ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.DownLoader26.45992

Added to the Dr.Web virus database: 2018-05-17

Virus description added:

Technical Information

Malicious functions
Injects code into
the following system processes:
  • %WINDIR%\explorer.exe
Reads files which store third party applications passwords
  • %HOMEPATH%\desktop\aoc_saq_d_v3_merchant.docx
Modifies file system
Creates the following files
  • %TEMP%\<File name>20190718.nbl
Network activity
Connects to
  • '255.255.255.255':9000
  • '255.255.255.255':31215
  • '255.255.255.255':43215
UDP
  • DNS ASK u.###uya.com
  • DNS ASK u.####media.com.cn
  • DNS ASK up####.bainv.net
  • DNS ASK l.####media.com.cn
  • '<LOCALNET>.90.251':18837
  • '<LOCALNET>.90.252':18837
  • '<LOCALNET>.90.253':18837
  • '<LOCALNET>.90.254':18837
  • '<LOCALNET>.90.255':18837
  • '<LOCALNET>.90.63':30035
  • '<LOCALNET>.90.62':30035
  • '<LOCALNET>.90.61':30035
  • '<LOCALNET>.90.49':30035
  • '<LOCALNET>.90.249':18837
  • '<LOCALNET>.90.57':30035
  • '<LOCALNET>.90.250':18837
  • '<LOCALNET>.90.56':30035
  • '<LOCALNET>.90.55':30035
  • '<LOCALNET>.90.54':30035
  • '<LOCALNET>.90.53':30035
  • '<LOCALNET>.90.52':30035
  • '<LOCALNET>.90.51':30035
  • '<LOCALNET>.90.50':30035
  • '<LOCALNET>.90.60':30035
  • '<LOCALNET>.90.58':30035
  • '<LOCALNET>.90.59':30035
  • '<LOCALNET>.90.226':18837
  • '<LOCALNET>.90.1':30035
  • '<LOCALNET>.90.235':18837
  • '<LOCALNET>.90.234':18837
  • '<LOCALNET>.90.233':18837
  • '<LOCALNET>.90.232':18837
  • '<LOCALNET>.90.231':18837
  • '<LOCALNET>.90.230':18837
  • '<LOCALNET>.90.229':18837
  • '<LOCALNET>.90.228':18837
  • '<LOCALNET>.90.246':18837
  • '<LOCALNET>.90.248':18837
  • '<LOCALNET>.90.247':18837
  • '<LOCALNET>.90.224':18837
  • '<LOCALNET>.90.239':18837
  • '<LOCALNET>.90.240':18837
  • '<LOCALNET>.90.241':18837
  • '<LOCALNET>.90.242':18837
  • '<LOCALNET>.90.243':18837
  • '<LOCALNET>.90.244':18837
  • '<LOCALNET>.90.245':18837
  • '<LOCALNET>.90.227':18837
  • '<LOCALNET>.90.225':18837
  • '<LOCALNET>.90.237':18837
  • '<LOCALNET>.90.45':30035
  • '<LOCALNET>.90.236':18837
  • '<LOCALNET>.90.20':30035
  • '<LOCALNET>.90.19':30035
  • '<LOCALNET>.90.18':30035
  • '<LOCALNET>.90.17':30035
  • '<LOCALNET>.90.16':30035
  • '<LOCALNET>.90.15':30035
  • '<LOCALNET>.90.14':30035
  • '<LOCALNET>.90.13':30035
  • '<LOCALNET>.90.47':30035
  • '<LOCALNET>.90.21':30035
  • '<LOCALNET>.90.22':30035
  • '<LOCALNET>.90.9':30035
  • '<LOCALNET>.90.8':30035
  • '<LOCALNET>.90.7':30035
  • '<LOCALNET>.90.6':30035
  • '<LOCALNET>.90.5':30035
  • '<LOCALNET>.90.4':30035
  • '<LOCALNET>.90.3':30035
  • '<LOCALNET>.90.2':30035
  • '<LOCALNET>.90.12':30035
  • '<LOCALNET>.90.10':30035
  • '<LOCALNET>.90.46':30035
  • '<LOCALNET>.90.11':30035
  • '<LOCALNET>.90.48':30035
  • '<LOCALNET>.90.44':30035
  • '<LOCALNET>.90.43':30035
  • '<LOCALNET>.90.42':30035
  • '<LOCALNET>.90.41':30035
  • '<LOCALNET>.90.40':30035
