • %TEMP%\nw2960_24220\node_modules\readable-stream\readable.js
  • %TEMP%\nw2960_24220\node_modules\isarray\component.json
  • %TEMP%\nw2960_24220\node_modules\isarray\index.js
  • %TEMP%\nw2960_24220\node_modules\isarray\package.json
  • %TEMP%\nw2960_24220\node_modules\is-typedarray\package.json
  • %TEMP%\nw2960_24220\node_modules\isstream\LICENSE.md
  • %TEMP%\nw2960_24220\node_modules\isstream\isstream.js
  • %TEMP%\nw2960_24220\node_modules\isarray\build\build.js
  • %TEMP%\nw2960_24220\node_modules\isstream\package.json
  • %TEMP%\nw2960_24220\node_modules\jodid25519\AUTHORS.md
  • %TEMP%\nw2960_24220\node_modules\jodid25519\README.md
  • %TEMP%\nw2960_24220\node_modules\jodid25519\almond.0
  • %TEMP%\nw2960_24220\node_modules\isstream\README.md
  • %TEMP%\nw2960_24220\node_modules\is-typedarray\index.js
  • %TEMP%\nw2960_24220\node_modules\readable-stream\passthrough.js
  • %TEMP%\nw2960_24220\node_modules\isstream\test.js
  • %TEMP%\nw2960_24220\node_modules\isarray\README.md
  • %TEMP%\nw2960_24220\node_modules\is-typedarray\README.md
  • %TEMP%\nw2960_24220\node_modules\is-typedarray\LICENSE.md
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\patternProperties.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\properties.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\ref.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\refRemote.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\required.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\oneOf.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\type.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\misc.js
  • %TEMP%\nw2960_24220\node_modules\is-property\README.md
  • %TEMP%\nw2960_24220\node_modules\is-property\is-property.js
  • %TEMP%\nw2960_24220\node_modules\is-property\package.json
  • %TEMP%\nw2960_24220\node_modules\jodid25519\almond.1
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\uniqueItems.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\nullAndObject.json
  • %TEMP%\nw2960_24220\node_modules\is-typedarray\test.js
  • %TEMP%\nw2960_24220\node_modules\pinkie-promise\readme.md
  • %TEMP%\nw2960_24220\node_modules\jodid25519\index.js
  • %TEMP%\nw2960_24220\node_modules\jodid25519\lib\eddsa.js
  • %TEMP%\nw2960_24220\node_modules\json-stringify-safe\test\stringify_test.js
  • %TEMP%\nw2960_24220\node_modules\jsonpointer\README.md
  • %TEMP%\nw2960_24220\node_modules\jsonpointer\jsonpointer.js
  • %TEMP%\nw2960_24220\node_modules\json-stringify-safe\README.md
  • %TEMP%\nw2960_24220\node_modules\jsonpointer\package.json
  • %TEMP%\nw2960_24220\node_modules\jsprim\CHANGES.md
  • %TEMP%\nw2960_24220\node_modules\json-stringify-safe\test\mocha.opts
  • %TEMP%\nw2960_24220\node_modules\jsprim\README.md
  • %TEMP%\nw2960_24220\node_modules\jsprim\package.json
  • %TEMP%\nw2960_24220\node_modules\locks\CHANGELOG.md
  • %TEMP%\nw2960_24220\node_modules\locks\README.md
  • %TEMP%\nw2960_24220\node_modules\jsonpointer\test.js
  • %TEMP%\nw2960_24220\node_modules\json-stringify-safe\CHANGELOG.md
  • %TEMP%\nw2960_24220\node_modules\jodid25519\lib\core.js
  • %TEMP%\nw2960_24220\node_modules\jsprim\lib\jsprim.js
  • %TEMP%\nw2960_24220\node_modules\json-stringify-safe\stringify.js
  • %TEMP%\nw2960_24220\node_modules\json-schema\test\tests.js
  • %TEMP%\nw2960_24220\node_modules\json-schema\package.json
  • %TEMP%\nw2960_24220\node_modules\jodid25519\lib\utils.js
  • %TEMP%\nw2960_24220\node_modules\jodid25519\package.json
  • %TEMP%\nw2960_24220\node_modules\jsbn\README.md
  • %TEMP%\nw2960_24220\node_modules\jsbn\example.html
  • %TEMP%\nw2960_24220\node_modules\jsbn\example.js
  • %TEMP%\nw2960_24220\node_modules\jodid25519\lib\dh.js
  • %TEMP%\nw2960_24220\node_modules\jsbn\index.js
  • %TEMP%\nw2960_24220\node_modules\json-schema\README.md
