Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Win32.HLLW.Autoruner.47443

Added to the Dr.Web virus database: 2011-04-07

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'D2NT' = '%WINDIR%\D2NT\D2NT.exe'
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\D2NT.exe' = '%APPDATA%\D2NT.exe:*:Enabled:Windows Messanger'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\D2NT\D2NT.exe' = '%WINDIR%\D2NT\D2NT.exe:*:Enabled:Windows Messanger'
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
Creates and executes the following:
  • %WINDIR%\D2NT\D2NT.exe 
Executes the following:
  • <SYSTEM32>\reg.exe ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "%WINDIR%\D2NT\D2NT.exe" /t REG_SZ /d "%WINDIR%\D2NT\D2NT.exe:*:Enabled:Windows Messanger" /f
  • <SYSTEM32>\reg.exe ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "%APPDATA%\D2NT.exe" /t REG_SZ /d "%APPDATA%\D2NT.exe:*:Enabled:Windows Messanger" /f
  • <SYSTEM32>\reg.exe ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
  • <SYSTEM32>\cmd.exe /c """%TEMP%\qhJZE.bat"" "
  • <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "D2NT" /t REG_SZ /d "%WINDIR%\D2NT\D2NT.exe" /f
Injects code into
the following system processes:
  • <SYSTEM32>\winlogon.exe
Modifies file system :
Creates the following files:
  • <Current directory>\dl.exe
  • %APPDATA%\D2NT.exe
  • %APPDATA%\data.dat
  • %TEMP%\onNrl.exe
  • %TEMP%\qhJZE.bat
  • %WINDIR%\D2NT\D2NT.exe
Deletes the following files:
  • %TEMP%\qhJZE.bat
Network activity:
Connects to:
  • '16#.#6.59.48':139
  • '60.##1.13.46':139
  • '22#.#55.56.46':139
  • '10#.#02.91.46':139
  • '14#.#70.158.46':139
  • '22#.#55.56.45':139
  • '89.#36.3.44':139
  • '81.##8.49.48':139
  • '15#.#8.248.45':139
  • '15#.#8.248.46':139
  • '10#.#02.91.47':139
  • '16#.#6.59.49':139
  • '15#.#8.248.47':139
  • '22#.#55.56.47':139
  • '60.##1.13.47':139
  • '14#.#70.158.47':139
  • '81.##8.49.49':139
  • '89.#36.3.45':139
  • '11#.#12.35.43':139
  • '15#.#8.248.43':139
  • '10#.#02.91.43':139
  • '81.##8.49.46':139
  • '22#.#55.56.43':139
  • '16#.#6.59.46':139
  • '89.#36.3.42':139
  • '81.##8.49.45':139
  • '60.##1.13.44':139
  • '14#.#70.158.44':139
  • '89.#36.3.43':139
  • '14#.#70.158.45':139
  • '16#.#6.59.47':139
  • '11#.#12.35.42':139
  • '10#.#02.91.45':139
  • '60.##1.13.45':139
  • '15#.#8.248.44':139
  • '10#.#02.91.44':139
  • '81.##8.49.47':139
  • '22#.#55.56.44':139
  • '11#.#12.35.46':139
  • '10#.#02.91.50':139
  • '81.##8.49.53':139
  • '22#.#55.56.50':139
  • '60.##1.13.51':139
  • '89.#36.3.48':139
  • '81.##8.49.52':139
  • '14#.#70.158.50':139
  • '16#.#6.59.52':139
  • '16#.#6.59.53':139
  • '11#.#12.35.47':139
  • '22#.#55.56.51':139
  • '81.##8.49.54':139
