Description complète

Nom:	TR/Click.Outtol.A
La date de la découverte:	13/07/2010
Type:	Cheval de Troie
En circulation:	Oui
Infections signalées	Faible a moyen
Potentiel de distribution:	Faible
Potentiel de destruction:	Moyen
Fichier statique:	Oui
Taille du fichier:	237.568 Octets
Somme de contrôle MD5:	1acddaae2e00b99fd33794cfcad6f2f1
Version IVDF:	7.10.09.77 - mardi 13 juillet 2010

Général Les alias:
   • Bitdefender: Trojan.Agent.VB.BMU
   • Panda: Trj/KillAV.NK
   • Eset: Win32/AutoRun.VB.RF

Plateformes / Systèmes d'exploitation:
   • Windows 2000
   • Windows XP
   • Windows 2003

Effets secondaires:
   • Il bloque l'accès aux sites web de sécurité
   • Il diminue les réglages de sécurité
   • Il télécharge des fichiers malveillants
   • Il crée des fichiers malveillants
   • Il modifie des registres

Fichiers Il s'autocopie dans l'emplacement suivant:
   • %HOME%\%le nom d'utilisateur courant%1\winlogon.exe

Il supprime le fichier suivant:
   • %HOME%\%valeurs hexa%\wlo.exe

Les fichiers suivants sont créés:

– %HOME%\%le nom d'utilisateur courant%1\VERSION.TXT
– %HOME%\%valeurs hexa%\wlo.exe Ensuite, il est exécuté après avoir été completment crée. Les investigations ultérieures ont prouvé que ce ficher est également un Malware. Détecté comme: Worm/Esfury.A.361

– %HOME%\%le nom d'utilisateur courant%1\wlo.exe Ensuite, il est exécuté après avoir été completment crée. Les investigations ultérieures ont prouvé que ce ficher est également un Malware. Détecté comme: TR/Agent.cfn

– %HOME%\%valeurs hexa%\winlogon.exe Ensuite, il est exécuté après avoir été completment crée. Les investigations ultérieures ont prouvé que ce ficher est également un Malware. Détecté comme: Worm/Esfury.A.361

– %SYSDIR%\drivers\etc\hosts Les investigations ultérieures ont prouvé que ce ficher est également un Malware. Détecté comme: TR/AntiHosts.Gen

– C:\winlogon.exe Les investigations ultérieures ont prouvé que ce ficher est également un Malware. Détecté comme: TR/Agent.cfn

– %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogon.exe Les investigations ultérieures ont prouvé que ce ficher est également un Malware. Détecté comme: TR/Agent.cfn

Il essaie de télécharger des fichiers:

– L'emplacement est le suivant:
   • http://0-1-0-0-1-0-0-0-1-0-1-1-0-1-1-1-1-0-1-1-1-0-0-0-1-1-1-1-1-1-1-.0-0-0-0-0-0-0-0-0-0-0-0-0-60-0-0-0-0-0-0-0-0-0-0-0-0-0.info/**********

– Les emplacements sont les suivants:
   • http://%chaîne de caractères%.che**********.info/?PWaevb7Nu6Pppnsx6gbJMPnnDHUPqa5W9MLXtueIMdn1UfoRhsYDY8CbrOJ2YW04vJu4DpIcWdQXStTkQpLfTX8JfIwCy04EIgcRu2UZn1MvgwU3RG5QM5jqXgCDmq84LTikYxahcv97XSH58hkn2TklKhDm7qqWQpLfTX8JfIwCy04EIgcRg9FZGYCYZCcOiNZSAtq1DtN1pCkFSIZOW0sqa0jm=%chaîne de caractères%
   • http://%chaîne de caractères%.che**********.info/?imp_728*90=%chaîne de caractères%

– L'emplacement est le suivant:
   • http://whos.amung.us/widget/**********/

– L'emplacement est le suivant:
   • http://widgets.amung.us/small/07/**********

– L'emplacement est le suivant:
   • http://whos.amung.us/swidget/**********

– L'emplacement est le suivant:
   • http://0-1-0-0-1-0-0-0-1-0-1-1-0-1-1-1-1-0-1-1-1-0-0-0-1-1-1-1-1-1-1-.0-0-0-0-0-0-0-0-0-0-0-0-0-60-0-0-0-0-0-0-0-0-0-0-0-0-0.info/flv/**********

– L'emplacement est le suivant:
   • http://widgets.amung.us/classic/02/**********

Il essaie d’exécuter le fichier suivant :

– Nom de fichier: Noms des fichiers:
   • "%HOME%\%valeurs hexa%\winlogon.exe" ctfmon.exe

Registre Les clés de registre suivantes sont ajoutées afin d'exécuter des processus après le redémarrage:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%chaîne de caractères aléatoire%"="%HOME%\%valeurs hexa%\winlogon.exe"
   • "NVIDIA Media Center Library"="%HOME%\%le nom d'utilisateur courant%1\winlogon.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "%chaîne de caractères aléatoire%"="%HOME%\%valeurs hexa%\winlogon.exe"
   • "NVIDIA Media Center Library"="%HOME%\%le nom d'utilisateur courant%1\winlogon.exe"

Les clés de registre suivantes sont ajoutées afin de charger le service après le redémarrage:

– [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   • "Start"=dword:0x00000004

Les valeurs de la clé de registre suivante sont supprimées:

Les valeurs des clés de registre suivantes sont supprimées:

– [HKLM\SOFTWARE\Classes\lnkfile]
   • IsShortcut

Il crée les entrées suivantes afin de passer par le Firewall de Windows XP:

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile]
   • "DisableNotifications"=dword:0x00000001
   • "DoNotAllowExceptions"=dword:0x00000000

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile]
   • "DisableNotifications"=dword:0x00000001
   • "DoNotAllowExceptions"=dword:0x00000000
   • "EnableFirewall"=dword:0x00000000

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valeurs hexa%\winlogon.exe"="%HOME%\%valeurs
      hexa%\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401"

Les clés de registre suivantes sont ajoutée:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FPAVServer.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ChromeSetup.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\88[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\055[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\521[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFile"=dword:0x00000001
   • "NoFolderOptions"=dword:0x00000001
   • "NoRun"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\002.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\074[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   • "ConsentPromptBehaviorAdmin"=dword:0x00000000
   • "EnableLUA"=dword:0x00000000
   • "PromptOnSecureDesktop"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\633[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\432[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\521.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\'' .exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   • "DisableRegistryTools"=dword:0x00000001
   • "DisableTaskMgr"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   http\UserChoice]
   • "Progid"="IE.HTTP"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\003[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\003.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%HOME%\%valeurs hexa%\winlogon.exe"="RUNASADMIN"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\052[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\035[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\053.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\005[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecFirewall]
   • "DisableMonitoring"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\13.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\042[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
   .htm\UserChoice]
   • "Progid"="IE.AssocFile.HTM"

– [HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valeurs hexa%\winlogon.exe"="%HOME%\%valeurs hexa%\winlogon.exe:*:Enabled:@xpsp2res.dll,-28956246"

– [HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\EHttpSrv.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\BullGuard.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

– [HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel]
   • "HomePage"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring]
   • "DisableMonitoring"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\864[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\081[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\042.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Policies\Microsoft\Windows\System]
   • "DisableCMD"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Security Center\Svc]
   • "AntiSpywareOverride"=dword:0x00000000
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000000
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000000
   • "FirstRunDisabled"=dword:0x00000001
   • "UacDisableNotify"=dword:0x00000001
   • "UpdatesDisableNotify"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FirewallControlPanel.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\091[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
   • "NoAutoRebootWithLoggedOnUsers"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%HOME%\%valeurs hexa%\winlogon.exe"="RUNASADMIN"

– [HKLM\Software\Policies\Microsoft\WindowsFirewall\StandardProfile]
   • "EnableFirewall"=dword:0x00000000

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   ftp\UserChoice]
   • "Progid"="IE.FTP"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   • "Default_Page_URL"="http://5k32pez9uwowdo0.directorio-w.com"
   • "Default_Search_URL"="http://61ohz4fld059059.directorio-w.com"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\027[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\082.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile]
   • "EnableFirewall"=dword:0x00000000

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\004.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Filemon.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\06.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valeurs hexa%\winlogon.exe"="%HOME%\%valeurs hexa%\winlogon.exe:*:Enabled:@xpsp2res.dll,-57951861"

– [HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiSpyWareDisableNotify"=dword:0x00000001
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000000
   • "AutoUpdateDisableNotify"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "InternetSettingsDisableNotify"=dword:0x00000001
   • "UacDisableNotify"=dword:0x00000001
   • "cval"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\051.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\'rorre' .exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\084.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\021[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\061[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\052.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ComboFix.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\006.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\827[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Diskmon.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\09.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecAntiVirus]
   • "DisableMonitoring"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   https\UserChoice]
   • "Progid"="IE.HTTPS"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\
   003[[=s rav;eslaf=p rav;eslaf=b rav;ib.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

Les clés de registre suivantes sont changées:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   La nouvelle valeur:
   • "DisableSR"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\ftp\shell\open\command]
   La nouvelle valeur:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKLM\SYSTEM\CurrentControlSet\Services\Sr]
   La nouvelle valeur:
   • "Start"=dword:0x00000004

– [HKLM\SOFTWARE\Classes\https\shell\open\command]
   La nouvelle valeur:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKCU\Control Panel\Sound]
   La nouvelle valeur:
   • "Beep"="no"

– [HKLM\SOFTWARE\Classes\http\shell\open\command]
   La nouvelle valeur:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKLM\SOFTWARE\Classes\http\shell\open\ddeexec\Application]
   La nouvelle valeur:
   • "@"="IExplore"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   La nouvelle valeur:
   • "Disable Script Debugger"="Yes"
   • "Local Page"="http://j4d1677o5i4b992.directorio-w.com"
   • "Search Page"="http://z027305rxhiu861.directorio-w.com"
   • "Start Page"="http://oou30vs938ikf65.directorio-w.com"

– [HKLM\SOFTWARE\Classes\https\shell\open\ddeexec\Application]
   La nouvelle valeur:
   • "@"="IExplore"

– [HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN]
   La nouvelle valeur:
   • "Default_Page_URL"="http://g1sp91vn21u1rm1.directorio-w.com"
   • "Default_Search_URL"="http://589980kqkmulj48.directorio-w.com"
   • "Local Page"="http://cw356qr302m63gl.directorio-w.com"
   • "Search Page"="http://tft17fi9ekwn7u0.directorio-w.com"
   • "Start Page"="http://j147m23v4t1n5ai.directorio-w.com"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   La nouvelle valeur:
   • "Hidden"=dword:0x00000002
   • "HideFileExt"=dword:0x00000003
   • "ShowSuperHidden"=dword:0x00000000
   • "SuperHidden"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\ftp\shell\open\ddeexec\Application]
   La nouvelle valeur:
   • "@"="IExplore"

Hôtes Le fichier hôte est modifié, comme il est expliqué:

– Dans ce cas les entrées existantes sont écrasées

– L'accès aux liens URL suivants est redirigé vers d'autres destinations :
   • 208.109.220.95 viabcp.com; 208.109.220.95 www.viabcp.com;
      208.109.220.95 bcpzonasegura.viabcp.com; 173.236.65.132
      www.produbanco.com; 173.236.65.132 produbanco.com; 173.236.65.132
      www.pichincha.com; 173.236.65.132 pichincha.com; 173.236.65.132
      wwwp1.pichincha.com; 173.236.65.132 wwwp2.pichincha.com;
      173.236.65.132 wwwp3.pichincha.com; 173.236.65.132
      wwwp4.pichincha.com; 173.236.65.132 wwww01.pichincha.com;
      173.236.65.132 wwww02.pichincha.com; 173.236.65.132
      wwww03.pichincha.com; 173.236.65.132 wwww04.pichincha.com;
      69.162.96.136 bn.com.pe; 69.162.96.136 www.bn.com.pe; 69.162.96.136
      zonasegura1.bn.com.pe; 69.162.96.136 www.zonasegura1.bn.com.pe;
      173.236.69.68 www.interbank.com.pe; 173.236.69.68 interbank.com.pe;
      130.108.67.190 iniciorapido.info; 8.228.150.60 www.iniciorapido.info;
      72.173.58.80 buscalo.in; 149.199.47.113 www.buscalo.in; 50.239.117.227
      buscafacil.com; 221.103.12.98 www.buscafacil.com; 28.48.176.49
      emsisoft.com; 105.75.165.150 ahnlab.com; 6.114.235.196 antivir.es;
      177.234.62.135 antiy.net; 240.180.226.87 authentium.com;
      61.206.215.120 avast.com; 219.245.29.233 avg.com; 133.178.180.172
      bitdefender.com; 197.55.88.124 quickheal.com; 17.81.77.157 clamav.net;
      175.189.148.15 comodo.com; 89.53.231.141 drweb.com; 153.254.139.161
      aladdin.com; 230.212.128.194 ca.com; 63.64.198.240 f-prot.com;
      46.184.25.179 f-secure.com; 41.129.1.130 fortinet.com; 186.156.246.163
      gdata.es; 19.195.248.21 ikarus.at; 2.59.143.216 jiangmin.com;
      254.5.51.168 kaspersky.com; 142.31.40.201 mcafee.com; 232.70.110.58
      microsoft.com; 214.191.193.185 eset.es; 210.136.169.205 norman.com;
      30.162.158.238 nprotect.com; 188.202.161.28 pandasecurity.com;
      170.66.56.222 pctools.com; 166.11.220.174 prevx.com; 243.37.209.207
      rising-global.com; 144.145.23.65 sophos.com; 127.9.106.4
      sunbeltsoftware.com; 122.210.14.211 symantec.com; 199.169.3.244
      hacksoft.com.pe; 100.20.73.102 trendmicro.com; 83.140.224.229
      anti-virus.by; 79.86.132.249 hauri.net; 155.44.121.26 virusbuster.hu;
      57.151.191.139 www.emsisoft.com; 39.16.18.10 www.ahnlab.com;
      35.217.182.218 www.antivir.es; 111.243.171.251 www.antiy.net;
      13.27.242.109 www.authentium.com; 251.147.69.47 www.avast.com;
      247.92.45.255 www.avg.com; 68.118.34.32 www.bitdefender.com;
      225.158.36.146 www.quickheal.com; 208.22.187.17 www.clamav.net;
      203.223.95.36 www.comodo.com; 24.250.84.69 www.drweb.com;
      181.33.154.183 www.aladdin.com; 164.221.237.54 www.ca.com;
      159.167.213.6 www.f-prot.com; 236.125.202.39 www.f-secure.com;
      138.232.204.152 www.fortinet.com; 52.97.99.91 www.gdata.es;
      116.42.7.43 www.ikarus.at; 192.0.252.76 www.jiangmin.com;
      94.108.67.190 www.kaspersky.com; 8.228.150.60 www.mcafee.com;
      72.173.58.80 www.microsoft.com; 149.199.47.113 www.eset.es;
      50.239.117.227 www.norman.com; 221.103.12.98 www.nprotect.com;
      28.48.176.49 www.pandasecurity.com; 105.75.165.150 www.pctools.com;
      6.114.235.196 www.prevx.com; 177.234.62.135 www.rising-global.com;
      240.180.226.87 www.sophos.com; 61.206.215.120 www.sunbeltsoftware.com;
      219.245.29.233 www.symantec.com; 133.178.180.172 www.hacksoft.com.pe;
      197.55.88.124 www.trendmicro.com; 17.81.77.157 www.anti-virus.by;
      175.189.148.15 www.hauri.net; 89.53.231.141 www.virusbuster.hu;
      153.254.139.161 www.emsisoft.com; 230.212.128.194 www.anti-trojan.net;
      63.64.198.240 malwarescan.emsisoft.com; 46.184.25.179
      forum.emsisoft.com; 41.129.1.130 www.emsisoft.net; 186.156.246.163
      www.emsisoft.it; 19.195.248.21 www.emsisoft.de; 2.59.143.216
      www.anti-trojan-software.net; 254.5.51.168 mamutu.com; 142.31.40.201
      www.emsisoft.es; 232.70.110.58 malwarescan.emsisoft.de;
      214.191.193.185 ww.emsisoft.com; 210.136.169.205 www.emsisoft.fr;
      30.162.158.238 www.emsisoft.nl; 188.202.161.28
      onlinecheck.emsisoft.com; 170.66.56.222 onlinecheck.emsisoft.de;
      166.11.220.174 www.emsisoft.org; 243.37.209.207 scan.anti-trojan.net;
