ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.DownLoader26.50331

Added to the Dr.Web virus database: 2018-06-12

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Intel Power Module' = '%APPDATA%\Microsoft Logon Users\MicrosoftLogon.exe'
Creates or modifies the following files:
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Pandion.lnk
Modifies file system:
Creates the following files:
  • %TEMP%\msg.msi
  • %ProgramFiles%\Pandion\Application\src\extension-download.html
  • %ProgramFiles%\Pandion\Application\images\autoupdate\progress-overlay.png
  • %ProgramFiles%\Pandion\Application\languages\zh-CN.xml
  • %ProgramFiles%\Pandion\Application\languages\ca.xml
  • %ProgramFiles%\Pandion\Application\images\brand\default.ico
  • %ProgramFiles%\Pandion\Application\languages\lt.xml
  • %ProgramFiles%\Pandion\Application\images\misc\add-profile-welcome.gif
  • %ProgramFiles%\Pandion\Application\search\xpi\chrome.manifest
  • %ProgramFiles%\Pandion\Application\src\pass_change.html
  • %ProgramFiles%\Pandion\Application\avatars\f75fdf7cefacc93c3b9a8c1f510aea2d7b0b1557
  • %ProgramFiles%\Pandion\Application\src\main\OnWindowActivate.js
  • %ProgramFiles%\Pandion\Application\avatars\4448c00da800da7405e40863326ed75197dd50b1
  • %ProgramFiles%\Pandion\Application\src\main\history_add.js
  • %ProgramFiles%\Pandion\Application\src\conference-subject.html
  • %ProgramFiles%\Pandion\Application\images\clients\vista.gif
  • %ProgramFiles%\Pandion\Application\css\autoupdate.css
  • %ProgramFiles%\Pandion\Application\emoticons\hydroxygen.jisp
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnConnected.js
  • %ProgramFiles%\Pandion\Application\images\clients\kontakt.gif
  • %ProgramFiles%\Pandion\Application\src\chat-container.html
  • %ProgramFiles%\Pandion\Application\images\clients\skabber.gif
  • %ProgramFiles%\Pandion\Application\images\autoupdate\face-sad.png
  • %ProgramFiles%\Pandion\Application\src\main\dial_headlines.js
  • %ProgramFiles%\Pandion\Application\images\clients\gadugadu.gif
  • %ProgramFiles%\Pandion\Application\avatars\b5134dfbb0e67835f713a8f63b460f105246c289
  • %ProgramFiles%\Pandion\Application\images\history\books.ico
  • %ProgramFiles%\Pandion\Application\src\conference_custom.html
  • %ProgramFiles%\Pandion\Application\images\misc\tab-bar-close-over-lite.gif
  • %ProgramFiles%\Pandion\Application\js\lib\client\events\manager.js
  • %ProgramFiles%\Pandion\Application\avatars\98338ea0cad9e2a36177dd806707571fccd33ad5
  • %ProgramFiles%\Pandion\Application\css\roster.css
  • %ProgramFiles%\Pandion\Application\avatars\03d5f06d79b738d7f55aa03f054e6bc263f9f054
  • %ProgramFiles%\Pandion\Application\images\clients\house.gif
  • %ProgramFiles%\Pandion\Application\languages\compare.hta
  • %ProgramFiles%\Pandion\Application\images\edge\top.png
  • %ProgramFiles%\Pandion\Application\images\clients\kopete.gif
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnStartTLSFailed.js
  • %ProgramFiles%\Pandion\Application\images\clients\cog.gif
  • %ProgramFiles%\Pandion\Application\images\clients\rhymbox.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_transport_list.js
  • %ProgramFiles%\Pandion\Application\images\clients\tlen.gif
  • %ALLUSERSPROFILE%\Desktop\Pandion.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Pandion.lnk
  • %WINDIR%\Installer\27306.msi
  • %WINDIR%\Installer\{2C9167F1-ECCA-4129-A533-C0BCD34107A9}\default.ico
  • %ProgramFiles%\Pandion\Application\images\misc\play.gif
  • %ProgramFiles%\Pandion\Application\src\transport_register.html
  • %ProgramFiles%\Pandion\Application\languages\languages.xml
  • %APPDATA%\Pandion\Avatars\15ba4d4ad642f58cc14447ba5f73776485435617
  • %APPDATA%\Pandion\Avatars\1fe629f8f56e71d0a92104cc1eb64159d7b3aeb6
  • %APPDATA%\Pandion\Avatars\291ff452f8bc484efc46c0f79d332b1668d3780c
  • %APPDATA%\Pandion\Avatars\4448c00da800da7405e40863326ed75197dd50b1
  • %APPDATA%\Pandion\Avatars\5434cff13b2b33c1dbf6941f26af4c13a22570c7
  • %APPDATA%\Pandion\Avatars\6631e8de3c972b605a2a87f692e2a12e9a72e600
  • %APPDATA%\Pandion\Avatars\03d5f06d79b738d7f55aa03f054e6bc263f9f054
  • %WINDIR%\Installer\MSI4.tmp
  • %ProgramFiles%\Pandion\Application\images\history\dustbin.png
  • %ProgramFiles%\Pandion\Application\images\conference\tools.ico
  • %ProgramFiles%\Pandion\Application\src\main\mousemenu.js
  • %ProgramFiles%\Pandion\Application\src\main\BackgroundBrowse.js
  • %ProgramFiles%\Pandion\Application\images\history\disk.png
  • %ProgramFiles%\Pandion\Application\src\main\dial_mode.js
  • %ProgramFiles%\Pandion\Application\avatars\77d827881fdbf29139ecdc632dd9e1a8e094e11a
  • %ProgramFiles%\Pandion\Application\avatars\add221a1fe148d0ef6532a770ecd8e5f56104cc1
  • %ProgramFiles%\Pandion\Application\images\clients\mac.gif
  • %ProgramFiles%\Pandion\Application\src\chat-messages.html
  • %ProgramFiles%\Pandion\Application\images\vcard\person.png
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnMessage.js
  • %ProgramFiles%\Pandion\Application\images\toaster\background.gif
  • %ProgramFiles%\Pandion\Application\src\main\XMPPPresence.js
  • %ProgramFiles%\Pandion\Application\images\sign-in\frame-right.png
  • %ProgramFiles%\Pandion\Application\languages\id.xml