  • '16#.#6.59.54':139
  • '10#.#02.91.51':139
  • '89.#36.3.49':139
  • '15#.#8.248.50':139
  • '60.##1.13.52':139
  • '14#.#70.158.51':139
  • '15#.#8.248.48':139
  • '10#.#02.91.48':139
  • '60.##1.13.49':139
  • '16#.#6.59.50':139
  • '14#.#70.158.48':139
  • '11#.#12.35.44':139
  • '81.##8.49.50':139
  • '60.##1.13.48':139
  • '89.#36.3.46':139
  • '22#.#55.56.48':139
  • '16#.#6.59.51':139
  • '10#.#02.91.49':139
  • '22#.#55.56.49':139
  • '60.##1.13.50':139
  • '15#.#8.248.49':139
  • '11#.#12.35.45':139
  • '81.##8.49.51':139
  • '14#.#70.158.49':139
  • '89.#36.3.47':139
  • '15#.#8.248.42':139
  • '10#.#02.91.37':139
  • '14#.#70.158.38':139
  • '60.##1.13.38':139
  • '11#.#12.35.36':139
  • '89.#36.3.36':139
  • '15#.#8.248.36':139
  • '16#.#6.59.38':139
  • '81.##8.49.39':139
  • '22#.#55.56.36':139
  • '16#.#6.59.39':139
  • '11#.#12.35.37':139
  • '10#.#02.91.38':139
  • '16#.#6.59.40':139
  • '60.##1.13.39':139
  • '14#.#70.158.39':139
  • '22#.#55.56.37':139
  • '15#.#8.248.37':139
  • '89.#36.3.37':139
  • '81.##8.49.40':139
  • '11#.#12.35.34':139
  • '89.#36.3.34':139
  • '10#.#02.91.35':139
  • '14#.#70.158.36':139
  • '22#.#55.56.34':139
  • '16#.#6.59.36':139
  • '60.##1.13.35':139
  • '15#.#8.248.34':139
  • '81.##8.49.37':139
  • '16#.#6.59.37':139
  • '11#.#12.35.35':139
  • '14#.#70.158.37':139
  • '60.##1.13.37':139
  • '10#.#02.91.36':139
  • '89.#36.3.35':139
  • '15#.#8.248.35':139
  • '60.##1.13.36':139
  • '22#.#55.56.35':139
  • '81.##8.49.38':139
  • '11#.#12.35.40':139
  • '60.##1.13.42':139
  • '22#.#55.56.41':139
  • '16#.#6.59.44':139
  • '89.#36.3.40':139
  • '15#.#8.248.40':139
  • '22#.#55.56.40':139
  • '14#.#70.158.42':139
  • '81.##8.49.43':139
  • '10#.#02.91.41':139
  • '16#.#6.59.45':139
  • '11#.#12.35.41':139
  • '22#.#55.56.42':139
  • '10#.#02.91.42':139
  • '60.##1.13.43':139
  • '81.##8.49.44':139
  • '15#.#8.248.41':139
  • '89.#36.3.41':139
  • '14#.#70.158.43':139
  • '11#.#12.35.38':139
  • '16#.#6.59.41':139
  • '10#.#02.91.39':139
  • '60.##1.13.40':139
  • '14#.#70.158.40':139
  • '22#.#55.56.38':139
  • '15#.#8.248.38':139
  • '89.#36.3.38':139
  • '81.##8.49.41':139
  • '15#.#8.248.39':139
  • '60.##1.13.41':139
  • '11#.#12.35.39':139
  • '10#.#02.91.40':139
  • '16#.#6.59.43':139
  • '16#.#6.59.42':139
  • '81.##8.49.42':139
  • '22#.#55.56.39':139
  • '14#.#70.158.41':139
  • '89.#36.3.39':139
  • '15#.#8.248.51':139
  • '15#.#8.248.63':139
  • '11#.#12.35.58':139
  • '14#.#70.158.64':139
  • '10#.#02.91.64':139
  • '22#.#55.56.62':139
  • '14#.#70.158.63':139
  • '10#.#02.91.63':139
  • '89.#36.3.62':139
  • '60.##1.13.64':139
  • '89.#36.3.63':139
  • '11#.#12.35.61':139
  • '11#.#12.35.60':139
  • '11#.#12.35.63':139