      144.145.23.65 www.trojaner.info; 127.9.106.4 onlinecheck.emsisoft.org;
      122.210.14.211 onlinecheck.emsisoft.net; 199.169.3.244 blitzblank.com;
      100.20.73.102 www.emsisoft.at; 83.140.224.229 www.emsisoft.jp;
      79.86.132.249 www.mamutu.com; 155.44.121.26 malwarescan.emsisoft.es;
      57.151.191.139 www.mamutu.de; 39.16.18.10 download5.emsisoft.com;
      35.217.182.218 download1.emsisoft.com; 111.243.171.251
      download4.emsisoft.com; 13.27.242.109 global.ahnlab.com; 251.147.69.47
      www.hackshields.com; 247.92.45.255 www.internationalservicecheck.com;
      68.118.34.32 www.irangoals.com; 225.158.36.146 ixomodels.com;
      208.22.187.17 www.indielisboa.com; 203.223.95.36
      www.latin-mass-society.org; 24.250.84.69 www.arpia.be; 181.33.154.183
      www.owen.org; 164.221.237.54 www.prdouglas.co.uk; 159.167.213.6
      www.zarya.info; 236.125.202.39 www.willsee.com; 138.232.204.152
      halmapr.com; 52.97.99.91 karuna-shechen.org; 116.42.7.43
      www.barder.com; 192.0.252.76 www.antivir.es; 94.108.67.190
      www.buraka.tv; 8.228.150.60 www.dr-bull.com; 72.173.58.80
      www.manchester-offices.co.uk; 149.199.47.113 saverssite.com;
      50.239.117.227 canada.karuna-shechen.org; 221.103.12.98
      developmentdrums.org; 28.48.176.49 www.imddomains.co.uk;
      105.75.165.150 cutlines.org; 6.114.235.196 elblogdemanu.com;
      177.234.62.135 ruben.bzin.net; 240.180.226.87 welkam.co.jp;
      61.206.215.120 www.cambridge-steiner-school.co.uk; 219.245.29.233
      naturesimages.net; 133.178.180.172 www.1stavenuelimousines.co.uk;
      197.55.88.124 www.mtr-design.com; 17.81.77.157 dev.depeuter.org;
      175.189.148.15 www.emeraldclassic.co.uk; 89.53.231.141
      www.peterhearnwaste.co.uk; 153.254.139.161 etrr.co.uk; 230.212.128.194
      www.avoncourt.com; 63.64.198.240 sarahmcconnellphotography.net;
      46.184.25.179 www.ixomodels.com; 41.129.1.130 natsko.com;
      186.156.246.163 www.nottinghampoetryseries.com; 19.195.248.21
      www.sheffieldmind.co.uk; 2.59.143.216 ixostore.ixomodels.com;
      254.5.51.168 www.flairweddings.co.uk; 142.31.40.201 www.fimasys.com;
      232.70.110.58 cohartuk.com; 214.191.193.185 qqjkw.net; 210.136.169.205
      vivo-austin.com; 30.162.158.238 www.freeality.com; 188.202.161.28
      bestofewan.com; 170.66.56.222 www.handwritingforkids.com;
      166.11.220.174 cowsmo.com; 243.37.209.207 www.2xlgames.com;
      144.145.23.65 kimzimmer.net; 127.9.106.4 basetendencies.com;
      122.210.14.211 trackingtheworld.com; 199.169.3.244
      www.reviewsofbooks.com; 100.20.73.102 www.collectedcurios.com;
      83.140.224.229 www.renningers.com; 79.86.132.249 ccslaughterspdx.com;
      155.44.121.26 www.briarhurst.com; 57.151.191.139 www.smf.org;
      39.16.18.10 ribbonwarehouse.com; 35.217.182.218 www.garryowen.com;
      111.243.171.251 45pounds.com; 13.27.242.109 isotopecomics.com;
      251.147.69.47 roysephotos.com; 247.92.45.255 www.stadiumpage.com;
      68.118.34.32 www.elvis-express.com; 225.158.36.146
      www.tomorrowsedge.net; 208.22.187.17 www.beautybar.com; 203.223.95.36
      pineleafboys.com; 24.250.84.69 www.mountainlakeslodge.com;
      181.33.154.183 pvtc.org; 164.221.237.54 bhsbees.com; 159.167.213.6
      baristamagazine.com; 236.125.202.39 www.gokidding.com; 138.232.204.152
      defalcos.com; 52.97.99.91 www.celticmerchant.com; 116.42.7.43
      www.hxproduction.com; 192.0.252.76 www.wellgousa.com; 94.108.67.190
      blog.titanium-jewelry.com; 8.228.150.60 www.brightoctober.com;
      72.173.58.80 hishomeforchildren.com; 149.199.47.113
      www.phoenixtrikeworks.com; 50.239.117.227 www.professorbeyer.com;
      221.103.12.98 www.secondchanceboxer.com; 28.48.176.49
      www.residentphotography.com; 105.75.165.150 woottonfootball.com;
      6.114.235.196 www.deborahshelton.net; 177.234.62.135 bobbondart.com;
      240.180.226.87 www.authentium.com; 61.206.215.120 asap.authentium.com;
      219.245.29.233 www.authentium.com.au; 133.178.180.172 avast.com;
      197.55.88.124 www.avast.com; 17.81.77.157 files.avast.com;
      175.189.148.15 download535.avast.com; 89.53.231.141 avg.com;
      153.254.139.161 www.avg.com; 230.212.128.194 grisoft.com;
      63.64.198.240 www.grisoft.com; 46.184.25.179 antivirus-tools.com;