  • '<LOCALNET>.90.39':30035
  • '<LOCALNET>.90.38':30035
  • '<LOCALNET>.90.37':30035
  • '<LOCALNET>.90.25':30035
  • '<LOCALNET>.90.23':30035
  • '<LOCALNET>.90.24':30035
  • '<LOCALNET>.90.33':30035
  • '<LOCALNET>.90.32':30035
  • '<LOCALNET>.90.31':30035
  • '<LOCALNET>.90.30':30035
  • '<LOCALNET>.90.29':30035
  • '<LOCALNET>.90.28':30035
  • '<LOCALNET>.90.27':30035
  • '<LOCALNET>.90.26':30035
  • '<LOCALNET>.90.36':30035
  • '<LOCALNET>.90.34':30035
  • '<LOCALNET>.90.35':30035
  • '<LOCALNET>.90.125':18837
  • '<LOCALNET>.90.255':30035
  • '<LOCALNET>.90.92':18837
  • '<LOCALNET>.90.93':18837
  • '<LOCALNET>.90.94':18837
  • '<LOCALNET>.90.95':18837
  • '<LOCALNET>.90.96':18837
  • '<LOCALNET>.90.97':18837
  • '<LOCALNET>.90.98':18837
  • '<LOCALNET>.90.99':18837
  • '<LOCALNET>.90.111':18837
  • '<LOCALNET>.90.91':18837
  • '<LOCALNET>.90.90':18837
  • '<LOCALNET>.90.103':18837
  • '<LOCALNET>.90.104':18837
  • '<LOCALNET>.90.105':18837
  • '<LOCALNET>.90.106':18837
  • '<LOCALNET>.90.107':18837
  • '<LOCALNET>.90.108':18837
  • '<LOCALNET>.90.109':18837
  • '<LOCALNET>.90.110':18837
  • '<LOCALNET>.90.100':18837
  • '<LOCALNET>.90.102':18837
  • '<LOCALNET>.90.222':18837
  • '<LOCALNET>.90.101':18837
  • '<LOCALNET>.90.192':18837
  • '<LOCALNET>.90.183':18837
  • '<LOCALNET>.90.184':18837
  • '<LOCALNET>.90.185':18837
  • '<LOCALNET>.90.186':18837
  • '<LOCALNET>.90.187':18837
  • '<LOCALNET>.90.188':18837
  • '<LOCALNET>.90.189':18837
  • '<LOCALNET>.90.190':18837
  • '<LOCALNET>.90.202':18837
  • '<LOCALNET>.90.89':18837
  • '<LOCALNET>.90.203':18837
  • '<LOCALNET>.90.194':18837
  • '<LOCALNET>.90.195':18837
  • '<LOCALNET>.90.196':18837
  • '<LOCALNET>.90.197':18837
  • '<LOCALNET>.90.198':18837
  • '<LOCALNET>.90.199':18837
  • '<LOCALNET>.90.200':18837
  • '<LOCALNET>.90.201':18837
  • '<LOCALNET>.90.191':18837
  • '<LOCALNET>.90.193':18837
  • '<LOCALNET>.90.238':18837
  • '<LOCALNET>.90.223':18837
  • '<LOCALNET>.90.115':18837
  • '<LOCALNET>.90.140':18837
  • '<LOCALNET>.90.204':18837
  • '<LOCALNET>.90.205':18837
  • '<LOCALNET>.90.206':18837
  • '<LOCALNET>.90.207':18837
  • '<LOCALNET>.90.208':18837
  • '<LOCALNET>.90.209':18837
  • '<LOCALNET>.90.210':18837
  • '<LOCALNET>.90.113':18837
  • '<LOCALNET>.90.139':18837
  • '<LOCALNET>.90.138':18837
  • '<LOCALNET>.90.214':18837
  • '<LOCALNET>.90.215':18837
  • '<LOCALNET>.90.216':18837
  • '<LOCALNET>.90.217':18837
  • '<LOCALNET>.90.218':18837
  • '<LOCALNET>.90.219':18837
  • '<LOCALNET>.90.220':18837
  • '<LOCALNET>.90.221':18837
  • '<LOCALNET>.90.211':18837
  • '<LOCALNET>.90.213':18837
  • '<LOCALNET>.90.114':18837
  • '<LOCALNET>.90.212':18837
  • '<LOCALNET>.90.112':18837
  • '<LOCALNET>.90.116':18837
  • '<LOCALNET>.90.117':18837
  • '<LOCALNET>.90.118':18837
  • '<LOCALNET>.90.119':18837
  • '<LOCALNET>.90.120':18837
  • '<LOCALNET>.90.121':18837
  • '<LOCALNET>.90.122':18837
  • '<LOCALNET>.90.123':18837