  • %ProgramFiles%\Pandion\Application\languages\en.xml
  • %ProgramFiles%\Pandion\Application\languages\it.xml
  • %ProgramFiles%\Pandion\Application\languages\pl.xml
  • %ProgramFiles%\Pandion\Application\images\chat-container\tab-add-button.png
  • %ProgramFiles%\Pandion\Application\src\main\dial_contacts_import.js
  • %ProgramFiles%\Pandion\Application\images\welcome\transport.png
  • %APPDATA%\Pandion\Avatars\73aaccef2ce9a1905b7a6d7f08a90d4aef33b782
  • %ProgramFiles%\Pandion\Application\src\main\outnit.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_console.js
  • %ProgramFiles%\Pandion\Application\languages\af.xml
  • %ProgramFiles%\Pandion\Application\images\clients\small\gadugadu.gif
  • %ProgramFiles%\Pandion\Application\images\clients\tipicim.gif
  • %ProgramFiles%\Pandion\Application\images\filetransfer\disk.ico
  • %ProgramFiles%\Pandion\Application\languages\bg.xml
  • %ProgramFiles%\Pandion\Application\src\main\dial_plugin_list.js
  • %ProgramFiles%\Pandion\Application\search\xpi\install.rdf
  • %ProgramFiles%\Pandion\Application\src\conference-invite.html
  • %ProgramFiles%\Pandion\Application\images\sign-in\logo-shiny-hover.png
  • %ProgramFiles%\Pandion\Application\images\clients\gnome.gif
  • %ProgramFiles%\Pandion\Application\images\clients\icq.gif
  • %ProgramFiles%\Pandion\Application\images\welcome\settings.png
  • %ProgramFiles%\Pandion\Application\languages\fi.xml
  • %ProgramFiles%\Pandion\Application\languages\de.xml
  • %ProgramFiles%\Pandion\Application\src\headline_log.html
  • %ProgramFiles%\Pandion\Application\images\clients\pandion.gif
  • %ProgramFiles%\Pandion\Application\src\plugin_list.html
  • %APPDATA%\Pandion\Avatars\6aea9fffbb8d97491e96c40f8e8abd1c178fad00
  • %ProgramFiles%\Pandion\Application\images\main\mode-frame-left.png
  • %ProgramFiles%\Pandion\Application\images\conference\contacts.ico
  • %ProgramFiles%\Pandion\Application\src\history.html
  • %ProgramFiles%\Pandion\Application\images\edge\inside-right.png
  • %ProgramFiles%\Pandion\Application\images\conference\contacts-large.png
  • %ProgramFiles%\Pandion\Application\images\chat-container\tab-button.png
  • %ProgramFiles%\Pandion\Application\images\headline_log\star.png
  • %ProgramFiles%\Pandion\Application\src\main\MenuBar.js
  • %ProgramFiles%\Pandion\Application\avatars\1fe629f8f56e71d0a92104cc1eb64159d7b3aeb6
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnStartSCSucceeded.js
  • %ProgramFiles%\Pandion\Application\sounds\online.wav
  • %ProgramFiles%\Pandion\Application\css\chat-messages.css
  • %ProgramFiles%\Pandion\Application\emoticons\shinyicons.jisp
  • %ProgramFiles%\Pandion\Application\src\main\warn.js
  • %ProgramFiles%\Pandion\Application\src\emoticon_list.html
  • %ProgramFiles%\Pandion\Application\js\lib\client\os\launchInBrowser.js
  • %ProgramFiles%\Pandion\Application\js\lib\client\os\registry.js
  • %APPDATA%\Pandion\Avatars\09084fcff61fab8c7088551c39a5fb5a206bc294
  • %ProgramFiles%\Pandion\Application\js\about.js
  • %ProgramFiles%\Pandion\Application\languages\es.xml
  • %ProgramFiles%\Pandion\Application\avatars\6aea9fffbb8d97491e96c40f8e8abd1c178fad00
  • %ProgramFiles%\Pandion\Application\src\main\dial_conference.js
  • %ProgramFiles%\Pandion\Application\images\misc\waiting.gif
  • %ProgramFiles%\Pandion\Application\images\preferences\network.png
  • %ProgramFiles%\Pandion\Application\src\main\dial_signup.js
  • %ProgramFiles%\Pandion\Application\settings\build.txt
  • %ProgramFiles%\Pandion\Application\settings\brand.xml
  • %ProgramFiles%\Pandion\Application\src\conference_browse.html
  • %ProgramFiles%\Pandion\Application\images\vcard\house.png
  • %ProgramFiles%\Pandion\Application\css\main.css
  • %ProgramFiles%\Pandion\Application\js\lib\client\ui\idle\sensor\workstationLock.js
  • %ProgramFiles%\Pandion\Application\images\main\content-behind.png
  • %ProgramFiles%\Pandion\Application\images\misc\hidden.gif
  • %ProgramFiles%\Pandion\Application\images\edge\inside-left.png
  • %ProgramFiles%\Pandion\Application\avatars\8846ea523d1185eb903bfc2218c153a7cf3bbf70
  • %ProgramFiles%\Pandion\Application\src\main\dial_font.js
  • %ProgramFiles%\Pandion\Application\License.rtf
  • %ProgramFiles%\Pandion\Application\js\lib\client\data\iso8601.js
  • %ProgramFiles%\Pandion\Application\js\lib\client\data\prettytime.js
  • %ProgramFiles%\Pandion\Application\images\welcome\profile.png
  • %ProgramFiles%\Pandion\Application\images\clients\papla.gif
  • %ProgramFiles%\Pandion\Application\images\clients\imov.gif
  • %ProgramFiles%\Pandion\Application\languages\el.xml
  • %ProgramFiles%\Pandion\Application\languages\no.xml
  • %ProgramFiles%\Pandion\Application\src\avatar.html
  • %ProgramFiles%\Pandion\Application\images\misc\transport-wiz.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_logout.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_service_register.js
  • %ProgramFiles%\Pandion\Application\search\xpi\chrome\content\addsearchengine.xul
  • %ProgramFiles%\Pandion\Application\images\misc\ooo.gif
  • %ProgramFiles%\Pandion\Application\src\adduser.html
  • %ProgramFiles%\Pandion\Application\images\clients\miranda.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_contacts_export.js
  • %ProgramFiles%\Pandion\Application\sounds\message.wav