      41.129.1.130 archive.bitdefender.com; 186.156.246.163
      avx.rob-have.net; 19.195.248.21 b-have.orgbitdefender-ar.com;
      2.59.143.216 bitdefender.com; 254.5.51.168 bitdefender.org;
      142.31.40.201 bitdefenderchina.com; 232.70.110.58
      bitdefenderguatemala.com; 214.191.193.185 bitdefendermalaysia.com;
      210.136.169.205 bitdefendertaiwan.com; 30.162.158.238
      bitdefenderuruguay.com; 120.134.93.216 bitdefenderusa.com;
      102.254.244.154 buy.bitdefender-es.com; 98.199.152.106
      buy.bitdefender.com; 175.225.141.139 buy.bitdefender.de; 76.77.211.253
      de.bitdefender.com; 59.197.38.192 fr.bitdefender.com; 54.142.202.143
      futurenow.bitdefender.com; 131.101.191.176 it.bitdefender.com;
      32.208.5.34 jobs.bitdefender.com; 15.72.156.161 kb.bitdefender.com;
      11.18.64.181 kb.bitdefender.de; 87.232.53.214 kb.bitdefender.us;
      245.83.123.71 latin.bitdefender.com; 227.204.206.198
      linux.bitdefender.com; 223.149.114.150 malwarecity.com; 43.175.103.183
      malwarecity.netmalwarecity.org; 201.215.174.41 malwarepedia.com;
      183.79.1.235 neunet.orgnews.bitdefender.com; 179.24.233.187
      nl.bitdefender.com; 0.50.222.220 renewals.bitdefender.com;
      157.90.224.78 sales.bitdefender.com; 140.210.119.205
      square.bitdefender.com; 135.155.27.224 store.bitdefender.com;
      212.182.16.1 store.de.bitdefender.com; 113.221.86.115
      us.bitdefender.com; 96.153.169.242 virusscanonline.net; 92.99.145.194
      wedoantivirus.com; 168.57.134.227 www.antivirus-tools.com;
      70.164.136.84 www.avx.ro; 240.29.31.23 www.bit-defender.de;
      48.230.195.231 www.bitdefende.de; 124.188.184.8
      www.bitdefender-es.com; 26.40.255.122 www.bitdefender.be;
      196.160.82.180 www.bitdefender.cl; 192.37.178.200
      www.bitdefender.co.uk; 13.64.167.233 www.bitdefender.com;
      170.103.237.91 www.bitdefender.com.au; 85.223.132.218
      www.bitdefender.com.sg; 148.168.40.169 www.bitdefender.com.tw;
      225.195.29.14 www.bitdefender.com.vn; 126.234.99.60
      www.bitdefender.de; 41.98.182.255 www.bitdefender.es; 105.44.90.207
      www.bitdefender.fr; 181.70.79.240 www.bitdefender.hk; 83.109.149.97
      www.bitdefender.us; 253.42.44.36 www.bitdefenderme.com; 61.175.208.244
      www.malwarecity.com; 137.201.197.21 www.malwarecity.fr; 39.53.12.135
      quickheal.com; 209.173.95.5 www.quickheal.com; 17.118.3.25
      www.clamav.net; 94.77.248.58 cgi.clamav.net; 183.184.62.104
      lurker.clamav.net; 166.48.145.43 wwws.clamav.net; 161.249.121.250
      lists.clamav.net; 238.208.42.215 bugs.clamav.net; 71.247.44.73
      system-cleaner.comodo.com; 54.111.195.12 backup.comodo.com;
      50.57.103.220 www.comodoantispam.com; 194.83.92.253
      easy-vpn.comodo.com; 28.122.162.110 www.trustlogo.com; 10.243.245.237
      ztl.comodo.com; 6.188.221.1 www.livepcsupport.com; 82.214.210.34
      www.whichssl.com; 240.254.213.80 www.trustix.com; 222.118.108.18
      disk-encryption.comodo.com; 218.63.16.226 speedtest.comodo.com;
      39.90.5.3 www.contentverification.com; 196.197.75.117 idauthority.com;
      179.61.158.56 www.comodo.tv; 174.6.66.7 online-backup.comodo.com;
      251.221.55.40 www.testmypcsecurity.com; 152.72.125.154
      www.ccssforum.org; 135.192.20.25 i-vault.comodo.com; 131.138.184.45
      internetsecurity.comodo.com; 207.96.173.78 www.comodopartners.com;
      109.203.243.191 timestamp.comodoca.com; 91.68.70.62
      secure-email.comodo.com; 87.13.234.14 timestamp.wosign.com;
      163.39.224.47 rover800.gaima.co.uk; 65.79.38.161 www.nsclean.com;
      47.199.121.99 www.contentverification.com; 43.144.97.51
      new-estore.drweb.com; 120.171.86.84 support.drweb.com; 50.238.116.226
      pda.drweb.com; 32.103.11.97 updates.drweb.com; 28.48.175.117
      drweb.com; 104.74.164.150 vms.drweb.com; 6.114.235.8
      solutions.drweb.com; 244.46.62.134 news.drweb.com; 240.247.38.86
      my.drweb.com; 61.206.27.119 buy.drweb.com; 218.57.29.233
      products.drweb.com; 133.177.180.172 new-support.drweb.com;
      196.122.88.123 promotions.drweb.com; 17.81.77.156 network.drweb.com;
      174.188.147.14 customers.drweb.com; 89.52.230.141 store.drweb.com;
      153.254.138.161 company.drweb.com; 229.24.127.194 training.drweb.com;