  • '<LOCALNET>.90.135':18837
  • '<LOCALNET>.90.137':18837
  • '<LOCALNET>.90.136':18837
  • '<LOCALNET>.90.127':18837
  • '<LOCALNET>.90.128':18837
  • '<LOCALNET>.90.129':18837
  • '<LOCALNET>.90.130':18837
  • '<LOCALNET>.90.131':18837
  • '<LOCALNET>.90.132':18837
  • '<LOCALNET>.90.133':18837
  • '<LOCALNET>.90.134':18837
  • '<LOCALNET>.90.124':18837
  • '<LOCALNET>.90.126':18837
  • '<LOCALNET>.90.88':30035
  • '<LOCALNET>.90.84':30035
  • '<LOCALNET>.90.182':18837
  • '<LOCALNET>.90.227':30035
  • '<LOCALNET>.90.228':30035
  • '<LOCALNET>.90.229':30035
  • '<LOCALNET>.90.230':30035
  • '<LOCALNET>.90.231':30035
  • '<LOCALNET>.90.232':30035
  • '<LOCALNET>.90.233':30035
  • '<LOCALNET>.90.234':30035
  • '<LOCALNET>.90.216':30035
  • '<LOCALNET>.90.226':30035
  • '<LOCALNET>.90.225':30035
  • '<LOCALNET>.90.238':30035
  • '<LOCALNET>.90.223':30035
  • '<LOCALNET>.90.222':30035
  • '<LOCALNET>.90.221':30035
  • '<LOCALNET>.90.220':30035
  • '<LOCALNET>.90.219':30035
  • '<LOCALNET>.90.218':30035
  • '<LOCALNET>.90.217':30035
  • '<LOCALNET>.90.235':30035
  • '<LOCALNET>.90.237':30035
  • '<LOCALNET>.90.163':30035
  • '<LOCALNET>.90.236':30035
  • '<LOCALNET>.90.152':30035
  • '<LOCALNET>.90.161':30035
  • '<LOCALNET>.90.160':30035
  • '<LOCALNET>.90.159':30035
  • '<LOCALNET>.90.158':30035
  • '<LOCALNET>.90.157':30035
  • '<LOCALNET>.90.156':30035
  • '<LOCALNET>.90.155':30035
  • '<LOCALNET>.90.154':30035
  • '<LOCALNET>.90.142':30035
  • '<LOCALNET>.90.224':30035
  • '<LOCALNET>.90.141':30035
  • '<LOCALNET>.90.150':30035
  • '<LOCALNET>.90.149':30035
  • '<LOCALNET>.90.148':30035
  • '<LOCALNET>.90.147':30035
  • '<LOCALNET>.90.146':30035
  • '<LOCALNET>.90.145':30035
  • '<LOCALNET>.90.144':30035
  • '<LOCALNET>.90.143':30035
  • '<LOCALNET>.90.153':30035
  • '<LOCALNET>.90.151':30035
  • '<LOCALNET>.90.162':30035
  • '<LOCALNET>.90.215':30035
  • '<LOCALNET>.90.211':30035
  • '<LOCALNET>.90.124':30035
  • '<LOCALNET>.90.123':30035
  • '<LOCALNET>.90.122':30035
  • '<LOCALNET>.90.254':30035
  • '<LOCALNET>.90.253':30035
  • '<LOCALNET>.90.252':30035
  • '<LOCALNET>.90.251':30035
  • '<LOCALNET>.90.250':30035
  • '<LOCALNET>.90.126':30035
  • '<LOCALNET>.90.125':30035
  • '<LOCALNET>.90.249':30035
  • '<LOCALNET>.90.246':30035
  • '<LOCALNET>.90.245':30035
  • '<LOCALNET>.90.244':30035
  • '<LOCALNET>.90.243':30035
  • '<LOCALNET>.90.242':30035
  • '<LOCALNET>.90.241':30035
  • '<LOCALNET>.90.240':30035
  • '<LOCALNET>.90.239':30035
  • '<LOCALNET>.90.248':30035
  • '<LOCALNET>.90.247':30035
  • '<LOCALNET>.90.213':30035
  • '<LOCALNET>.90.214':30035
  • '<LOCALNET>.90.129':30035
  • '<LOCALNET>.90.210':30035
  • '<LOCALNET>.90.209':30035
  • '<LOCALNET>.90.208':30035
  • '<LOCALNET>.90.207':30035
  • '<LOCALNET>.90.206':30035
  • '<LOCALNET>.90.205':30035
  • '<LOCALNET>.90.204':30035
  • '<LOCALNET>.90.128':30035
  • '<LOCALNET>.90.212':30035
  • '<LOCALNET>.90.127':30035