  • %TEMP%\nw2960_24220\node_modules\json-schema\draft-zyp-json-schema-03.xml
  • %TEMP%\nw2960_24220\node_modules\json-schema\draft-zyp-json-schema-04.xml
  • %TEMP%\nw2960_24220\node_modules\json-schema\lib\links.js
  • %TEMP%\nw2960_24220\node_modules\json-schema\lib\validate.js
  • %TEMP%\nw2960_24220\node_modules\jodid25519\jsdoc.json
  • %TEMP%\nw2960_24220\node_modules\jsbn\package.json
  • %TEMP%\nw2960_24220\node_modules\jodid25519\lib\curve255.js
  • %TEMP%\nw2960_24220\node_modules\json-stringify-safe\package.json
  • %TEMP%\nw2960_24220\node_modules\generate-function\README.md
  • %TEMP%\nw2960_24220\node_modules\readable-stream\transform.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\node_modules\async\package.json
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\_enqueue.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\event.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\exception.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\index.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\node_modules\async\lib\async.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\item.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\package.json
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\mocha.opts
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\send.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\timing.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\transaction.js
  • %TEMP%\nw2960_24220\node_modules\util-deprecate\History.md
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\middleware.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\node_modules\async\component.json
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\test\pageview.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\node_modules\async\README.md
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\lib\utils.js
  • %TEMP%\nw2960_24220\node_modules\tweetnacl\nacl-fast.min.js
  • %TEMP%\nw2960_24220\node_modules\tweetnacl\nacl.min.js
  • %TEMP%\nw2960_24220\node_modules\tweetnacl\package.json
  • %TEMP%\nw2960_24220\node_modules\underscore\README.md
  • %TEMP%\nw2960_24220\node_modules\underscore\package.json
  • %TEMP%\nw2960_24220\node_modules\underscore\underscore-min.js
  • %TEMP%\nw2960_24220\node_modules\underscore\underscore-min.map
  • %TEMP%\nw2960_24220\node_modules\tweetnacl\nacl.js
  • %TEMP%\nw2960_24220\node_modules\underscore\underscore.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\HISTORY.md
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\README.md
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\index.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\lib\config.js
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\util-deprecate\README.md
  • %TEMP%\nw2960_24220\node_modules\universal-analytics\AcceptableParams.md
  • %TEMP%\nw2960_24220\node_modules\tweetnacl\nacl-fast.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\nullAndFormat.json
  • %TEMP%\nw2960_24220\node_modules\tweetnacl\README.md
  • %TEMP%\nw2960_24220\report.bin
  • %TEMP%\nw2960_24220\shallow.html
  • %TEMP%\nw2960_24220\storage\storage.js
  • %TEMP%\nw2960_24220\storage\storageUtil.js
  • <LS_APPDATA>\WikiZ\Web Data-journal
  • %TEMP%\nw2960_24220\package.json
  • %TEMP%\etilqs_qOTsaRawhyxQGXJ
  • %TEMP%\nw2960_24220\settings.js
  • <LS_APPDATA>\WikiZ\cookies-journal
  • <LS_APPDATA>\WikiZ\cookies
  • <LS_APPDATA>\WikiZ\Local Storage\file__0.localstorage-journal
  • <LS_APPDATA>\WikiZ\Local Storage\file__0.localstorage
  • <LS_APPDATA>\WikiZ\Cache\index
  • <LS_APPDATA>\WikiZ\Web Data
  • %TEMP%\nw2960_24220\node_modules\xtend\test.js
  • %TEMP%\etilqs_u1p9b2VfrDFRVGc
  • %TEMP%\nw2960_24220\node_modules\xtend\package.json
  • %TEMP%\nw2960_24220\node_modules\xtend\mutable.js
  • %TEMP%\nw2960_24220\node_modules\verror\Makefile.targ