      131.63.197.51 license.drweb.com; 45.184.92.178 cureit.ru;
      109.129.0.130 free.drweb.com; 185.155.245.231 info.drweb.com;
      87.195.60.21 new-partners.drweb.com; 1.59.143.215 drweb.net;
      65.4.51.167 new-company.drweb.com; 142.31.40.200 new-beta.drweb.com;
      43.70.110.58 new-forum.drweb.com; 214.2.5.253 secure.av-desk.com;
      21.135.169.204 www.av-desk.com; 98.162.158.237
      new-solutions.drweb.com; 255.13.228.95 new-www.drweb.com;
      170.133.55.222 www.freedrweb.ru; 234.79.219.242 daniloff.net;
      54.37.208.19 drweb-inside.com; 144.144.22.64 drwebinside.com;
      126.9.105.3 aladdin.com; 122.210.81.211 alladdin.ru; 10.236.70.244
      chickensroamfree.com; 100.20.73.102 ealaddin.net; 82.140.224.40
      ealaddin.orgeshop.aladdin.com; 78.85.132.248 secureme.com;
      223.111.121.25 www.aks.com; 56.151.191.139 www.aladdin.com;
      39.15.18.10 www.ealaddin.com; 34.216.182.217 www.ealaddin.com;
      43.175.171.250 auwww.ealaddin.nl; 200.214.173.40 www.esafe.com;
      183.78.68.235 www.hasp.se; 179.24.232.187 www.safenet-inc.com;
      255.50.221.220 www3.safenet-inc.com; 157.157.35.77 www.ca.com;
      139.22.118.16 cacomvip.ca.com; 135.223.26.224 www.netegrity.com;
      211.181.16.1 search.ca.com; 113.33.86.115 cai.com; 95.153.237.241
      www.f-prot.com; 91.98.145.5 frisk-software.com; 168.57.134.38
      www.frisk.is; 69.164.204.152 www.frisk-software.com; 52.28.31.23
      f-secure.com; 47.229.195.230 f-secure.frf-secure.hk; 124.0.184.7
      f-secure.nlfsecure.com; 25.39.254.121 fsecure.nlwebyard.com;
      8.159.81.60 www.f-secure.com; 4.105.57.12 www.fsecure.com;
      80.131.46.45 www.virus.fi; 238.170.48.158 fortihero.com; 220.35.199.29
      fortilog.com; 216.236.107.49 fortinet.co.at; 36.6.96.14 fortinet.com;
      126.234.99.128 fortiprotect.com; 108.166.182.254 fortiwifi.com;
      104.111.158.206 www.apsecure.com; 181.70.147.239 www.fortifed.com;
      82.177.149.97 www.fortiid.com; 253.41.44.36 www.fortimail.com;
      60.242.208.243 www.fortinet-apac.com; 137.201.197.20 www.fortinet.ch;
      38.52.11.134 www.fortinet.co.il; 209.172.94.5 www.fortinet.com;
      17.118.2.25 www.fortinet.com; 93.144.247.58 arwww.fortinet.cz;
      251.183.61.171 www.fortinet.net; 165.48.212.42 www.fortinet.nl;
      229.249.120.250 www.fortinet.sg; 49.19.110.95 www.fortinetuk.com;
      207.59.180.141 www.secure-elements.com; 121.179.7.79 gdata.es;
      185.124.171.31 www.gdata.es; 6.151.160.64 ikarus.at; 163.190.230.178
      www.ikarus.at; 78.122.125.117 global.jiangmin.com; 141.255.33.1
      jiangmin.com.cn; 150.214.210.33 jiangmin.com; 51.65.24.147
      www.jiangmin.com.cn; 222.185.107.18 www.kaspersky.com; 30.131.15.38
      forum.kaspersky.com; 106.89.4.71 support.kaspersky.co; 196.196.158.200
      usa.kaspersky.com; 6.145.241.139 brazil.kaspersky.com; 2.90.217.91
      latam.kaspersky.com; 146.116.206.124 kaspersky.com; 236.156.209.238
      me.kaspersky.com; 218.20.104.176 images.kaspersky.com; 214.221.12.128
      www.mcafee.com; 103.247.1.161 support.mcafee.com; 192.31.71.19
      msr.mcafee.com; 175.151.154.146 home.mcafee.com; 170.96.130.165
      networkassociates.com; 247.123.119.198 us.mcafee.com; 148.162.121.244
      tr.mcafee.com; 131.26.16.183 au.mcafee.com; 126.228.180.135
      mx.mcafee.com; 135.186.101.100 networkassociates.nai.com;
      37.37.171.213 go.mcafee.com; 19.158.254.152 fr.mcafee.com;
      15.103.162.104 uk.mcafee.com; 91.61.151.137 de.mcafee.com;
      249.169.222.251 obscgi.mcafee.com; 231.33.117.121 nai.com;
      227.234.25.141 www.entercept.com; 48.192.14.174 jp.mcafee.com;
      205.44.84.32 mcafeeb2b.com; 188.164.167.159 cn.mcafee.com;
      183.109.75.110 service.mcafee.com; 4.136.64.143 br.mcafee.com;
      161.175.134.1 www.mcafee.at; 144.39.217.196 mcafeeretail.com;
      140.241.193.148 it.mcafee.com; 216.11.182.181 tw.mcafee.com;
      118.50.184.38 privacy.microsoft.com; 100.171.79.165 tempuri.org;
      252.16.144.85 schemas.xmlsoap.org; 72.42.133.118 www.microsoft.com;
      230.82.203.232 specs.xmlsoap.org; 213.14.30.103
      www.eugrantsadvisor.ie; 208.215.6.54 schemas.microsoft.com;
      29.174.251.87 encarta.msn.com; 186.25.253.201 www.sysinternals.com;