  • '11#.#12.35.62':139
  • '22#.#55.56.64':139
  • '22#.#55.56.63':139
  • '15#.#8.248.64':139
  • '89.#36.3.64':139
  • '11#.#12.35.59':139
  • '16#.#6.59.63':139
  • '60.##1.13.62':139
  • '89.#36.3.60':139
  • '14#.#70.158.61':139
  • '81.##8.49.64':139
  • '15#.#8.248.60':139
  • '11#.#12.35.55':139
  • '10#.#02.91.61':139
  • '22#.#55.56.60':139
  • '11#.#12.35.56':139
  • '89.#36.3.61':139
  • '60.##1.13.63':139
  • '15#.#8.248.62':139
  • '11#.#12.35.57':139
  • '14#.#70.158.62':139
  • '22#.#55.56.61':139
  • '15#.#8.248.61':139
  • '16#.#6.59.64':139
  • '10#.#02.91.62':139
  • '16#.#6.59.71':139
  • '81.##8.49.81':139
  • '14#.#70.158.65':139
  • '81.##8.49.82':139
  • '16#.#6.59.70':139
  • '81.##8.49.79':139
  • '16#.#6.59.68':139
  • '16#.#6.59.69':139
  • '81.##8.49.80':139
  • '16#.#6.59.72':139
  • '16#.#6.59.74':139
  • '81.##8.49.84':139
  • '15#.#8.248.65':139
  • '10#.#02.91.65':139
  • '14#.#70.158.67':139
  • '81.##8.49.83':139
  • '14#.#70.158.66':139
  • '60.##1.13.65':139
  • '16#.#6.59.73':139
  • '81.##8.49.69':139
  • '81.##8.49.68':139
  • '81.##8.49.71':139
  • '81.##8.49.70':139
  • '81.##8.49.67':139
  • 'go###.no-ip.org':3335
  • '11#.#12.35.64':139
  • '81.##8.49.66':139
  • '81.##8.49.65':139
  • '81.##8.49.72':139
  • '16#.#6.59.66':139
  • '81.##8.49.77':139
  • '81.##8.49.78':139
  • '16#.#6.59.67':139
  • '16#.#6.59.65':139
  • '81.##8.49.74':139
  • '81.##8.49.73':139
  • '81.##8.49.76':139
  • '81.##8.49.75':139
  • '14#.#70.158.60':139
  • '89.#36.3.53':139
  • '11#.#12.35.50':139
  • '60.##1.13.56':139
  • '81.##8.49.57':139
  • '22#.#55.56.54':139
  • '15#.#8.248.53':139
  • '10#.#02.91.54':139
  • '16#.#6.59.57':139
  • '14#.#70.158.54':139
  • '10#.#02.91.55':139
  • '81.##8.49.58':139
  • '89.#36.3.54':139
  • '60.##1.13.57':139
  • '10#.#02.91.56':139
  • '11#.#12.35.51':139
  • '14#.#70.158.55':139
  • '15#.#8.248.54':139
  • '16#.#6.59.58':139
  • '22#.#55.56.55':139
  • '16#.#6.59.55':139
  • '11#.#12.35.48':139
  • '81.##8.49.55':139
  • '89.#36.3.51':139
  • '22#.#55.56.52':139
  • '14#.#70.158.52':139
  • '89.#36.3.50':139
  • '10#.#02.91.52':139
  • '60.##1.13.53':139
  • '60.##1.13.54':139
  • '89.#36.3.52':139
  • '16#.#6.59.56':139
  • '60.##1.13.55':139
  • '81.##8.49.56':139
  • '11#.#12.35.49':139
  • '14#.#70.158.53':139
  • '10#.#02.91.53':139
  • '22#.#55.56.53':139
  • '15#.#8.248.52':139
  • '81.##8.49.62':139
  • '10#.#02.91.59':139
  • '16#.#6.59.61':139
  • '89.#36.3.58':139
  • '15#.#8.248.58':139
  • '15#.#8.248.57':139
  • '81.##8.49.61':139
  • '22#.#55.56.58':139
  • '11#.#12.35.53':139
  • '60.##1.13.60':139
  • '60.##1.13.61':139
  • '81.##8.49.63':139
  • '16#.#6.59.62':139
  • '89.#36.3.59':139