  • %TEMP%\nw2960_24220\node_modules\verror\examples\levels-verror.js
  • %TEMP%\nw2960_24220\node_modules\verror\examples\levels-werror.js
  • %TEMP%\nw2960_24220\node_modules\verror\examples\varargs.js
  • %TEMP%\nw2960_24220\node_modules\verror\examples\verror.js
  • %TEMP%\nw2960_24220\node_modules\verror\examples\werror.js
  • %TEMP%\nw2960_24220\node_modules\verror\jsl.node.conf
  • %TEMP%\nw2960_24220\node_modules\verror\README.md
  • %TEMP%\nw2960_24220\node_modules\verror\lib\verror.js
  • %TEMP%\nw2960_24220\node_modules\verror\tests\tst.inherit.js
  • %TEMP%\nw2960_24220\node_modules\verror\tests\tst.verror.js
  • %TEMP%\nw2960_24220\node_modules\verror\tests\tst.werror.js
  • %TEMP%\nw2960_24220\node_modules\xtend\README.md
  • %TEMP%\nw2960_24220\node_modules\xtend\immutable.js
  • %TEMP%\nw2960_24220\node_modules\util-deprecate\node.js
  • %TEMP%\nw2960_24220\node_modules\verror\package.json
  • %TEMP%\nw2960_24220\node_modules\util-deprecate\browser.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\pattern.json
  • %TEMP%\nw2960_24220\node_modules\tunnel-agent\package.json
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\sntp\package.json
  • %TEMP%\nw2960_24220\node_modules\sntp\test\index.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\README.md
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\algs.js
  • %TEMP%\nw2960_24220\node_modules\sntp\examples\time.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\dhe.js
  • %TEMP%\nw2960_24220\node_modules\sntp\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\errors.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\formats\auto.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\formats\pem.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\formats\pkcs1.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\formats\pkcs8.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\ed-compat.js
  • %TEMP%\nw2960_24220\node_modules\sntp\examples\offset.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\fingerprint.js
  • %TEMP%\nw2960_24220\node_modules\sntp\README.md
  • %TEMP%\nw2960_24220\node_modules\request\request.js
  • %TEMP%\nw2960_24220\node_modules\request\CHANGELOG.md
  • %TEMP%\nw2960_24220\node_modules\request\README.md
  • %TEMP%\nw2960_24220\node_modules\request\index.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\auth.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\cookies.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\getProxyFromURI.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\har.js
  • %TEMP%\nw2960_24220\node_modules\request\CONTRIBUTING.md
  • %TEMP%\nw2960_24220\node_modules\request\lib\helpers.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\oauth.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\querystring.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\redirect.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\tunnel.js
  • %TEMP%\nw2960_24220\node_modules\request\package.json
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\formats\rfc4253.js
  • %TEMP%\nw2960_24220\node_modules\request\lib\multipart.js
  • %TEMP%\nw2960_24220\node_modules\tweetnacl\CHANGELOG.md
  • %TEMP%\nw2960_24220\node_modules\readable-stream\writable.js
  • %TEMP%\nw2960_24220\node_modules\sntp\index.js
  • %TEMP%\nw2960_24220\node_modules\strip-ansi\readme.md
  • %TEMP%\nw2960_24220\node_modules\supports-color\package.json
  • %TEMP%\nw2960_24220\node_modules\supports-color\readme.md
  • %TEMP%\nw2960_24220\node_modules\tough-cookie\README.md
  • %TEMP%\nw2960_24220\node_modules\tough-cookie\lib\cookie.js
  • %TEMP%\nw2960_24220\node_modules\strip-ansi\package.json
  • %TEMP%\nw2960_24220\node_modules\tough-cookie\lib\memstore.js
  • %TEMP%\nw2960_24220\node_modules\supports-color\index.js