      101.145.148.140 grv.microsoft.com; 164.91.56.92 www.xmlsoap.org;
      241.49.45.124 www.eugrantsadvisor.se; 142.156.115.238
      www.eugrantsadvisor.com; 57.20.198.109 research.microsoft.com;
      121.222.106.129 www.engyro.com; 197.248.95.162
      www.exchangeyourcareer.com; 99.31.165.19 www.eugrantsadvisor.de;
      13.152.60.146 exchangeyourcareer.net; 77.97.225.98 eugrantsadvisor.de;
      153.123.214.199 eugrantsadvisor.cz; 243.95.216.177 www.eset.es;
      158.215.43.116 demos.eset.es; 221.160.207.67 descargas.eset.es;
      42.187.196.100 blogs.protegerse.com; 199.226.10.214 eos.eset.es;
      114.158.161.153 pedidos.protegerse.com; 177.36.69.105
      reg-int.nod32-es.com; 254.62.58.137 reg.eset.es; 155.169.128.251
      vicentevirtual.com; 70.33.211.122 cou85.com; 134.235.119.142
      www.norman.com; 210.193.108.175 fsc.norman.com; 44.44.178.220
      nprobeta.norman.com; 26.165.5.159 register.norman.com; 22.110.238.111
      webadmin.norman.no; 166.136.227.144 sandbox.norman.com; 0.176.229.2
      www.nprotect.com; 239.40.124.197 global.nprotect.com; 234.241.32.148
      www.nprotect.co.kr; 123.12.21.181 www.npin.co.kr; 144.239.23.227
      siren24.nprotect.com; 127.103.106.98 15660808.co.kr; 122.49.82.118
      biz.nprotect.com; 199.75.71.150 nprotect.net; 101.114.73.196
      www.nprotect.com.br; 83.234.224.135 liveprotect.net; 79.180.132.87
      nprotect.seoul.go.kr; 155.206.121.120 chollian.nprotect.co.kr;
      57.57.191.233 www.pandasecurity.com; 39.178.18.172
      research.pandasecurity.com; 35.123.183.124 support.pandasecurity.com;
      111.81.172.157 pandalabs.pandasecurity.com; 13.189.242.15
      pandasecurity.com; 252.53.137.142 mop.pandasecurity.com;
      247.254.45.161 timeforyourbusi.pandasecurity.com; 68.213.34.194
      cybercrime.pandasecurity.com; 225.64.104.52 free.pandasecurity.com;
      208.184.187.179 cloudprotection.pandasecurity.com; 203.130.95.131
      shop.pandasecurity.com; 24.156.84.163 soporte.pandasecurity.com;
      114.127.86.209 together.pctools.com; 96.248.169.148 www.prevx.com;
      92.193.145.100 info.prevx.com; 168.219.134.133 free.prevx.com;
      70.2.136.246 spywarefiles.prevx.com; 52.123.31.117
      spywaredlls.prevx.com; 48.68.196.137 shield.prevx.com; 124.94.185.170
      www.prevx1.com; 26.134.255.28 howsafeismypc.com; 9.66.82.155
      www.retento.com; 4.11.58.106 www.freerav.com; 81.226.47.139
      www.rising-global.com; 238.77.49.253 www.risingav.com.au;
      153.197.200.192 support.rising-global.com; 216.143.108.144
      superboy2010.com.au; 37.101.97.176 www.sophos.com; 195.208.167.34
      feeds.sophos.com; 109.73.250.161 esp.sophos.com; 173.18.158.181
      cn.sophos.com; 249.44.147.214 tw.sophos.com; 151.83.217.71
      kr.sophos.com; 29.168.76.162 sophos.com; 93.113.240.114
      podcasts.sophos.com; 169.139.230.215 www.sunbeltsoftware.com;
      71.179.44.5 go.sunbeltsoftware.com; 242.43.127.199
      oem.sunbeltsoftware.com; 49.244.35.151 antispam.sunbeltsoftware.com;
      126.15.24.184 antispyware.sunbeltsoftware.com; 27.54.94.42
      antivirus.sunbeltsoftware.com; 198.242.245.237 sunbeltsoftware.com;
      5.119.153.189 shop.sunbeltsoftware.com; 82.146.142.221
      live.sunbeltsoftware.com; 239.253.212.79 firewall.sunbeltsoftware.com;
      154.117.39.206 www.symantec.com; 218.63.203.226 security.symantec.com;
      38.21.192.3 securityrespons.symantec.com; 128.128.6.48
      service1.symantec.com; 110.249.89.243 enterprisesecur.symantec.com;
      106.194.65.195 eval.symantec.com; 250.220.55.228 symantec.com;
      84.4.57.86 definitions.symantec.com; 67.124.208.24
      investor.symantec.com; 62.69.116.232 et.symantec.com; 207.96.105.9
      sfdoccentral.symantec.com; 40.135.175.123 servicenews.symantec.com;
      211.187.190.182 securityrespons.symantec.com; 206.132.166.202
      sea.symantec.com; 27.159.155.234 go.symantec.com; 184.198.157.24
      dell.symantec.com; 167.62.52.219 sun.symantec.com; 163.8.216.171
      marian.symantec.com; 239.34.205.204 tms.symantec.com; 141.141.19.61
      securitycheck.symantec.com; 123.6.102.0 smallbiz.symantec.com;
      119.207.10.208 www.symantec.com; 195.165.0.241
      visualtracking.symantec.com; 97.17.70.99 search.symantec.com;
      80.137.221.225 liveupdate.symantec.com; 75.82.129.245