  • '10#.#02.91.60':139
  • '11#.#12.35.54':139
  • '14#.#70.158.59':139
  • '15#.#8.248.59':139
  • '22#.#55.56.59':139
  • '10#.#02.91.57':139
  • '81.##8.49.59':139
  • '15#.#8.248.56':139
  • '60.##1.13.58':139
  • '89.#36.3.55':139
  • '14#.#70.158.56':139
  • '15#.#8.248.55':139
  • '16#.#6.59.59':139
  • '22#.#55.56.56':139
  • '11#.#12.35.52':139
  • '14#.#70.158.58':139
  • '10#.#02.91.58':139
  • '89.#36.3.57':139
  • '60.##1.13.59':139
  • '81.##8.49.60':139
  • '22#.#55.56.57':139
  • '14#.#70.158.57':139
  • '89.#36.3.56':139
  • '16#.#6.59.60':139
  • '14#.#70.158.35':139
  • '14#.#70.158.12':139
  • '22#.#55.56.11':139
  • '16#.#6.59.12':139
  • '81.##8.49.13':139
  • '11#.#12.35.12':139
  • '15#.#8.248.11':139
  • '89.#36.3.11':139
  • '10#.#02.91.10':139
  • '60.##1.13.12':139
  • '89.#36.3.12':139
  • '89.#36.3.13':139
  • '14#.#70.158.13':139
  • '60.##1.13.13':139
  • '11#.#12.35.13':139
  • '22#.#55.56.12':139
  • '81.##8.49.14':139
  • '10#.#02.91.11':139
  • '15#.#8.248.12':139
  • '16#.#6.59.13':139
  • '11#.#12.35.10':139
  • '60.##1.13.10':139
  • '81.##8.49.11':139
  • '22#.#55.56.9':139
  • '15#.#8.248.9':139
  • '10#.#02.91.8':139
  • '16#.26.59.9':139
  • '14#.#70.158.10':139
  • '11#.#12.35.9':139
  • '10#.#02.91.9':139
  • '22#.#55.56.10':139
  • '11#.#12.35.11':139
  • '16#.#6.59.11':139
  • '81.##8.49.12':139
  • '60.##1.13.11':139
  • '14#.#70.158.11':139
  • '15#.#8.248.10':139
  • '89.#36.3.10':139
  • '16#.#6.59.10':139
  • '10#.#02.91.15':139
  • '11#.#12.35.16':139
  • '89.#36.3.16':139
  • '60.##1.13.16':139
  • '22#.#55.56.15':139
  • '14#.#70.158.16':139
  • '81.##8.49.17':139
  • '15#.#8.248.15':139
  • '16#.#6.59.16':139
  • '81.##8.49.18':139
  • '60.##1.13.17':139
  • '10#.#02.91.16':139
  • '81.##8.49.19':139
  • '89.#36.3.17':139
  • '11#.#12.35.17':139
  • '16#.#6.59.17':139
  • '14#.#70.158.17':139
  • '22#.#55.56.16':139
  • '15#.#8.248.16':139
  • '11#.#12.35.14':139
  • '14#.#70.158.14':139
  • '60.##1.13.14':139
  • '10#.#02.91.13':139
  • '22#.#55.56.13':139
  • '81.##8.49.15':139
  • '10#.#02.91.12':139
  • '15#.#8.248.13':139
  • '16#.#6.59.14':139
  • '81.##8.49.16':139
  • '10#.#02.91.14':139
  • '11#.#12.35.15':139
  • '89.#36.3.15':139
  • '60.##1.13.15':139
  • '22#.#55.56.14':139
  • '16#.#6.59.15':139
  • '89.#36.3.14':139
  • '14#.#70.158.15':139
  • '15#.#8.248.14':139
  • '22#.#55.56.8':139
  • '11#.#12.35.3':139
  • '15#.#8.248.3':139
  • '81.#68.49.4':139
  • '14#.#70.158.3':139
  • '10#.#02.91.3':139
  • '89.#36.3.3':139
  • '16#.26.59.3':139
  • '60.#81.13.3':139
  • '22#.#55.56.3':139
  • '16#.26.59.4':139
  • '14#.#70.158.4':139
  • '11#.#12.35.4':139
  • '16#.26.59.5':139
  • '81.#68.49.5':139