  • %TEMP%\nw2960_24220\node_modules\tough-cookie\lib\permuteDomain.js
  • %TEMP%\nw2960_24220\node_modules\tough-cookie\lib\store.js
  • %TEMP%\nw2960_24220\node_modules\tough-cookie\package.json
  • %TEMP%\nw2960_24220\node_modules\tunnel-agent\README.md
  • %TEMP%\nw2960_24220\node_modules\tunnel-agent\index.js
  • %TEMP%\nw2960_24220\node_modules\tough-cookie\lib\pathMatch.js
  • %TEMP%\nw2960_24220\node_modules\strip-ansi\index.js
  • %TEMP%\nw2960_24220\node_modules\tough-cookie\lib\pubsuffix.js
  • %TEMP%\nw2960_24220\node_modules\stringstream\stringstream.js
  • %TEMP%\nw2960_24220\node_modules\stringstream\package.json
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\key.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\signature.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\ssh-buffer.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\utils.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\man\man1\sshpk-conv.1
  • %TEMP%\nw2960_24220\node_modules\sshpk\man\man1\sshpk-sign.1
  • %TEMP%\nw2960_24220\node_modules\sshpk\man\man1\sshpk-verify.1
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\private-key.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\package.json
  • %TEMP%\nw2960_24220\node_modules\string_decoder\index.js
  • %TEMP%\nw2960_24220\node_modules\string_decoder\package.json
  • %TEMP%\nw2960_24220\node_modules\stringstream\LICENSE.txt
  • %TEMP%\nw2960_24220\node_modules\stringstream\README.md
  • %TEMP%\nw2960_24220\node_modules\stringstream\example.js
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\formats\ssh.js
  • %TEMP%\nw2960_24220\node_modules\string_decoder\README.md
  • %TEMP%\nw2960_24220\node_modules\sshpk\lib\formats\ssh-private.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\not.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\multipleOf.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\minimum.json
  • %TEMP%\nw2960_24220\node_modules\asn1\tst\ber\writer.test.js
  • %TEMP%\nw2960_24220\node_modules\assert-plus\CHANGES.md
  • %TEMP%\nw2960_24220\node_modules\assert-plus\README.md
  • %TEMP%\nw2960_24220\node_modules\asn1\lib\ber\writer.js
  • %TEMP%\nw2960_24220\node_modules\assert-plus\assert.js
  • %TEMP%\nw2960_24220\node_modules\async\CHANGELOG.md
  • %TEMP%\nw2960_24220\node_modules\asn1\tst\ber\reader.test.js
  • %TEMP%\nw2960_24220\node_modules\async\README.md
  • %TEMP%\nw2960_24220\node_modules\async\dist\async.min.js
  • %TEMP%\nw2960_24220\node_modules\async\lib\async.js
  • %TEMP%\nw2960_24220\node_modules\async\package.json
  • %TEMP%\nw2960_24220\node_modules\assert-plus\package.json
  • %TEMP%\nw2960_24220\node_modules\asn1\lib\ber\types.js
  • %TEMP%\nw2960_24220\images\icontray.png
  • %TEMP%\nw2960_24220\node_modules\async\dist\async.js
  • %TEMP%\nw2960_24220\node_modules\asn1\package.json
  • %TEMP%\nw2960_24220\node_modules\asn1\lib\ber\reader.js
  • %TEMP%\nw2960_24220\node_modules\asn1\lib\ber\index.js
  • %TEMP%\nw2960_24220\images\unexpand.png
  • %TEMP%\nw2960_24220\index.html
  • %TEMP%\nw2960_24220\jquery.min.js
  • %TEMP%\nw2960_24220\main.js
  • %TEMP%\nw2960_24220\node_modules\ansi-regex\index.js
  • %TEMP%\nw2960_24220\images\minimize.png
  • %TEMP%\nw2960_24220\node_modules\ansi-regex\package.json
  • %TEMP%\nw2960_24220\node_modules\ansi-styles\index.js
  • %TEMP%\nw2960_24220\node_modules\ansi-styles\package.json
  • %TEMP%\nw2960_24220\node_modules\ansi-styles\readme.md
  • %TEMP%\nw2960_24220\node_modules\asn1\README.md
  • %TEMP%\nw2960_24220\node_modules\asn1\lib\ber\errors.js
  • %TEMP%\nw2960_24220\node_modules\aws-sign2\README.md
  • %TEMP%\nw2960_24220\node_modules\ansi-regex\readme.md
  • %TEMP%\nw2960_24220\images\loader.gif
  • %APPDATA%\WikiZ\locales\ml.pak
  • %TEMP%\nw2960_24220\images\search.png