      sitedirector.symantec.com; 152.41.118.22 edm.symantec.com;
      53.148.188.136 hostedmailsecur.symantec.com; 36.12.15.7
      www4.symantec.com; 31.213.179.215 education.symantec.com;
      108.240.168.247 vos.symantec.com; 9.23.238.105 www.hacksoft.com.pe;
      248.143.65.44 hacksoft.pe; 244.89.41.252 www.hacksoft.pe; 64.115.30.29
      housecall.trendmicro.com; 222.154.32.142 www.trendmicro.com;
      204.19.183.13 housecall65.trendmicro.com; 200.220.91.33
      us.trendmicro.com; 208.178.13.254 blog.trendmicro.com; 110.218.83.112
      emea.trendmicro.com; 93.150.166.238 housecall60.trendmicro.com;
      88.95.142.190 jp.trendmicro.com; 165.54.131.223 de.trendmicro.com;
      66.161.133.81 it.trendmicro.com; 237.25.28.20 itw.trendmicro.com;
      44.227.192.228 esupport.trendmicro.com; 121.185.181.4
      es.trendmicro.com; 22.36.251.118 br.trendmicro.com; 193.156.78.245
      tw.trendmicro.com; 1.102.242.9 la.trendmicro.com; 77.128.231.42
      uk.trendmicro.com; 235.167.45.155 ru.trendmicro.com; 149.32.196.26
      smbstore.trendmicro.com; 213.233.104.234 apac.trendmicro.com;
      33.3.94.79 store.trendmicro.com; 191.43.164.125
      training.trendmicro.com; 106.163.247.63 trial.trendmicro.com;
      169.108.155.15 ushousecall02.trendmicro.com; 246.135.144.48
      subwiz.trendmicro.com; 147.174.214.162 go.trendmicro.com;
      62.106.109.101 feeds.trendmicro.com; 125.240.17.53
      channelpartner.trendmicro.com; 202.10.6.85 wtc.trendmicro.com;
      35.49.8.131 shop.trendmicro.com; 206.169.91.2 fr.trendmicro.com;
      14.115.255.22 threatinfo.trendmicro.com; 90.73.244.55
      newsletters.trendmicro.com; 180.180.58.100 www.anti-virus.by;
      162.45.141.39 bg.virusblokada.com; 158.246.118.247 www.vba.com.by;
      46.16.107.24 beta.anti-virus.by; 136.56.109.138
      www.bg.virusblokada.com; 119.176.4.76 www.hauri.net; 114.121.168.28
      www.hauri.co.kr; 3.148.157.61 company.hauri.net; 92.187.227.175
      www.globalhauri.com; 75.51.54.46 shop.hauri.co.kr; 70.253.30.66
      hauri.co.kr; 147.23.19.98 pg.hauri.net; 48.62.21.144
      esecurity.livecall.co.kr; 31.182.172.83 mall.hauri.co.kr; 27.128.80.35
      company.hauri.co.kr; 103.154.69.68 haurijapan.com; 5.5.139.181
      virobot.co.kr; 243.126.222.120 www.virusbuster.hu; 11.99.158.100
      virusbuster.hu; 87.57.147.133 scanner.novirusthanks.org;
      245.164.217.246 scanner2.novirusthanks.or; 227.29.112.117
      novirusthanks.org; 223.230.20.137 www.novirusthanks.org; 43.188.10.170
      virustotal.com; 201.40.80.28 www.virustotal.com; 184.160.163.154
      virscan.org; 179.105.71.106 www.virscan.org; 0.132.60.139
      virusscan.jotti.org; 157.171.130.253 jotti.org; 140.35.213.192
      www.jotti.org; 135.237.189.144 viruschief.com; 212.7.178.176
      www.viruschief.com; 113.46.180.34 scanner.virus.org; 96.166.75.161
      virus.org; 92.112.239.181 www.virus.org; 168.138.228.214 scan4you.net;
      70.177.42.71 www.scan4you.net; 52.110.125.198 avhide.com;
      48.55.101.150 www.avhide.com; 56.201.23.115 anubis.iseclab.org;
      214.53.25.229 iseclab.org; 129.173.176.167 www.iseclab.org;
      192.118.84.119 threatexpert.com; 13.77.73.152 www.threatexpert.com

Informations divers Il vérifie l'existence d'une connexion Internet en contactant le site web suivant:
• http://www.whatismyip.org

Mutex:
Il crée le Mutex suivant:
• @0MPfV5@mqt

Détails de fichier Langage de programmation:
Le fichier a été écrit en Visual Basic.

Logiciel de compression des fichiers exécutables:
Afin d'entraver la détection et de réduire la taille du fichier il est compressé avec un logiciel de compression des exécutables.

Description insérée par Petre Galan le mercredi 24 novembre 2010
Description mise à jour par Petre Galan le mercredi 24 novembre 2010

Retour . . . .

Produits phares

Plus de produits

Les plus populaires

Tous les produits

Particuliers

Entreprises

Virus Lab

Support avancé

Programme Avira Partner

Particuliers

Entreprises

Une simple évaluation vous suffit ?

Manuels et outils

Produits phares

Plus de produits

Les plus populaires

Tous les produits

Particuliers

Entreprises

Virus Lab

Support avancé

Programme Avira Partner

Particuliers

Entreprises

Une simple évaluation vous suffit ?

Manuels et outils