  • '<LOCALNET>.90.140':30035
  • '<LOCALNET>.90.136':30035
  • '<LOCALNET>.90.135':30035
  • '<LOCALNET>.90.134':30035
  • '<LOCALNET>.90.133':30035
  • '<LOCALNET>.90.132':30035
  • '<LOCALNET>.90.131':30035
  • '<LOCALNET>.90.130':30035
  • '<LOCALNET>.90.139':30035
  • '<LOCALNET>.90.138':30035
  • '<LOCALNET>.90.137':30035
  • '<LOCALNET>.90.181':18837
  • '<LOCALNET>.90.87':30035
  • '<LOCALNET>.90.166':30035
  • '<LOCALNET>.90.117':30035
  • '<LOCALNET>.90.116':30035
  • '<LOCALNET>.90.115':30035
  • '<LOCALNET>.90.114':30035
  • '<LOCALNET>.90.113':30035
  • '<LOCALNET>.90.112':30035
  • '<LOCALNET>.90.111':30035
  • '<LOCALNET>.90.120':30035
  • '<LOCALNET>.90.121':30035
  • '<LOCALNET>.90.118':30035
  • '<LOCALNET>.90.110':30035
  • '<LOCALNET>.90.106':30035
  • '<LOCALNET>.90.105':30035
  • '<LOCALNET>.90.104':30035
  • '<LOCALNET>.90.103':30035
  • '<LOCALNET>.90.102':30035
  • '<LOCALNET>.90.101':30035
  • '<LOCALNET>.90.100':30035
  • '<LOCALNET>.90.109':30035
  • '<LOCALNET>.90.108':30035
  • '<LOCALNET>.90.107':30035
  • '<LOCALNET>.90.119':30035
  • '<LOCALNET>.90.99':30035
  • '<LOCALNET>.90.165':30035
  • '<LOCALNET>.90.83':30035
  • '<LOCALNET>.90.82':30035
  • '<LOCALNET>.90.81':30035
  • '<LOCALNET>.90.80':30035
  • '<LOCALNET>.90.79':30035
  • '<LOCALNET>.90.78':30035
  • '<LOCALNET>.90.77':30035
  • '<LOCALNET>.90.64':30035
  • '<LOCALNET>.90.85':30035
  • '<LOCALNET>.90.65':30035
  • '<LOCALNET>.90.76':30035
  • '<LOCALNET>.90.72':30035
  • '<LOCALNET>.90.71':30035
  • '<LOCALNET>.90.70':30035
  • '<LOCALNET>.90.69':30035
  • '<LOCALNET>.90.68':30035
  • '<LOCALNET>.90.67':30035
  • '<LOCALNET>.90.66':30035
  • '<LOCALNET>.90.75':30035
  • '<LOCALNET>.90.74':30035
  • '<LOCALNET>.90.73':30035
  • '<LOCALNET>.90.164':30035
  • '<LOCALNET>.90.98':30035
  • '<LOCALNET>.90.94':30035
  • '<LOCALNET>.90.184':30035
  • '<LOCALNET>.90.183':30035
  • '<LOCALNET>.90.182':30035
  • '<LOCALNET>.90.181':30035
  • '<LOCALNET>.90.180':30035
  • '<LOCALNET>.90.179':30035
  • '<LOCALNET>.90.178':30035
  • '<LOCALNET>.90.187':30035
  • '<LOCALNET>.90.188':30035
  • '<LOCALNET>.90.185':30035
  • '<LOCALNET>.90.177':30035
  • '<LOCALNET>.90.173':30035
  • '<LOCALNET>.90.172':30035
  • '<LOCALNET>.90.171':30035
  • '<LOCALNET>.90.170':30035
  • '<LOCALNET>.90.169':30035
  • '<LOCALNET>.90.168':30035
  • '<LOCALNET>.90.167':30035
  • '<LOCALNET>.90.176':30035
  • '<LOCALNET>.90.175':30035
  • '<LOCALNET>.90.174':30035
  • '<LOCALNET>.90.186':30035
  • '<LOCALNET>.90.97':30035
  • '<LOCALNET>.90.96':30035
  • '<LOCALNET>.90.93':30035
  • '<LOCALNET>.90.92':30035
  • '<LOCALNET>.90.91':30035
  • '<LOCALNET>.90.90':30035
  • '<LOCALNET>.90.89':30035
  • '<LOCALNET>.90.203':30035
  • '<LOCALNET>.90.202':30035
  • '<LOCALNET>.90.189':30035
  • '<LOCALNET>.90.95':30035
  • '<LOCALNET>.90.190':30035
  • '<LOCALNET>.90.201':30035
  • '<LOCALNET>.90.197':30035
  • '<LOCALNET>.90.196':30035