  • '15#.#8.248.4':139
  • '22#.#55.56.4':139
  • '89.#36.3.4':139
  • '10#.#02.91.4':139
  • '60.#81.13.4':139
  • '15#.#8.248.1':139
  • '10#.#02.91.1':139
  • '14#.#70.158.1':139
  • '11#.#12.35.1':139
  • '60.#81.13.1':139
  • '16#.26.59.1':139
  • '81.#68.49.1':139
  • '89.#36.3.1':139
  • '22#.#55.56.1':139
  • '81.#68.49.2':139
  • '11#.#12.35.2':139
  • '15#.#8.248.2':139
  • '81.#68.49.3':139
  • '14#.#70.158.2':139
  • '10#.#02.91.2':139
  • '89.#36.3.2':139
  • '16#.26.59.2':139
  • '60.#81.13.2':139
  • '22#.#55.56.2':139
  • '11#.#12.35.7':139
  • '15#.#8.248.7':139
  • '16#.26.59.8':139
  • '10#.#02.91.7':139
  • '22#.#55.56.7':139
  • '14#.#70.158.7':139
  • '89.#36.3.7':139
  • '60.#81.13.7':139
  • '81.#68.49.8':139
  • '89.#36.3.8':139
  • '81.##8.49.10':139
  • '14#.#70.158.9':139
  • '89.#36.3.9':139
  • '60.#81.13.9':139
  • '11#.#12.35.8':139
  • '14#.#70.158.8':139
  • '81.#68.49.9':139
  • '15#.#8.248.8':139
  • '60.#81.13.8':139
  • '14#.#70.158.5':139
  • '11#.#12.35.5':139
  • 'ut###i.lycos.it':80
  • '81.#68.49.6':139
  • '15#.#8.248.5':139
  • '22#.#55.56.5':139
  • '89.#36.3.5':139
  • '10#.#02.91.5':139
  • '60.#81.13.5':139
  • '16#.26.59.6':139
  • '14#.#70.158.6':139
  • '11#.#12.35.6':139
  • '16#.26.59.7':139
  • '81.#68.49.7':139
  • '15#.#8.248.6':139
  • '22#.#55.56.6':139
  • '89.#36.3.6':139
  • '10#.#02.91.6':139
  • '60.#81.13.6':139
  • '14#.#70.158.18':139
  • '60.##1.13.29':139
  • '14#.#70.158.29':139
  • '16#.#6.59.30':139
  • '81.##8.49.31':139
  • '10#.#02.91.28':139
  • '11#.#12.35.28':139
  • '89.#36.3.27':139
  • '22#.#55.56.27':139
  • '15#.#8.248.28':139
  • '89.#36.3.28':139
  • '81.##8.49.32':139
  • '11#.#12.35.29':139
  • '89.#36.3.29':139
  • '16#.#6.59.31':139
  • '15#.#8.248.29':139
  • '10#.#02.91.29':139
  • '22#.#55.56.28':139
  • '60.##1.13.30':139
  • '14#.#70.158.30':139
  • '10#.#02.91.26':139
  • '22#.#55.56.25':139
  • '81.##8.49.29':139
  • '60.##1.13.27':139
  • '14#.#70.158.27':139
  • '14#.#70.158.26':139
  • '16#.#6.59.27':139
  • '11#.#12.35.26':139
  • '15#.#8.248.26':139
  • '16#.#6.59.28':139
  • '60.##1.13.28':139
  • '14#.#70.158.28':139
  • '16#.#6.59.29':139
  • '81.##8.49.30':139
  • '10#.#02.91.27':139
  • '11#.#12.35.27':139
  • '89.#36.3.26':139
  • '22#.#55.56.26':139
  • '15#.#8.248.27':139
  • '22#.#55.56.32':139
  • '81.##8.49.35':139
  • '16#.#6.59.34':139
  • '11#.#12.35.32':139
  • '89.#36.3.32':139
  • '15#.#8.248.32':139
  • '10#.#02.91.32':139
  • '60.##1.13.33':139
  • '14#.#70.158.33':139
  • '10#.#02.91.33':139
  • '11#.#12.35.33':139
  • '22#.#55.56.33':139
  • '10#.#02.91.34':139
  • '16#.#6.59.35':139
  • '81.##8.49.36':139
  • '60.##1.13.34':139
  • '14#.#70.158.34':139