  • %TEMP%\nw2960_24220\node_modules\aws-sign2\index.js
  • %TEMP%\nw2960_24220\node_modules\aws4\package.json
  • %TEMP%\nw2960_24220\node_modules\combined-stream\lib\combined_stream.js
  • %TEMP%\nw2960_24220\node_modules\combined-stream\package.json
  • %TEMP%\nw2960_24220\node_modules\commander\History.md
  • %TEMP%\nw2960_24220\node_modules\chalk\index.js
  • %TEMP%\nw2960_24220\node_modules\commander\Readme.md
  • %TEMP%\nw2960_24220\node_modules\commander\package.json
  • %TEMP%\nw2960_24220\node_modules\combined-stream\Readme.md
  • %TEMP%\nw2960_24220\node_modules\core-util-is\README.md
  • %TEMP%\nw2960_24220\node_modules\core-util-is\lib\util.js
  • %TEMP%\nw2960_24220\node_modules\core-util-is\package.json
  • %TEMP%\nw2960_24220\node_modules\core-util-is\test.js
  • %TEMP%\nw2960_24220\node_modules\commander\index.js
  • %TEMP%\nw2960_24220\node_modules\caseless\test.js
  • %TEMP%\nw2960_24220\node_modules\aws4\README.md
  • %TEMP%\nw2960_24220\node_modules\core-util-is\float.patch
  • %TEMP%\nw2960_24220\node_modules\chalk\readme.md
  • %TEMP%\nw2960_24220\node_modules\caseless\package.json
  • %TEMP%\nw2960_24220\node_modules\caseless\index.js
  • %TEMP%\nw2960_24220\node_modules\bl\LICENSE.md
  • %TEMP%\nw2960_24220\node_modules\bl\README.md
  • %TEMP%\nw2960_24220\node_modules\bl\bl.js
  • %TEMP%\nw2960_24220\node_modules\bl\package.json
  • %TEMP%\nw2960_24220\node_modules\bl\test\test.js
  • %TEMP%\nw2960_24220\node_modules\aws4\example.js
  • %TEMP%\nw2960_24220\node_modules\boom\CONTRIBUTING.md
  • %TEMP%\nw2960_24220\node_modules\boom\images\boom.png
  • %TEMP%\nw2960_24220\node_modules\boom\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\boom\package.json
  • %TEMP%\nw2960_24220\node_modules\boom\test\index.js
  • %TEMP%\nw2960_24220\node_modules\caseless\README.md
  • %TEMP%\nw2960_24220\node_modules\aws-sign2\package.json
  • %TEMP%\nw2960_24220\node_modules\boom\README.md
  • %TEMP%\nw2960_24220\node_modules\aws4\aws4.js
  • %TEMP%\nw2960_24220\node_modules\chalk\package.json
  • <LS_APPDATA>\WikiZ\Cache\41e865c069e2abea_0
  • %TEMP%\nw2960_24220\node_modules\cryptiles\README.md
  • %TEMP%\nw2960_24220\images\icon256.png
  • %APPDATA%\WikiZ\locales\fil.pak
  • %APPDATA%\WikiZ\locales\fr.pak
  • %APPDATA%\WikiZ\locales\gu.pak
  • %APPDATA%\WikiZ\locales\hi.pak
  • %APPDATA%\WikiZ\locales\et.pak
  • %APPDATA%\WikiZ\locales\es-419.pak
  • %APPDATA%\WikiZ\locales\fi.pak
  • %APPDATA%\WikiZ\locales\hr.pak
  • %APPDATA%\WikiZ\locales\iw.pak
  • %APPDATA%\WikiZ\locales\ja.pak
  • %APPDATA%\WikiZ\locales\kn.pak
  • %APPDATA%\WikiZ\locales\ko.pak
  • %APPDATA%\WikiZ\locales\hu.pak
  • %APPDATA%\WikiZ\locales\id.pak
  • %APPDATA%\WikiZ\locales\it.pak
  • %APPDATA%\WikiZ\locales\es.pak
  • %APPDATA%\WikiZ\locales\en-US.pak
  • %APPDATA%\WikiZ\locales\lt.pak
  • %APPDATA%\WikiZ\au.exe
  • %APPDATA%\WikiZ\ffmpegsumo.dll
  • %APPDATA%\WikiZ\icudtl.dat
  • %APPDATA%\WikiZ\nw.pak
  • %APPDATA%\WikiZ\locales\am.pak
  • %APPDATA%\WikiZ\locales\ar.pak
  • %APPDATA%\WikiZ\WikiZ.exe
  • %APPDATA%\WikiZ\locales\bg.pak
  • %APPDATA%\WikiZ\locales\ca.pak
  • %APPDATA%\WikiZ\locales\cs.pak
  • %APPDATA%\WikiZ\locales\da.pak
  • %APPDATA%\WikiZ\locales\de.pak
  • %APPDATA%\WikiZ\locales\el.pak
  • %APPDATA%\WikiZ\locales\en-GB.pak
  • %APPDATA%\WikiZ\locales\bn.pak
  • %TEMP%\nw2960_24220\images\icon36.png
  • %TEMP%\nw2960_24220\images\icon48.png
  • %APPDATA%\WikiZ\locales\lv.pak
  • %APPDATA%\WikiZ\locales\nl.pak
  • %TEMP%\nsw2.tmp\System.dll
  • %APPDATA%\WikiZ\Uninstall.exe
  • %HOMEPATH%\Start Menu\Programs\WikiZ\Uninstall.lnk
  • %HOMEPATH%\Start Menu\Programs\WikiZ\WikiZ.lnk
  • %APPDATA%\WikiZ\locales\vi.pak
  • %APPDATA%\WikiZ\storage.json
  • %APPDATA%\WikiZ\locales\zh-TW.pak
  • %TEMP%\nsm3.tmp
  • %TEMP%\nw2960_24220\images\expand.png
  • %TEMP%\nw2960_24220\images\icon16.png