  • '<LOCALNET>.90.195':30035
  • '<LOCALNET>.90.194':30035
  • '<LOCALNET>.90.193':30035
  • '<LOCALNET>.90.192':30035
  • '<LOCALNET>.90.191':30035
  • '<LOCALNET>.90.200':30035
  • '<LOCALNET>.90.199':30035
  • '<LOCALNET>.90.198':30035
  • '<LOCALNET>.90.179':18837
  • '<LOCALNET>.90.178':18837
  • '<LOCALNET>.90.180':18837
  • '<LOCALNET>.90.121':5879
  • '<LOCALNET>.90.122':5879
  • '<LOCALNET>.90.123':5879
  • '<LOCALNET>.90.124':5879
  • '<LOCALNET>.90.125':5879
  • '<LOCALNET>.90.126':5879
  • '<LOCALNET>.90.127':5879
  • '<LOCALNET>.90.128':5879
  • '<LOCALNET>.90.119':5879
  • '<LOCALNET>.90.140':5879
  • '<LOCALNET>.90.118':5879
  • '<LOCALNET>.90.132':5879
  • '<LOCALNET>.90.133':5879
  • '<LOCALNET>.90.134':5879
  • '<LOCALNET>.90.135':5879
  • '<LOCALNET>.90.136':5879
  • '<LOCALNET>.90.137':5879
  • '<LOCALNET>.90.138':5879
  • '<LOCALNET>.90.139':5879
  • '<LOCALNET>.90.130':5879
  • '<LOCALNET>.90.129':5879
  • '<LOCALNET>.90.131':5879
  • '<LOCALNET>.90.116':5879
  • '<LOCALNET>.90.107':5879
  • '<LOCALNET>.90.97':5879
  • '<LOCALNET>.90.98':5879
  • '<LOCALNET>.90.99':5879
  • '<LOCALNET>.90.100':5879
  • '<LOCALNET>.90.101':5879
  • '<LOCALNET>.90.102':5879
  • '<LOCALNET>.90.103':5879
  • '<LOCALNET>.90.104':5879
  • '<LOCALNET>.90.117':5879
  • '<LOCALNET>.90.95':5879
  • '<LOCALNET>.90.96':5879
  • '<LOCALNET>.90.108':5879
  • '<LOCALNET>.90.109':5879
  • '<LOCALNET>.90.110':5879
  • '<LOCALNET>.90.111':5879
  • '<LOCALNET>.90.112':5879
  • '<LOCALNET>.90.113':5879
  • '<LOCALNET>.90.114':5879
  • '<LOCALNET>.90.115':5879
  • '<LOCALNET>.90.106':5879
  • '<LOCALNET>.90.105':5879
  • '<LOCALNET>.90.189':5879
  • '<LOCALNET>.90.94':5879
  • '<LOCALNET>.90.168':5879
  • '<LOCALNET>.90.169':5879
  • '<LOCALNET>.90.170':5879
  • '<LOCALNET>.90.171':5879
  • '<LOCALNET>.90.172':5879
  • '<LOCALNET>.90.173':5879
  • '<LOCALNET>.90.174':5879
  • '<LOCALNET>.90.175':5879
  • '<LOCALNET>.90.176':5879
  • '<LOCALNET>.90.167':5879
  • '<LOCALNET>.90.142':5879
  • '<LOCALNET>.90.166':5879
  • '<LOCALNET>.90.180':5879
  • '<LOCALNET>.90.181':5879
  • '<LOCALNET>.90.182':5879
  • '<LOCALNET>.90.183':5879
  • '<LOCALNET>.90.184':5879
  • '<LOCALNET>.90.185':5879
  • '<LOCALNET>.90.186':5879
  • '<LOCALNET>.90.187':5879
  • '<LOCALNET>.90.178':5879
  • '<LOCALNET>.90.177':5879
  • '<LOCALNET>.90.141':5879
  • '<LOCALNET>.90.164':5879
  • '<LOCALNET>.90.155':5879
  • '<LOCALNET>.90.145':5879
  • '<LOCALNET>.90.146':5879
  • '<LOCALNET>.90.147':5879
  • '<LOCALNET>.90.148':5879
  • '<LOCALNET>.90.149':5879
  • '<LOCALNET>.90.150':5879
  • '<LOCALNET>.90.151':5879
  • '<LOCALNET>.90.152':5879
  • '<LOCALNET>.90.165':5879
  • '<LOCALNET>.90.143':5879
  • '<LOCALNET>.90.144':5879
  • '<LOCALNET>.90.156':5879
  • '<LOCALNET>.90.157':5879
  • '<LOCALNET>.90.158':5879
  • '<LOCALNET>.90.159':5879
  • '<LOCALNET>.90.160':5879
  • '<LOCALNET>.90.161':5879
  • '<LOCALNET>.90.162':5879
  • '<LOCALNET>.90.163':5879