  • %ProgramFiles%\Pandion\Application\js\lib\client\html\anchorToBrowser.js
  • %ProgramFiles%\Pandion\Application\images\clients\jim.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_password_change.js
  • %ProgramFiles%\Pandion\Application\images\chat-container\toolbar-behind.png
  • %APPDATA%\Pandion\Avatars\77d827881fdbf29139ecdc632dd9e1a8e094e11a
  • %APPDATA%\Pandion\Emoticons\shinyicons\fish.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\foureyes.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\gasmask.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\glasses.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\globe.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\graduate.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\grimreaper.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\evolved.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\knocked-out.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\evil.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\heart.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\helicopter.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\house.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\hurt.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\icondef.xml
  • %APPDATA%\Pandion\Emoticons\shinyicons\jaguar.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\hammer.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\grin.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\heart broken.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\embarrassed.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\devious.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\confused.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cool.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cross-eyed.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cry.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cyclops.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\dead.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\ermm.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cocktail.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\coffee.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\dinosaur.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\disappointed.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\ditsy.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\dog.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\dragon.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\drink.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\devil.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\depressed.gif
  • %ProgramFiles%\Pandion\Application\images\main\tab-add-button.png
  • %APPDATA%\Pandion\Emoticons\shinyicons\cobra.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\shocked.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\silly.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\skull.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\sleeping.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\smile.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\smiley.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\smoker.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\scared.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\letter.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\sad.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\surprised.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\thumbdown.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\thumbup.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\tired.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\tv.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\vampire.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\speechless.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\speaker.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\laugh.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\rambo.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\paranoid.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\mushroom.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\music.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\needle.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\nervous.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\ninja.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\normal.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\robot.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\lick.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\mad.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\penguin.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\person.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\phone.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\pirate.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\ponder.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\puzzled.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\old-man.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\ogre.gif
  • %ProgramFiles%\Pandion\Application\js\lib\client\os\browser.js