  • %TEMP%\nw2960_24220\images\icon20.png
  • %TEMP%\nw2960_24220\images\icon24.png
  • %TEMP%\nsw2.tmp\inetc.dll
  • %APPDATA%\WikiZ\locales\fa.pak
  • %TEMP%\nw2960_24220\images\close.png
  • %APPDATA%\WikiZ\locales\zh-CN.pak
  • %APPDATA%\WikiZ\locales\uk.pak
  • %APPDATA%\WikiZ\locales\tr.pak
  • %APPDATA%\WikiZ\locales\no.pak
  • %APPDATA%\WikiZ\locales\pl.pak
  • %APPDATA%\WikiZ\locales\pt-BR.pak
  • %APPDATA%\WikiZ\locales\pt-PT.pak
  • %APPDATA%\WikiZ\locales\ro.pak
  • %APPDATA%\WikiZ\locales\ms.pak
  • %APPDATA%\WikiZ\locales\ru.pak
  • %APPDATA%\WikiZ\locales\sl.pak
  • %APPDATA%\WikiZ\locales\sr.pak
  • %APPDATA%\WikiZ\locales\sv.pak
  • %APPDATA%\WikiZ\locales\sw.pak
  • %APPDATA%\WikiZ\locales\ta.pak
  • %APPDATA%\WikiZ\locales\te.pak
  • %APPDATA%\WikiZ\locales\sk.pak
  • %APPDATA%\WikiZ\locales\th.pak
  • %APPDATA%\WikiZ\locales\mr.pak
  • %TEMP%\nw2960_24220\node_modules\util-deprecate\package.json
  • %TEMP%\nw2960_24220\node_modules\cryptiles\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\dashdash\etc\dashdash.bash_completion.in
  • %TEMP%\nw2960_24220\node_modules\hoek\README.md
  • %TEMP%\nw2960_24220\node_modules\hoek\images\hoek.png
  • %TEMP%\nw2960_24220\node_modules\hoek\lib\escape.js
  • %TEMP%\nw2960_24220\node_modules\hoek\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\hawk\test\uri.js
  • %TEMP%\nw2960_24220\node_modules\hoek\package.json
  • %TEMP%\nw2960_24220\node_modules\hoek\CONTRIBUTING.md
  • %TEMP%\nw2960_24220\node_modules\hoek\test\index.js
  • %TEMP%\nw2960_24220\node_modules\hoek\test\modules\test2.js
  • %TEMP%\nw2960_24220\node_modules\hoek\test\modules\test3.js
  • %TEMP%\nw2960_24220\node_modules\http-signature\CHANGES.md
  • %TEMP%\nw2960_24220\node_modules\http-signature\README.md
  • %TEMP%\nw2960_24220\node_modules\hoek\test\escaper.js
  • %TEMP%\nw2960_24220\node_modules\http-signature\http_signing.md
  • %TEMP%\nw2960_24220\node_modules\hoek\test\modules\test1.js
  • %TEMP%\nw2960_24220\node_modules\hawk\test\utils.js
  • %TEMP%\nw2960_24220\node_modules\hawk\test\server.js
  • %TEMP%\nw2960_24220\node_modules\hawk\test\readme.js
  • %TEMP%\nw2960_24220\node_modules\hawk\example\usage.js
  • %TEMP%\nw2960_24220\node_modules\hawk\images\hawk.png
  • %TEMP%\nw2960_24220\node_modules\hawk\images\logo.png
  • %TEMP%\nw2960_24220\node_modules\hawk\lib\browser.js
  • %TEMP%\nw2960_24220\node_modules\hawk\lib\client.js
  • %TEMP%\nw2960_24220\node_modules\hawk\component.json
  • %TEMP%\nw2960_24220\node_modules\hawk\lib\crypto.js
  • %TEMP%\nw2960_24220\node_modules\hawk\lib\server.js
  • %TEMP%\nw2960_24220\node_modules\hawk\lib\utils.js
  • %TEMP%\nw2960_24220\node_modules\hawk\package.json
  • %TEMP%\nw2960_24220\node_modules\hawk\test\browser.js
  • %TEMP%\nw2960_24220\node_modules\hawk\test\client.js
  • %TEMP%\nw2960_24220\node_modules\hawk\test\crypto.js
  • %TEMP%\nw2960_24220\node_modules\hawk\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\hawk\test\index.js
  • %TEMP%\nw2960_24220\node_modules\cryptiles\package.json
  • %TEMP%\nw2960_24220\node_modules\hawk\dist\client.js
  • %TEMP%\nw2960_24220\node_modules\hawk\bower.json
  • %TEMP%\nw2960_24220\node_modules\http-signature\lib\verify.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\definitions.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\dependencies.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\enum.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\format.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\anyOf.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\items.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\default.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\maxLength.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\maximum.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\minItems.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\minLength.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\minProperties.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\maxItems.json