  • '<LOCALNET>.90.154':5879
  • '<LOCALNET>.90.153':5879
  • '<LOCALNET>.90.179':5879
  • '<LOCALNET>.90.188':5879
  • '<LOCALNET>.90.83':5879
  • '<LOCALNET>.90.25':5879
  • '<LOCALNET>.90.26':5879
  • '<LOCALNET>.90.27':5879
  • '<LOCALNET>.90.28':5879
  • '<LOCALNET>.90.29':5879
  • '<LOCALNET>.90.30':5879
  • '<LOCALNET>.90.31':5879
  • '<LOCALNET>.90.32':5879
  • '<LOCALNET>.90.23':5879
  • '<LOCALNET>.90.93':5879
  • '<LOCALNET>.90.22':5879
  • '<LOCALNET>.90.36':5879
  • '<LOCALNET>.90.37':5879
  • '<LOCALNET>.90.38':5879
  • '<LOCALNET>.90.39':5879
  • '<LOCALNET>.90.40':5879
  • '<LOCALNET>.90.41':5879
  • '<LOCALNET>.90.42':5879
  • '<LOCALNET>.90.43':5879
  • '<LOCALNET>.90.34':5879
  • '<LOCALNET>.90.33':5879
  • '<LOCALNET>.90.35':5879
  • '<LOCALNET>.90.44':5879
  • '<LOCALNET>.90.11':5879
  • '<LOCALNET>.90.1':5879
  • '<LOCALNET>.90.2':5879
  • '<LOCALNET>.90.3':5879
  • '<LOCALNET>.90.4':5879
  • '<LOCALNET>.90.5':5879
  • '<LOCALNET>.90.6':5879
  • '<LOCALNET>.90.7':5879
  • '<LOCALNET>.90.8':5879
  • '<LOCALNET>.90.21':5879
  • '<LOCALNET>.90.20':5879
  • '<LOCALNET>.90.9':5879
  • '255.255.255.255':9002
  • '<LOCALNET>.90.13':5879
  • '<LOCALNET>.90.14':5879
  • '<LOCALNET>.90.15':5879
  • '<LOCALNET>.90.16':5879
  • '<LOCALNET>.90.17':5879
  • '<LOCALNET>.90.18':5879
  • '<LOCALNET>.90.19':5879
  • '<LOCALNET>.90.10':5879
  • '<LOCALNET>.90.12':5879
  • '<LOCALNET>.90.92':5879
  • '<LOCALNET>.90.45':5879
  • '<LOCALNET>.90.24':5879
  • '<LOCALNET>.90.73':5879
  • '<LOCALNET>.90.74':5879
  • '<LOCALNET>.90.75':5879
  • '<LOCALNET>.90.76':5879
  • '<LOCALNET>.90.77':5879
  • '<LOCALNET>.90.78':5879
  • '<LOCALNET>.90.79':5879
  • '<LOCALNET>.90.80':5879
  • '<LOCALNET>.90.71':5879
  • '<LOCALNET>.90.46':5879
  • '<LOCALNET>.90.70':5879
  • '<LOCALNET>.90.84':5879
  • '<LOCALNET>.90.85':5879
  • '<LOCALNET>.90.86':5879
  • '<LOCALNET>.90.87':5879
  • '<LOCALNET>.90.88':5879
  • '<LOCALNET>.90.89':5879
  • '<LOCALNET>.90.90':5879
  • '<LOCALNET>.90.91':5879
  • '<LOCALNET>.90.82':5879
  • '<LOCALNET>.90.81':5879
  • '<LOCALNET>.90.72':5879
  • '<LOCALNET>.90.68':5879
  • '<LOCALNET>.90.59':5879
  • '<LOCALNET>.90.49':5879
  • '<LOCALNET>.90.50':5879
  • '<LOCALNET>.90.51':5879
  • '<LOCALNET>.90.52':5879
  • '<LOCALNET>.90.53':5879
  • '<LOCALNET>.90.54':5879
  • '<LOCALNET>.90.55':5879
  • '<LOCALNET>.90.56':5879
  • '<LOCALNET>.90.69':5879
  • '<LOCALNET>.90.47':5879
  • '<LOCALNET>.90.48':5879
  • '<LOCALNET>.90.60':5879
  • '<LOCALNET>.90.61':5879
  • '<LOCALNET>.90.62':5879
  • '<LOCALNET>.90.63':5879
  • '<LOCALNET>.90.64':5879
  • '<LOCALNET>.90.65':5879
  • '<LOCALNET>.90.66':5879
  • '<LOCALNET>.90.67':5879
  • '<LOCALNET>.90.58':5879
  • '<LOCALNET>.90.57':5879
  • '<LOCALNET>.90.190':5879
  • '<LOCALNET>.90.83':18837
  • '<LOCALNET>.90.120':5879
  • '<LOCALNET>.90.85':18837
  • '<LOCALNET>.90.86':18837
  • '<LOCALNET>.90.87':18837
  • '<LOCALNET>.90.88':18837