  • %APPDATA%\Pandion\Emoticons\shinyicons\chinese.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\calm.gif
  • %APPDATA%\Pandion\My Avatars\6aea9fffbb8d97491e96c40f8e8abd1c178fad00
  • %APPDATA%\Pandion\My Avatars\73aaccef2ce9a1905b7a6d7f08a90d4aef33b782
  • %APPDATA%\Pandion\My Avatars\77d827881fdbf29139ecdc632dd9e1a8e094e11a
  • %APPDATA%\Pandion\My Avatars\8846ea523d1185eb903bfc2218c153a7cf3bbf70
  • %APPDATA%\Pandion\My Avatars\8fd7eae7dc9bde2150405afc5bc86009d8b64315
  • %APPDATA%\Pandion\My Avatars\98338ea0cad9e2a36177dd806707571fccd33ad5
  • %APPDATA%\Pandion\My Avatars\5434cff13b2b33c1dbf6941f26af4c13a22570c7
  • %APPDATA%\Pandion\My Avatars\f75fdf7cefacc93c3b9a8c1f510aea2d7b0b1557
  • %APPDATA%\Pandion\My Avatars\4448c00da800da7405e40863326ed75197dd50b1
  • %APPDATA%\Pandion\My Avatars\b5134dfbb0e67835f713a8f63b460f105246c289
  • %APPDATA%\Pandion\My Avatars\b8883c251ef6d6d6c483fbf7ea6f07270e847d8d
  • %APPDATA%\Pandion\My Avatars\bd2e0519fea04598b7cd4fb431c9c1396cbbd9fa
  • %APPDATA%\Pandion\My Avatars\c7604d3f21a50be1253ecf5ce6425ebbbc81210f
  • %APPDATA%\Pandion\My Avatars\e6eea482548c7c742f5ba45d705fa01998239671
  • %APPDATA%\Pandion\My Avatars\f3e450256d13b85cbdbf7191454872465f59f5bf
  • %APPDATA%\Pandion\My Avatars\add221a1fe148d0ef6532a770ecd8e5f56104cc1
  • %APPDATA%\Pandion\My Avatars\9fab1ae539ce8352e86e0f769e7355cc2acee99d
  • %APPDATA%\Pandion\My Avatars\ae31e9c60ad59701ea5f39be4017e051e8aa9f4b
  • %APPDATA%\Pandion\My Avatars\1fe629f8f56e71d0a92104cc1eb64159d7b3aeb6
  • %APPDATA%\Pandion\Avatars\e6eea482548c7c742f5ba45d705fa01998239671
  • %APPDATA%\Pandion\Avatars\98338ea0cad9e2a36177dd806707571fccd33ad5
  • %APPDATA%\Pandion\Avatars\9fab1ae539ce8352e86e0f769e7355cc2acee99d
  • %APPDATA%\Pandion\Avatars\add221a1fe148d0ef6532a770ecd8e5f56104cc1
  • %APPDATA%\Pandion\Avatars\ae31e9c60ad59701ea5f39be4017e051e8aa9f4b
  • %APPDATA%\Pandion\Avatars\b5134dfbb0e67835f713a8f63b460f105246c289
  • %APPDATA%\Pandion\Avatars\b8883c251ef6d6d6c483fbf7ea6f07270e847d8d
  • %APPDATA%\Pandion\My Avatars\291ff452f8bc484efc46c0f79d332b1668d3780c
  • %APPDATA%\Pandion\Emoticons\shinyicons\classic.gif
  • %APPDATA%\Pandion\Avatars\8fd7eae7dc9bde2150405afc5bc86009d8b64315
  • %APPDATA%\Pandion\Avatars\f3e450256d13b85cbdbf7191454872465f59f5bf
  • %APPDATA%\Pandion\Avatars\f75fdf7cefacc93c3b9a8c1f510aea2d7b0b1557
  • %APPDATA%\Pandion\Avatars\fea759d5f9f52b795d35dae169dbfcd0b8e5585b
  • %APPDATA%\Pandion\My Avatars\03d5f06d79b738d7f55aa03f054e6bc263f9f054
  • %APPDATA%\Pandion\My Avatars\09084fcff61fab8c7088551c39a5fb5a206bc294
  • %APPDATA%\Pandion\My Avatars\15ba4d4ad642f58cc14447ba5f73776485435617
  • %APPDATA%\Pandion\Avatars\c7604d3f21a50be1253ecf5ce6425ebbbc81210f
  • %APPDATA%\Pandion\Avatars\bd2e0519fea04598b7cd4fb431c9c1396cbbd9fa
  • %APPDATA%\Pandion\Avatars\8846ea523d1185eb903bfc2218c153a7cf3bbf70
  • %APPDATA%\Pandion\My Avatars\6631e8de3c972b605a2a87f692e2a12e9a72e600
  • %APPDATA%\Pandion\Emoticons\shinyicons\angel.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\angry.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\apple.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\bandit.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\bat.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\beard.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\beer.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\alien.gif
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-angel.png
  • %APPDATA%\Pandion\Emoticons\shinyicons\ace.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\camera.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\carrot.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cat.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cheeky.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cheerful.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\cherry.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\bulb.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\bored.gif
  • %APPDATA%\Pandion\My Avatars\fea759d5f9f52b795d35dae169dbfcd0b8e5585b
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-worried.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-smile-big.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-crying.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-devilish.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-embarrassed.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-kiss.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-laugh.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-plain.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\icondef.xml
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-angry.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-cool.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-smile.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-smirk.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-surprise.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-tired.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-uncertain.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-wink.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-sad.png
  • %APPDATA%\Pandion\Emoticons\hydroxygen\face-raspberry.png