  • '89.#36.3.33':139
  • '15#.#8.248.33':139
  • '16#.#6.59.32':139
  • '11#.#12.35.30':139
  • '89.#36.3.30':139
  • '81.##8.49.33':139
  • '15#.#8.248.30':139
  • '14#.#70.158.31':139
  • '22#.#55.56.29':139
  • '60.##1.13.31':139
  • '10#.#02.91.30':139
  • '22#.#55.56.30':139
  • '22#.#55.56.31':139
  • '81.##8.49.34':139
  • '16#.#6.59.33':139
  • '11#.#12.35.31':139
  • '89.#36.3.31':139
  • '15#.#8.248.31':139
  • '14#.#70.158.32':139
  • '60.##1.13.32':139
  • '10#.#02.91.31':139
  • '81.##8.49.28':139
  • '89.#36.3.20':139
  • '11#.#12.35.20':139
  • '22#.#55.56.19':139
  • '14#.#70.158.21':139
  • '81.##8.49.22':139
  • '60.##1.13.20':139
  • '16#.#6.59.20':139
  • '15#.#8.248.19':139
  • '10#.#02.91.19':139
  • '16#.#6.59.21':139
  • '14#.#70.158.22':139
  • '89.#36.3.21':139
  • '16#.#6.59.22':139
  • '22#.#55.56.20':139
  • '11#.#12.35.21':139
  • '10#.#02.91.20':139
  • '60.##1.13.21':139
  • '81.##8.49.23':139
  • '15#.#8.248.20':139
  • '89.#36.3.18':139
  • '81.##8.49.20':139
  • '14#.#70.158.19':139
  • '22#.#55.56.17':139
  • '10#.#02.91.17':139
  • '15#.#8.248.17':139
  • '16#.#6.59.18':139
  • '11#.#12.35.18':139
  • '60.##1.13.18':139
  • '16#.#6.59.19':139
  • '<Private IP address>':139
  • '15#.#8.248.18':139
  • '14#.#70.158.20':139
  • '22#.#55.56.18':139
  • '89.#36.3.19':139
  • '10#.#02.91.18':139
  • '60.##1.13.19':139
  • '11#.#12.35.19':139
  • '81.##8.49.21':139
  • '60.##1.13.25':139
  • '10#.#02.91.24':139
  • '89.#36.3.24':139
  • '11#.#12.35.24':139
  • '15#.#8.248.24':139
  • '16#.#6.59.25':139
  • '22#.#55.56.22':139
  • '81.##8.49.26':139
  • '14#.#70.158.24':139
  • '22#.#55.56.23':139
  • '89.#36.3.25':139
  • '11#.#12.35.25':139
  • '22#.#55.56.24':139
  • '60.##1.13.26':139
  • '10#.#02.91.25':139
  • '14#.#70.158.25':139
  • '81.##8.49.27':139
  • '15#.#8.248.25':139
  • '16#.#6.59.26':139
  • '16#.#6.59.23':139
  • '15#.#8.248.22':139
  • '10#.#02.91.22':139
  • '60.##1.13.23':139
  • '11#.#12.35.22':139
  • '10#.#02.91.21':139
  • '60.##1.13.22':139
  • '81.##8.49.24':139
  • '15#.#8.248.21':139
  • '89.#36.3.22':139
  • '11#.#12.35.23':139
  • '10#.#02.91.23':139
  • '89.#36.3.23':139
  • '60.##1.13.24':139
  • '15#.#8.248.23':139
  • '14#.#70.158.23':139
  • '22#.#55.56.21':139
  • '16#.#6.59.24':139
  • '81.##8.49.25':139
TCP:
HTTP GET requests:
  • ut###i.lycos.it/vx9/dl.exe
UDP:
  • DNS ASK go###.no-ip.org
  • DNS ASK ut###i.lycos.it
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Indicator' WindowName: ''

© Doctor Web
2003 — 2023

Doctor Web, Anbieter von IT-Sicherheitslösungen, entwickelt Technologien zur Erkennung, Prävention und Abwehr von Cyberangriffen.

Doctor Web Deutschland GmbH. Bäderstraße 1
76530 Baden-Baden