  • '<LOCALNET>.90.1':18837
  • '<LOCALNET>.90.2':18837
  • '<LOCALNET>.90.3':18837
  • '<LOCALNET>.90.82':18837
  • '<LOCALNET>.90.81':18837
  • '<LOCALNET>.90.84':18837
  • '<LOCALNET>.90.4':18837
  • '<LOCALNET>.90.8':18837
  • '<LOCALNET>.90.9':18837
  • '<LOCALNET>.90.10':18837
  • '<LOCALNET>.90.11':18837
  • '<LOCALNET>.90.12':18837
  • '<LOCALNET>.90.13':18837
  • '<LOCALNET>.90.14':18837
  • '<LOCALNET>.90.5':18837
  • '<LOCALNET>.90.6':18837
  • '<LOCALNET>.90.7':18837
  • '<LOCALNET>.90.56':18837
  • '<LOCALNET>.90.15':18837
  • '<LOCALNET>.90.58':18837
  • '<LOCALNET>.90.61':18837
  • '<LOCALNET>.90.62':18837
  • '<LOCALNET>.90.63':18837
  • '<LOCALNET>.90.64':18837
  • '<LOCALNET>.90.65':18837
  • '<LOCALNET>.90.66':18837
  • '<LOCALNET>.90.67':18837
  • '<LOCALNET>.90.80':18837
  • '<LOCALNET>.90.59':18837
  • '<LOCALNET>.90.79':18837
  • '<LOCALNET>.90.68':18837
  • '<LOCALNET>.90.72':18837
  • '<LOCALNET>.90.73':18837
  • '<LOCALNET>.90.74':18837
  • '<LOCALNET>.90.75':18837
  • '<LOCALNET>.90.76':18837
  • '<LOCALNET>.90.77':18837
  • '<LOCALNET>.90.78':18837
  • '<LOCALNET>.90.69':18837
  • '<LOCALNET>.90.70':18837
  • '<LOCALNET>.90.71':18837
  • '<LOCALNET>.90.60':18837
  • '<LOCALNET>.90.16':18837
  • '<LOCALNET>.90.20':18837
  • '<LOCALNET>.90.160':18837
  • '<LOCALNET>.90.161':18837
  • '<LOCALNET>.90.162':18837
  • '<LOCALNET>.90.163':18837
  • '<LOCALNET>.90.164':18837
  • '<LOCALNET>.90.165':18837
  • '<LOCALNET>.90.166':18837
  • '<LOCALNET>.90.157':18837
  • '<LOCALNET>.90.156':18837
  • '<LOCALNET>.90.159':18837
  • '<LOCALNET>.90.167':18837
  • '<LOCALNET>.90.171':18837
  • '<LOCALNET>.90.172':18837
  • '<LOCALNET>.90.173':18837
  • '<LOCALNET>.90.174':18837
  • '<LOCALNET>.90.175':18837
  • '<LOCALNET>.90.176':18837
  • '<LOCALNET>.90.177':18837
  • '<LOCALNET>.90.168':18837
  • '<LOCALNET>.90.169':18837
  • '<LOCALNET>.90.170':18837
  • '<LOCALNET>.90.158':18837
  • '<LOCALNET>.90.17':18837
  • '<LOCALNET>.90.18':18837
  • '<LOCALNET>.90.21':18837
  • '<LOCALNET>.90.22':18837
  • '<LOCALNET>.90.23':18837
  • '<LOCALNET>.90.24':18837
  • '<LOCALNET>.90.25':18837
  • '<LOCALNET>.90.141':18837
  • '<LOCALNET>.90.142':18837
  • '<LOCALNET>.90.155':18837
  • '<LOCALNET>.90.19':18837
  • '<LOCALNET>.90.154':18837
  • '<LOCALNET>.90.143':18837
  • '<LOCALNET>.90.147':18837
  • '<LOCALNET>.90.148':18837
  • '<LOCALNET>.90.149':18837
  • '<LOCALNET>.90.150':18837
  • '<LOCALNET>.90.151':18837
  • '<LOCALNET>.90.152':18837
  • '<LOCALNET>.90.153':18837
  • '<LOCALNET>.90.144':18837
  • '<LOCALNET>.90.145':18837
  • '<LOCALNET>.90.146':18837
  • '<LOCALNET>.90.57':18837
  • '<LOCALNET>.90.55':18837
  • '<LOCALNET>.90.191':5879
  • '<LOCALNET>.90.217':5879
  • '<LOCALNET>.90.218':5879
  • '<LOCALNET>.90.219':5879
  • '<LOCALNET>.90.220':5879
  • '<LOCALNET>.90.221':5879
  • '<LOCALNET>.90.222':5879
  • '<LOCALNET>.90.223':5879
  • '<LOCALNET>.90.224':5879