  • %ProgramFiles%\Pandion\Application\images\welcome\search.png
  • %ProgramFiles%\Pandion\Application\src\main\md5_obj.js
  • %ProgramFiles%\Pandion\Application\src\conference_other.html
  • %ProgramFiles%\Pandion\Application\src\url_recv.html
  • %ProgramFiles%\Pandion\Application\images\welcome\translucent.png
  • %ProgramFiles%\Pandion\Application\js\lib\client\ui\idle\sensor\mouseMovement.js
  • %ProgramFiles%\Pandion\Application\images\history\arrow-right.png
  • %ProgramFiles%\Pandion\Application\src\main\XMPPIQ.js
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnDocumentEnd.js
  • %ProgramFiles%\Pandion\Application\images\sign-in\shiny.png
  • %ProgramFiles%\Pandion\Application\languages\nl.xml
  • %ProgramFiles%\Pandion\Application\src\main\Tray.js
  • %ProgramFiles%\Pandion\Application\src\main\ConferenceSession.js
  • %ProgramFiles%\Pandion\Application\images\emoticons\emoticon.ico
  • %ProgramFiles%\Pandion\Application\images\main\mode-frame-right.png
  • %ProgramFiles%\Pandion\Application\settings\bookmarks.xml
  • %ProgramFiles%\Pandion\Application\src\file_send.html
  • %ProgramFiles%\Pandion\Application\avatars\b8883c251ef6d6d6c483fbf7ea6f07270e847d8d
  • %ProgramFiles%\Pandion\Application\src\vcard_edit.html
  • %ProgramFiles%\Pandion\Application\src\main\dial_plugins.js
  • %ProgramFiles%\Pandion\Application\src\main\XMPPHookIQ.js
  • %ProgramFiles%\Pandion\Application\images\clients\dotnet.gif
  • %ProgramFiles%\Pandion\Application\images\clients\adium.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_history.js
  • %ProgramFiles%\Pandion\Application\images\chat-container\font.png
  • %ProgramFiles%\Pandion\Application\src\emoset_view.html
  • %ProgramFiles%\Pandion\Application\settings\servers.xml
  • %ProgramFiles%\Pandion\Application\src\main\dial_emoticon_viewer.js
  • %ProgramFiles%\Pandion\Application\images\misc\arrow-west-light.gif
  • %ProgramFiles%\Pandion\Application\images\history\arrow-down.png
  • %ProgramFiles%\Pandion\Application\src\emoticon_download.html
  • %ProgramFiles%\Pandion\Application\images\clients\spark.gif
  • %ProgramFiles%\Pandion\Application\languages\fr.xml
  • %ProgramFiles%\Pandion\Application\images\main\logo.png
  • %ProgramFiles%\Pandion\Application\css\about.css
  • %ProgramFiles%\Pandion\Application\images\misc\lock-closed.png
  • %ProgramFiles%\Pandion\Application\src\bookmarks_manage.html
  • %ProgramFiles%\Pandion\Application\images\sign-in\frame-top.png
  • %ProgramFiles%\Pandion\Application\images\clients\thumb.gif
  • %ProgramFiles%\Pandion\Application\images\clients\myjabber.gif
  • %ProgramFiles%\Pandion\Application\js\chat-messages.js
  • %ProgramFiles%\Pandion\Application\images\chat-container\bubble.ico
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnDisconnected.js
  • %ProgramFiles%\Pandion\Application\avatars\291ff452f8bc484efc46c0f79d332b1668d3780c
  • %ProgramFiles%\Pandion\Application\images\chat-container\tab-button-faded.png
  • %ProgramFiles%\Pandion\Application\languages\ko.xml
  • %ProgramFiles%\Pandion\Application\images\clients\psi.gif
  • %ProgramFiles%\Pandion\Application\languages\he.xml
  • %ProgramFiles%\Pandion\Application\js\lib\client\ui\idle\manager.js
  • %ProgramFiles%\Pandion\Application\avatars\5434cff13b2b33c1dbf6941f26af4c13a22570c7
  • %ProgramFiles%\Pandion\Application\images\preferences\person.png
  • %ProgramFiles%\Pandion\Application\src\main\ClientPlugin.js
  • %ProgramFiles%\Pandion\Application\css\welcome.css
  • %ProgramFiles%\Pandion\Application\avatars\c7604d3f21a50be1253ecf5ce6425ebbbc81210f
  • %ProgramFiles%\Pandion\Application\src\main\ClientRoster.js
  • %ProgramFiles%\Pandion\Application\src\plugins.html
  • %ProgramFiles%\Pandion\Application\avatars\15ba4d4ad642f58cc14447ba5f73776485435617
  • %ProgramFiles%\Pandion\Application\languages\ja.xml
  • %ProgramFiles%\Pandion\Application\languages\ar.xml
  • %ProgramFiles%\Pandion\Application\js\lib\client\css.js
  • %ProgramFiles%\Pandion\Application\avatars\bd2e0519fea04598b7cd4fb431c9c1396cbbd9fa
  • %ProgramFiles%\Pandion\Application\src\main\dial_adduser.js
  • %ProgramFiles%\Pandion\Application\images\clients\aim.gif
  • %ProgramFiles%\Pandion\Application\images\history\printer.png
  • %ProgramFiles%\Pandion\Application\images\sign-in\content-behind.png
  • %ProgramFiles%\Pandion\Application\languages\da.xml
  • %ProgramFiles%\Pandion\Application\js\chat-container.js
  • %ProgramFiles%\Pandion\Application\src\transport_other.html
  • %ProgramFiles%\Pandion\Application\src\main\OnLogin.js
  • %ProgramFiles%\Pandion\Application\images\clients\small\aim.gif
  • %ProgramFiles%\Pandion\Application\src\main\mode_new.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_about.js
  • %ProgramFiles%\Pandion\Application\languages\sv.xml
  • %ProgramFiles%\Pandion\Application\avatars\e6eea482548c7c742f5ba45d705fa01998239671
  • %ProgramFiles%\Pandion\Application\src\main\LoadProfile.js
  • %ProgramFiles%\Pandion\Application\src\main\HTTPEngine.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_conference_create.js
  • %ProgramFiles%\Pandion\Application\images\vcard\coffee.png
  • %ProgramFiles%\Pandion\Application\images\autoupdate\face-smile.png