  • %TEMP%\nw2960_24220\node_modules\http-signature\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\maxProperties.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\bignum.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\allOf.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\additionalProperties.json
  • %TEMP%\nw2960_24220\node_modules\http-signature\package.json
  • %TEMP%\nw2960_24220\node_modules\inherits\README.md
  • %TEMP%\nw2960_24220\node_modules\inherits\inherits.js
  • %TEMP%\nw2960_24220\node_modules\inherits\inherits_browser.js
  • %TEMP%\nw2960_24220\node_modules\inherits\package.json
  • %TEMP%\nw2960_24220\node_modules\http-signature\lib\utils.js
  • %TEMP%\nw2960_24220\node_modules\inherits\test.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\example.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\formats.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\index.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\package.json
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\require.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\fixtures\cosmic.js
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\README.md
  • %TEMP%\nw2960_24220\node_modules\is-my-json-valid\test\json-schema-draft4\additionalItems.json
  • %TEMP%\nw2960_24220\node_modules\http-signature\lib\signer.js
  • %TEMP%\nw2960_24220\node_modules\cryptiles\test\index.js
  • %TEMP%\nw2960_24220\node_modules\http-signature\lib\parser.js
  • %TEMP%\nw2960_24220\node_modules\asn1\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\extsprintf\Makefile.deps
  • %TEMP%\nw2960_24220\node_modules\extsprintf\Makefile.targ
  • %TEMP%\nw2960_24220\node_modules\extsprintf\README.md
  • %TEMP%\nw2960_24220\node_modules\extsprintf\examples\simple.js
  • %TEMP%\nw2960_24220\node_modules\extend\component.json
  • %TEMP%\nw2960_24220\node_modules\extsprintf\jsl.node.conf
  • %TEMP%\nw2960_24220\node_modules\extend\package.json
  • %TEMP%\nw2960_24220\node_modules\extsprintf\package.json
  • %TEMP%\nw2960_24220\node_modules\forever-agent\index.js
  • %TEMP%\nw2960_24220\node_modules\forever-agent\package.json
  • %TEMP%\nw2960_24220\node_modules\form-data\Readme.md
  • %TEMP%\nw2960_24220\node_modules\form-data\lib\browser.js
  • %TEMP%\nw2960_24220\node_modules\extsprintf\lib\extsprintf.js
  • %TEMP%\nw2960_24220\node_modules\form-data\lib\form_data.js
  • %TEMP%\nw2960_24220\node_modules\forever-agent\README.md
  • %TEMP%\nw2960_24220\node_modules\extend\index.js
  • %TEMP%\nw2960_24220\node_modules\extend\README.md
  • %TEMP%\nw2960_24220\node_modules\extend\CHANGELOG.md
  • %TEMP%\nw2960_24220\node_modules\dashdash\lib\dashdash.js
  • %TEMP%\nw2960_24220\node_modules\dashdash\package.json
  • %TEMP%\nw2960_24220\node_modules\delayed-stream\Readme.md
  • %TEMP%\nw2960_24220\node_modules\delayed-stream\lib\delayed_stream.js
  • %TEMP%\nw2960_24220\node_modules\delayed-stream\package.json
  • %TEMP%\nw2960_24220\node_modules\dashdash\README.md
  • %TEMP%\nw2960_24220\node_modules\ecc-jsbn\README.md
  • %TEMP%\nw2960_24220\node_modules\ecc-jsbn\lib\ec.js
  • %TEMP%\nw2960_24220\node_modules\ecc-jsbn\lib\sec.js
  • %TEMP%\nw2960_24220\node_modules\ecc-jsbn\package.json
  • %TEMP%\nw2960_24220\node_modules\ecc-jsbn\test.js
  • %TEMP%\nw2960_24220\node_modules\escape-string-regexp\index.js
  • %TEMP%\nw2960_24220\node_modules\escape-string-regexp\package.json
  • %TEMP%\nw2960_24220\node_modules\ecc-jsbn\index.js
  • %TEMP%\nw2960_24220\node_modules\escape-string-regexp\readme.md
  • %TEMP%\nw2960_24220\node_modules\has-ansi\package.json