  • '<LOCALNET>.90.215':5879
  • '<LOCALNET>.90.236':5879
  • '<LOCALNET>.90.214':5879
  • '<LOCALNET>.90.228':5879
  • '<LOCALNET>.90.229':5879
  • '<LOCALNET>.90.230':5879
  • '<LOCALNET>.90.231':5879
  • '<LOCALNET>.90.232':5879
  • '<LOCALNET>.90.233':5879
  • '<LOCALNET>.90.234':5879
  • '<LOCALNET>.90.235':5879
  • '<LOCALNET>.90.226':5879
  • '<LOCALNET>.90.225':5879
  • '<LOCALNET>.90.227':5879
  • '<LOCALNET>.90.212':5879
  • '<LOCALNET>.90.203':5879
  • '<LOCALNET>.90.193':5879
  • '<LOCALNET>.90.194':5879
  • '<LOCALNET>.90.195':5879
  • '<LOCALNET>.90.196':5879
  • '<LOCALNET>.90.197':5879
  • '<LOCALNET>.90.198':5879
  • '<LOCALNET>.90.199':5879
  • '<LOCALNET>.90.200':5879
  • '<LOCALNET>.90.213':5879
  • '<LOCALNET>.90.237':5879
  • '<LOCALNET>.90.192':5879
  • '<LOCALNET>.90.204':5879
  • '<LOCALNET>.90.205':5879
  • '<LOCALNET>.90.206':5879
  • '<LOCALNET>.90.207':5879
  • '<LOCALNET>.90.208':5879
  • '<LOCALNET>.90.209':5879
  • '<LOCALNET>.90.210':5879
  • '<LOCALNET>.90.211':5879
  • '<LOCALNET>.90.202':5879
  • '<LOCALNET>.90.201':5879
  • '<LOCALNET>.90.216':5879
  • '<LOCALNET>.90.238':5879
  • '<LOCALNET>.90.35':18837
  • '<LOCALNET>.90.37':18837
  • '<LOCALNET>.90.38':18837
  • '<LOCALNET>.90.39':18837
  • '<LOCALNET>.90.40':18837
  • '<LOCALNET>.90.41':18837
  • '<LOCALNET>.90.42':18837
  • '<LOCALNET>.90.43':18837
  • '<LOCALNET>.90.34':18837
  • '<LOCALNET>.90.32':18837
  • '<LOCALNET>.90.36':18837
  • '<LOCALNET>.90.44':18837
  • '<LOCALNET>.90.48':18837
  • '<LOCALNET>.90.49':18837
  • '<LOCALNET>.90.50':18837
  • '<LOCALNET>.90.51':18837
  • '<LOCALNET>.90.52':18837
  • '<LOCALNET>.90.53':18837
  • '<LOCALNET>.90.54':18837
  • '<LOCALNET>.90.45':18837
  • '<LOCALNET>.90.46':18837
  • '<LOCALNET>.90.47':18837
  • '<LOCALNET>.90.33':18837
  • '<LOCALNET>.90.31':18837
  • '<LOCALNET>.90.239':5879
  • '<LOCALNET>.90.241':5879
  • '<LOCALNET>.90.242':5879
  • '<LOCALNET>.90.243':5879
  • '<LOCALNET>.90.244':5879
  • '<LOCALNET>.90.245':5879
  • '<LOCALNET>.90.246':5879
  • '<LOCALNET>.90.247':5879
  • '<LOCALNET>.90.248':5879
  • '<LOCALNET>.90.249':5879
  • '<LOCALNET>.90.240':5879
  • '<LOCALNET>.90.250':5879
  • '<LOCALNET>.90.252':5879
  • '<LOCALNET>.90.253':5879
  • '<LOCALNET>.90.254':5879
  • '<LOCALNET>.90.255':5879
  • '<LOCALNET>.90.26':18837
  • '<LOCALNET>.90.27':18837
  • '<LOCALNET>.90.28':18837
  • '<LOCALNET>.90.29':18837
  • '<LOCALNET>.90.30':18837
  • '<LOCALNET>.90.251':5879
  • '<LOCALNET>.90.86':30035
  • '12#.#9.137.181':7838
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'SHELLDLL_DefView' WindowName: ''
  • ClassName: 'SysListView32' WindowName: ''
  • ClassName: '' WindowName: 'default__ad_shower__'
  • ClassName: '__adPublisherWndClass__' WindowName: ''
  • ClassName: '' WindowName: 'iKeeper¼Æ·Ñ¹ÜÀíϵͳ'
  • ClassName: '' WindowName: 'WHPLATFORM_BARCLIENT'
Executes the following
  • '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play