  • %ProgramFiles%\Pandion\Application\images\clients\yabber.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\wink.gif
  • %ProgramFiles%\Pandion\Application\src\main\pass_code.js
  • %ProgramFiles%\Pandion\Application\images\clients\palm.gif
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
  • %WINDIR%\Installer\MSI1.tmp
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
  • %ProgramFiles%\Pandion\Application\images\main\mode-behind.png
  • %ProgramFiles%\Pandion\Application\src\main\hash2file.js
  • %ProgramFiles%\Pandion\Application\src\main.html
  • %ProgramFiles%\Pandion\Application\src\main\ChatSession.js
  • %ProgramFiles%\Pandion\Application\images\clients\nitro.gif
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
  • C:\Config.Msi\27305.rbs
  • %ProgramFiles%\Pandion\Application\src\autoupdate.html
  • %ProgramFiles%\Pandion\Application\src\main\Headline.js
  • %ProgramFiles%\Pandion\Application\images\headlines\feed.ico
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
  • %APPDATA%\Microsoft Logon Users\msimg32.dll
  • %TEMP%\241b2.msi
  • %TEMP%\585B0B87-2A1D-6337-12525BC1.jpg
  • %WINDIR%\Installer\27303.msi
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
  • %APPDATA%\Microsoft Logon Users\MicrosoftLogon.exe
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
  • %ProgramFiles%\Pandion\Application\src\main\dial_groupmessage.js
  • %ProgramFiles%\Pandion\Application\images\clients\jwchat.gif
  • %ProgramFiles%\Pandion\Application\images\misc\alpha-1x1.gif
  • %ProgramFiles%\Pandion\Application\images\conference\contacts.png
  • %ProgramFiles%\Pandion\Application\src\rename_user.html
  • %ProgramFiles%\Pandion\Application\src\console.html
  • %ProgramFiles%\Pandion\Application\images\clients\small\msn.gif
  • %ProgramFiles%\Pandion\Application\src\bookmarks_add.html
  • %ProgramFiles%\Pandion\Application\src\main\ClientBrowse.js
  • %ProgramFiles%\Pandion\Application\src\about.html
  • %ProgramFiles%\Pandion\Application\src\main\dial_login.js
  • %ProgramFiles%\Pandion\Application\images\chat-container\frame-right.png
  • %ProgramFiles%\Pandion\Application\src\main\dial_autoupdate.js
  • %ProgramFiles%\Pandion\Application\images\toaster\star.png
  • %ProgramFiles%\Pandion\Application\js\lib\client\utils\countdown.js
  • %ProgramFiles%\Pandion\Application\js\lib\client\os\registerDefaultPrograms.js
  • %ProgramFiles%\Pandion\Application\src\connection_settings.html
  • %ProgramFiles%\Pandion\Application\images\chat-container\content-behind.png
  • %ProgramFiles%\Pandion\Application\images\clients\small\icq.gif
  • %ProgramFiles%\Pandion\Application\images\edge\right.png
  • %ProgramFiles%\Pandion\Application\images\clients\jbother.gif
  • %ProgramFiles%\Pandion\Application\src\conference-name.html
  • %WINDIR%\Installer\27304.ipi
  • %ProgramFiles%\Pandion\Application\images\history\disk16.png
  • %ProgramFiles%\Pandion\Application\images\conference\lock.ico
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnDocumentStart.js
  • %ProgramFiles%\Pandion\Application\images\clients\gaim.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_group_create.js
  • %ProgramFiles%\Pandion\Application\languages\sr.xml
  • %ProgramFiles%\Pandion\Application\avatars\8fd7eae7dc9bde2150405afc5bc86009d8b64315
  • %ProgramFiles%\Pandion\Application\src\main\dial_block.js
  • %ProgramFiles%\Pandion\Application\languages\cs.xml
  • %ProgramFiles%\Pandion\Application\images\clients\neosmt.gif
  • %ProgramFiles%\Pandion\Application\languages\ru.xml
  • %ProgramFiles%\Pandion\Application\images\misc\tab-bar-lite.gif
  • %ProgramFiles%\Pandion\Application\images\clients\hapi.gif
  • %ProgramFiles%\Pandion\Application\src\welcome.html
  • %ProgramFiles%\Pandion\Application\src\main\dial_status_message.js
  • %ProgramFiles%\Pandion\Application\src\preferences.html
  • %ProgramFiles%\Pandion\Application\images\clients\gajim.gif
  • %APPDATA%\Pandion\Emoticons\shinyicons\square-eyed.gif
  • %ProgramFiles%\Pandion\Application\images\clients\jajc.gif
  • %ProgramFiles%\Pandion\Application\js\lib\client\io\ajax.js
  • %ProgramFiles%\Pandion\Application\js\lib\client.js
  • %ProgramFiles%\Pandion\Application\avatars\fea759d5f9f52b795d35dae169dbfcd0b8e5585b
  • %ProgramFiles%\Pandion\Application\images\clients\konnekt.gif
  • %ProgramFiles%\Pandion\Application\Pandion.exe
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnIQ.js
  • %ProgramFiles%\Pandion\Application\images\clients\amiga.gif
  • %ProgramFiles%\Pandion\Application\images\welcome\contact-add.png
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnStream.js
  • %ProgramFiles%\Pandion\Application\images\sign-in\frame-left.png
  • %ProgramFiles%\Pandion\Application\src\main\dial_background_download.js
  • %ProgramFiles%\Pandion\Application\src\conference-accesslevel.html
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnStartTLSSucceeded.js
  • %ProgramFiles%\Pandion\Application\images\chat-container\frame-left.png
  • %ProgramFiles%\Pandion\Application\src\main\sound_play.js
  • %ProgramFiles%\Pandion\Application\src\vcard.html
  • %ProgramFiles%\Pandion\Application\avatars\9fab1ae539ce8352e86e0f769e7355cc2acee99d
  • %ProgramFiles%\Pandion\Application\js\welcome.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_connection_settings.js