  • %TEMP%\nw2960_24220\node_modules\hawk\README.md
  • %TEMP%\nw2960_24220\node_modules\has-ansi\readme.md
  • %TEMP%\nw2960_24220\node_modules\generate-function\package.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\har.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\index.js
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\log.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\page.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\cookie.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\pageTimings.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\entry.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\record.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\response.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\timings.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\package.json
  • %TEMP%\nw2960_24220\node_modules\has-ansi\index.js
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\postData.json
  • %TEMP%\nw2960_24220\node_modules\form-data\package.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\request.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\creator.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\content.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\cacheEntry.json
  • %TEMP%\nw2960_24220\node_modules\generate-function\test.js
  • %TEMP%\nw2960_24220\node_modules\generate-object-property\README.md
  • %TEMP%\nw2960_24220\node_modules\generate-object-property\index.js
  • %TEMP%\nw2960_24220\node_modules\generate-object-property\package.json
  • %TEMP%\nw2960_24220\node_modules\generate-object-property\test.js
  • %TEMP%\nw2960_24220\node_modules\generate-function\index.js
  • %TEMP%\nw2960_24220\node_modules\graceful-readlink\README.md
  • %TEMP%\nw2960_24220\node_modules\graceful-readlink\package.json
  • %TEMP%\nw2960_24220\node_modules\har-validator\README.md
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\async.js
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\error.js
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\index.js
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\runner.js
  • %TEMP%\nw2960_24220\node_modules\graceful-readlink\index.js
  • %TEMP%\nw2960_24220\node_modules\har-validator\lib\schemas\cache.json
  • %TEMP%\nw2960_24220\node_modules\generate-function\example.js
  • <LS_APPDATA>\WikiZ\Cache\index-dir\temp-index
Deletes the following files:
  • %TEMP%\nsw2.tmp\inetc.dll
  • %TEMP%\nsw2.tmp\System.dll
  • <LS_APPDATA>\WikiZ\Cache\todelete_549710e8e3c09413
Moves the following files:
  • from <LS_APPDATA>\WikiZ\Cache\index-dir\temp-index to <LS_APPDATA>\WikiZ\Cache\index-dir\the-real-index
  • from <LS_APPDATA>\WikiZ\Cache\41e865c069e2abea_0 to <LS_APPDATA>\WikiZ\Cache\todelete_549710e8e3c09413
Substitutes the following files:
  • <LS_APPDATA>\WikiZ\Cache\todelete_549710e8e3c09413
Network activity:
Connects to:
  • 'go#####analytics.com':80
TCP:
HTTP POST requests:
  • http://www.go#####analytics.com/collect via go#####analytics.com
  • http:///collect via go#####analytics.com
UDP:
  • DNS ASK www.go#####analytics.com
  • DNS ASK wi###edia.org
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Chrome_MessageWindow' WindowName: '<LS_APPDATA>\WikiZ'
  • ClassName: '' WindowName: ''
Creates and executes the following:
  • '%APPDATA%\WikiZ\WikiZ.exe' "su"
  • '%APPDATA%\WikiZ\WikiZ.exe' --type=renderer --js-flags=--expose-gc --no-sandbox --enable-deferred-image-decoding --lang=en-US --extension-process --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) lik...
Executes the following:
  • '<SYSTEM32>\cmd.exe' /s /c "taskkill /F /IM au.exe"
  • '<SYSTEM32>\cmd.exe' /s /c "driverquery /FO list /v"
  • '<SYSTEM32>\driverquery.exe' /FO list /v

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play