  • %ProgramFiles%\Pandion\Application\images\clients\sms.gif
  • %ProgramFiles%\Pandion\Application\images\clients\brim.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_emoticon_download.js
  • %ProgramFiles%\Pandion\Application\src\main\XMPPMessage.js
  • %ProgramFiles%\Pandion\Application\avatars\ae31e9c60ad59701ea5f39be4017e051e8aa9f4b
  • %ProgramFiles%\Pandion\Application\src\main\dial_bookmarks_add.js
  • %ProgramFiles%\Pandion\Application\images\clients\unknown-soldier.gif
  • %ProgramFiles%\Pandion\Application\src\group_create.html
  • %ProgramFiles%\Pandion\Application\src\rename_group.html
  • %ProgramFiles%\Pandion\Application\src\main\dial_preferences.js
  • %ProgramFiles%\Pandion\Application\css\chat-container.css
  • %ProgramFiles%\Pandion\Application\src\main\Emoticon.js
  • %ProgramFiles%\Pandion\Application\images\clients\sapo.gif
  • %ProgramFiles%\Pandion\Application\images\clients\smack.gif
  • %ProgramFiles%\Pandion\Application\images\chat-container\tabs-behind.png
  • %ProgramFiles%\Pandion\Application\languages\tr.xml
  • %ProgramFiles%\Pandion\Application\src\conference_invitation.html
  • %ProgramFiles%\Pandion\Application\languages\zh-TW.xml
  • %ProgramFiles%\Pandion\Application\languages\si.xml
  • %ProgramFiles%\Pandion\Application\src\conference-container.html
  • %ProgramFiles%\Pandion\Application\images\clients\exodus.gif
  • %ProgramFiles%\Pandion\Application\images\clients\soapbox.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_webbrowser.js
  • %ProgramFiles%\Pandion\Application\images\clients\jarl.gif
  • %ProgramFiles%\Pandion\Application\images\about\logo.png
  • %ProgramFiles%\Pandion\Application\images\password\lock.ico
  • %ProgramFiles%\Pandion\Application\languages\pt.xml
  • %ProgramFiles%\Pandion\Application\images\edge\bottom.png
  • %ProgramFiles%\Pandion\Application\src\main\login.js
  • %ProgramFiles%\Pandion\Application\images\misc\expand.gif
  • %ProgramFiles%\Pandion\Application\src\file_recv.html
  • %ProgramFiles%\Pandion\Application\src\main\dial_userinfo.js
  • %ProgramFiles%\Pandion\Application\images\misc\arrow-east-dark.gif
  • %ProgramFiles%\Pandion\Application\images\chat-container\emoticon.png
  • %ProgramFiles%\Pandion\Application\images\backgrounds\theme.ico
  • %ProgramFiles%\Pandion\Application\avatars\6631e8de3c972b605a2a87f692e2a12e9a72e600
  • %ProgramFiles%\Pandion\Application\src\toaster.html
  • %ProgramFiles%\Pandion\Application\images\misc\tab-bar-close-lite.gif
  • %ProgramFiles%\Pandion\Application\images\vcard\info.png
  • %ProgramFiles%\Pandion\Application\src\main\dial_file.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_emoticon_list.js
  • %ProgramFiles%\Pandion\Application\src\main\handle_keyboard.js
  • %ProgramFiles%\Pandion\Application\src\groupmessage.html
  • %ProgramFiles%\Pandion\Application\images\clients\yahoo.gif
  • %ProgramFiles%\Pandion\Application\images\clients\msn.gif
  • %ProgramFiles%\Pandion\Application\src\main\XMPPXData.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_conference_browse.js
  • %ProgramFiles%\Pandion\Application\src\conference-password.html
  • %ProgramFiles%\Pandion\Application\src\conference_create.html
  • %ProgramFiles%\Pandion\Application\images\chat-container\theme.png
  • %ProgramFiles%\Pandion\Application\src\main\SettingsSave.js
  • %ProgramFiles%\Pandion\Application\src\main\file2hash.js
  • %ProgramFiles%\Pandion\Application\images\clients\buddyspace.gif
  • %ProgramFiles%\Pandion\Application\src\main\init.js
  • %ProgramFiles%\Pandion\Application\src\main\ContainerCode.js
  • %ProgramFiles%\Pandion\Application\css\xdata.css
  • %ProgramFiles%\Pandion\Application\images\clients\webmessenger.gif
  • %ProgramFiles%\Pandion\Application\images\vcard\pawn.png
  • %ProgramFiles%\Pandion\Application\images\chat-container\tab-add-button-faded.png
  • %ProgramFiles%\Pandion\Application\avatars\f3e450256d13b85cbdbf7191454872465f59f5bf
  • %ProgramFiles%\Pandion\Application\src\main\dial_conference_invite.js
  • %ProgramFiles%\Pandion\Application\images\clients\laptop.gif
  • %ProgramFiles%\Pandion\Application\src\signup.html
  • %ProgramFiles%\Pandion\Application\src\main\dial_background_list.js
  • %ProgramFiles%\Pandion\Application\avatars\73aaccef2ce9a1905b7a6d7f08a90d4aef33b782
  • %ProgramFiles%\Pandion\Application\images\clients\weather.gif
  • %ProgramFiles%\Pandion\Application\images\misc\compact.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_extension_download.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_welcome.js
  • %ProgramFiles%\Pandion\Application\images\contact-add\contact-add.ico
  • %ProgramFiles%\Pandion\Application\images\chat-container\frame-top.png
  • %ProgramFiles%\Pandion\Application\languages\hr.xml
  • %ProgramFiles%\Pandion\Application\images\clients\tipicme.gif
  • %ProgramFiles%\Pandion\Application\js\conference-container.js
  • %ProgramFiles%\Pandion\Application\images\preferences\tools.ico
  • %ProgramFiles%\Pandion\Application\images\console\monitor.ico
  • %ProgramFiles%\Pandion\Application\images\avatar\photos.ico
  • %ProgramFiles%\Pandion\Application\images\clients\googletalk.gif
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnPresence.js
  • %ProgramFiles%\Pandion\Application\src\conference-configuration.html
  • %ProgramFiles%\Pandion\Application\images\main\tab-add-button-faded.png
  • %ProgramFiles%\Pandion\Application\languages\pt-br.xml
  • %ProgramFiles%\Pandion\Application\src\main\Reconnect.js
  • %ProgramFiles%\Pandion\Application\images\clients\shaolo.gif
  • %ProgramFiles%\Pandion\Application\images\clients\pidgin.gif
  • %ProgramFiles%\Pandion\Application\images\vcard\card.ico
  • %ProgramFiles%\Pandion\Application\images\clients\gush.gif
  • %ProgramFiles%\Pandion\Application\images\clients\trillian.gif
  • %ProgramFiles%\Pandion\Application\src\main\dial_avatar_pick.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_bookmarks_manage.js
  • %ProgramFiles%\Pandion\Application\src\main\vcard.js
  • %ProgramFiles%\Pandion\Application\images\welcome\feed.png
  • %ProgramFiles%\Pandion\Application\images\clients\console.gif
  • %ProgramFiles%\Pandion\Application\images\clients\jabbix.gif
  • %ProgramFiles%\Pandion\Application\images\clients\punjab.gif
  • %ProgramFiles%\Pandion\Application\src\main\XHTML-IM.js
  • %ProgramFiles%\Pandion\Application\images\clients\desktop.gif
  • %ProgramFiles%\Pandion\Application\src\auth_invitation.html
  • %ProgramFiles%\Pandion\Application\images\preferences\wall.png
  • %ProgramFiles%\Pandion\Application\js\lib\json2.js
  • %ProgramFiles%\Pandion\Application\avatars\09084fcff61fab8c7088551c39a5fb5a206bc294
  • %ProgramFiles%\Pandion\Application\images\transports\connector.ico
  • %ProgramFiles%\Pandion\Application\src\main\XMPPOnStartSCFailed.js
  • %ProgramFiles%\Pandion\Application\images\clients\rival.gif
  • %ProgramFiles%\Pandion\Application\src\main\XMPPAddress.js
  • %ProgramFiles%\Pandion\Application\src\mode_select.html
  • %ProgramFiles%\Pandion\Application\settings\default.xml
  • %ProgramFiles%\Pandion\Application\images\edge\behind.png
  • %ProgramFiles%\Pandion\Application\images\edge\left.png
  • %ProgramFiles%\Pandion\Application\src\main\SaveCommonProfile.js
  • %ProgramFiles%\Pandion\Application\images\chat-container\keyboard.png
  • %ProgramFiles%\Pandion\Application\images\plug-ins\tiles.ico
  • %ProgramFiles%\Pandion\Application\src\main\dial_chat.js
  • %ProgramFiles%\Pandion\Application\images\conference\note.ico
  • %ProgramFiles%\Pandion\Application\js\lib\client\html\searchBox.js
  • %ProgramFiles%\Pandion\Application\images\preferences\audio.png
  • %ProgramFiles%\Pandion\Application\images\clients\small\yahoo.gif
  • %ProgramFiles%\Pandion\Application\images\clients\winjab.gif
  • %ProgramFiles%\Pandion\Application\images\welcome\getsatisfaction.gif
  • %ProgramFiles%\Pandion\Application\src\background_list.html
  • %ProgramFiles%\Pandion\Application\languages\vn.xml
  • %ProgramFiles%\Pandion\Application\src\main\Translator.js
  • %ProgramFiles%\Pandion\Application\images\welcome\background.jpg
  • %ProgramFiles%\Pandion\Application\images\misc\arrow-west-dark.gif
  • %ProgramFiles%\Pandion\Application\images\misc\arrow-east-light.gif
  • %ProgramFiles%\Pandion\Application\images\clients\email.gif
  • %ProgramFiles%\Pandion\Application\images\vcard\cog.png
  • %ProgramFiles%\Pandion\Application\images\idle\note.ico
  • %ProgramFiles%\Pandion\Application\src\background_download.html
  • %ProgramFiles%\Pandion\Application\src\main\CommandLine.js
  • %ProgramFiles%\Pandion\Application\js\autoupdate.js
  • %ProgramFiles%\Pandion\Application\js\lib\client\ui\idle\sensor\screenSaver.js
  • %ProgramFiles%\Pandion\Application\images\clients\tkabber.gif
  • %ProgramFiles%\Pandion\Application\images\misc\shown.gif
  • %ProgramFiles%\Pandion\Application\css\lib\meyerweb-reset.css
  • %ProgramFiles%\Pandion\Application\src\transport_list.html
  • %ProgramFiles%\Pandion\Application\src\main\ClientRosterSearch.js
  • %ProgramFiles%\Pandion\Application\src\main\dial_vcard_edit.js
  • %ProgramFiles%\Pandion\Application\images\clients\work.gif
  • <LS_APPDATA>\Microsoft\Internet Explorer\MSIMGSIZ.DAT
Sets the 'hidden' attribute to the following files:
  • %APPDATA%\Microsoft Logon Users\MicrosoftLogon.exe
  • %APPDATA%\Microsoft Logon Users\msimg32.dll
Deletes the following files:
  • %WINDIR%\Installer\MSI1.tmp
  • C:\Config.Msi\27305.rbs
  • %WINDIR%\Installer\MSI4.tmp
  • %WINDIR%\Installer\27303.msi
  • %WINDIR%\Installer\27304.ipi
  • %TEMP%\241b2.msi
Network activity:
Connects to:
  • 'me###oads.club':80
TCP:
HTTP GET requests:
  • http://me###oads.club/0xFBAAAAA0.php?hw##############################
UDP:
  • DNS ASK me###oads.club
Miscellaneous:
Searches for the following windows:
  • ClassName: '%ProgramFiles%\Pandion\Application\Pandion.exe Main Window Class' WindowName: ''
  • ClassName: 'MS_AutodialMonitor' WindowName: ''
  • ClassName: 'MS_WebcheckMonitor' WindowName: ''
Creates and executes the following:
  • '%APPDATA%\Microsoft Logon Users\MicrosoftLogon.exe'
  • '%ProgramFiles%\Pandion\Application\Pandion.exe'
Executes the following:
  • '<SYSTEM32>\msiexec.exe' /i "%TEMP%\msg.msi"
  • '<SYSTEM32>\msiexec.exe' /V
  • '<SYSTEM32>\msiexec.exe' -Embedding 5C5624A5D7FC5F270E246EFC27B2329F

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play