BackDoor.Siggen.37949

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxesapp.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksmsvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksmgui.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpopserver.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vgchsvx.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwServ.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FilMsg.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Twister.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SpIDerMl.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avfwsvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spideragent.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwengine.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr_tz_Setup.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPConfig.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCAddWidget.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvexpert.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdsvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdtray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsdwsc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knsd.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCUPDATE.EXE] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.EXE] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwsupd.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeTray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsSvHost.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeSvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upsvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfefire.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3PScan.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3SP.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsmgrsvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPSvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfevtps.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOBKbackup.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\РЮёґ№¤ѕЯ.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFE_INSTALLER.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe] 'Debugger' = 'ntsd -d'
[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe] 'Debugger' = 'ntsd -d'

Создает следующие сервисы:

[<HKLM>\SYSTEM\ControlSet001\Services\AppMgmt] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\2FA4073A] 'Start' = '00000002'

Заражает следующие исполняемые системные файлы:

<SYSTEM32>\appmgmts.dll

Вредоносные функции:

Запускает на исполнение:

<SYSTEM32>\reg.exe export HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt %WINDIR%\TEMP\r4d68367d.txt
<SYSTEM32>\reg.exe import "%TEMP%\r18105f5d.txt"
<SYSTEM32>\reg.exe export "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layouts" "%TEMP%\r18105f5d.txt"

Устраняет перехваты фукнций в SSDT (System Service Descriptor Table).

Изменения в файловой системе:

Создает следующие файлы:

%WINDIR%\Temp\s4e567ea7.txt
<SYSTEM32>\2FA4073A.sys
\Device\LanmanRedirector\WORKGROUP*\MAILSLOT\NET\NETLOGON
%WINDIR%\Temp\r4d68367d.txt
%TEMP%\1D3247CF.log
C:\Documents and Settings\Infotmp.txt
%TEMP%\r18105f5d.txt
<SYSTEM32>\1D320578.tmp

Удаляет следующие файлы:

%WINDIR%\Temp\r4d68367d.txt
<SYSTEM32>\1D320578.tmp
%WINDIR%\Temp\s4e567ea7.txt
%TEMP%\r18105f5d.txt
C:\Documents and Settings\Infotmp.txt

Самоудаляется.

Сетевая активность:

Подключается к:

'10.#.0.164':139
'10.#.0.165':445
'10.#.0.165':139
'10.#.0.162':139
'10.#.0.163':445
'10.#.0.164':445
'10.#.0.166':445
'10.#.0.169':445
'10.#.0.169':139
'10.#.0.170':445
'10.#.0.167':445
'10.#.0.167':139
'10.#.0.168':445
'10.#.0.162':445
'10.#.0.155':139
'10.#.0.156':445
'10.#.0.156':139
'10.#.0.154':445
'10.#.0.154':139
'10.#.0.155':445
'10.#.0.157':445
'10.#.0.159':445
'10.#.0.160':445
'10.#.0.161':445
'10.#.0.157':139
'10.#.0.158':445
'10.#.0.158':139
'10.#.0.171':445
'10.#.0.182':445
'10.#.0.182':139
'10.#.0.183':445
'10.#.0.180':445
'10.#.0.181':445
'10.#.0.181':139
'10.#.0.184':445
'10.#.0.187':445
'10.#.0.188':445
'10.#.0.188':139
'10.#.0.185':445
'10.#.0.186':445
'10.#.0.186':139
'10.#.0.179':139
'10.#.0.173':445
'10.#.0.174':445
'10.#.0.174':139
'10.#.0.171':139
'10.#.0.96':80
'10.#.0.172':445
'10.#.0.175':445
'10.#.0.177':139
'10.#.0.178':445
'10.#.0.179':445
'10.#.0.175':139
'10.#.0.176':445
'10.#.0.177':445
'10.#.0.153':139
'10.#.0.134':445
'10.#.0.134':139
'10.#.0.135':445
'10.#.0.132':445
'10.#.0.132':139
'10.#.0.133':445
'10.#.0.136':445
'10.#.0.138':139
'10.#.0.139':445
'10.#.0.140':445
'10.#.0.137':445
'10.#.0.137':139
'10.#.0.138':445
'10.#.0.131':139
'10.#.0.126':445
'10.#.0.127':445
'10.#.0.127':139
'10.#.0.124':139
'10.#.0.125':445
'10.#.0.125':139
'10.#.0.128':445
'10.#.0.130':445
'10.#.0.130':139
'10.#.0.131':445
'10.#.0.128':139
'10.#.0.129':445
'10.#.0.129':139
'10.#.0.140':139
'10.#.0.72':80
'10.#.0.33':80
'10.#.0.150':445
'10.#.0.149':445
'10.#.0.149':139
'10.#.0.5':80
'10.#.0.150':139
'10.#.0.152':445
'10.#.0.152':139
'10.#.0.153':445
'10.#.0.86':80
'10.#.0.4':80
'10.#.0.151':445
'10.#.0.148':139
'10.#.0.142':139
'10.#.0.143':445
'10.#.0.143':139
'10.#.0.141':445
'10.#.0.141':139
'10.#.0.142':445
'10.#.0.144':445
'10.#.0.146':445
'10.#.0.147':445
'10.#.0.148':445
'10.#.0.144':139
'10.#.0.145':445
'10.#.0.145':139
'10.#.0.189':445
'10.#.0.233':139
'10.#.0.234':445
'10.#.0.234':139
'10.#.0.232':445
'10.#.0.232':139
'10.#.0.233':445
'10.#.0.235':445
'10.#.0.237':445
'10.#.0.237':139
'10.#.0.239':445
'10.#.0.236':445
'10.#.0.238':445
'10.#.0.238':139
'10.#.0.231':445
'10.#.0.224':139
'10.#.0.225':445
'10.#.0.225':139
'10.#.0.222':445
'10.#.0.223':445
'10.#.0.224':445
'10.#.0.226':445
'10.#.0.228':445
'10.#.0.229':445
'10.#.0.230':445
'10.#.0.226':139
'10.#.0.227':445
'10.#.0.227':139
'10.#.0.239':139
'10.#.0.249':445
'10.#.0.250':445
'10.#.0.250':139
'10.#.0.247':445
'10.#.0.247':139
'10.#.0.248':445
'10.#.0.251':445
'10.#.0.253':445
'10.#.0.254':445
'10.#.0.254':139
'10.#.0.251':139
'10.#.0.252':445
'10.#.0.252':139
'10.#.0.246':139
'10.#.0.241':139
'10.#.0.242':445
'10.#.0.242':139
'10.#.0.240':445
'10.#.0.240':139
'10.#.0.241':445
'10.#.0.243':445
'10.#.0.245':445
'10.#.0.245':139
'10.#.0.246':445
'10.#.0.243':139
'10.#.0.244':445
'10.#.0.244':139
'10.#.0.221':139
'10.#.0.198':139
'10.#.0.199':445
'10.#.0.200':445
'10.#.0.196':139
'10.#.0.197':445
'10.#.0.198':445
'10.#.0.200':139
'10.#.0.203':445
'10.#.0.203':139
'10.#.0.204':445
'10.#.0.201':445
'10.#.0.202':445
'10.#.0.202':139
'10.#.0.196':445
'10.#.0.191':445
'10.#.0.192':445
'10.#.0.192':139
'10.#.0.189':139
'10.#.0.190':445
'10.#.0.190':139
'10.#.0.193':445
'10.#.0.195':445
'10.#.0.195':139
'10.#.0.100':80
'10.#.0.193':139
'10.#.0.194':445
'10.#.0.194':139
'10.#.0.204':139
'10.#.0.215':139
'10.#.0.216':445
'10.#.0.216':139
'10.#.0.213':139
'10.#.0.214':445
'10.#.0.215':445
'10.#.0.217':445
'10.#.0.219':445
'10.#.0.220':445
'10.#.0.221':445
'10.#.0.217':139
'10.#.0.218':445
'10.#.0.218':139
'10.#.0.213':445
'10.#.0.207':139
'10.#.0.208':445
'10.#.0.208':139
'10.#.0.205':445
'10.#.0.206':445
'10.#.0.207':445
'10.#.0.209':445
'10.#.0.211':445
'10.#.0.211':139
'10.#.0.212':445
'10.#.0.209':139
'10.#.0.210':445
'10.#.0.210':139
'10.#.0.42':445
'10.#.0.42':139
'10.#.0.43':445
'10.#.0.40':139
'10.#.0.41':445
'10.#.0.41':139
'10.#.0.43':139
'10.#.0.46':445
'10.#.0.46':139
'10.#.0.47':445
'10.#.0.44':445
'10.#.0.45':445
'10.#.0.45':139
'10.#.0.40':445
'10.#.0.34':139
'10.#.0.35':445
'10.#.0.36':445
'10.#.0.33':445
'10.#.0.33':139
'10.#.0.34':445
'10.#.0.36':139
'10.#.0.38':139
'10.#.0.39':445
'10.#.0.39':139
'10.#.0.37':445
'10.#.0.37':139
'10.#.0.38':445
'10.#.0.47':139
'10.#.0.57':139
'10.#.0.58':445
'10.#.0.58':139
'10.#.0.56':445
'10.#.0.56':139
'10.#.0.57':445
'10.#.0.59':445
'10.#.0.61':445
'10.#.0.61':139
'10.#.0.62':445
'10.#.0.59':139
'10.#.0.60':445
'10.#.0.60':139
'10.#.0.55':139
'10.#.0.49':139
'10.#.0.50':445
'10.#.0.50':139
'10.#.0.48':445
'10.#.0.48':139
'10.#.0.49':445
'10.#.0.51':445
'10.#.0.54':445
'10.#.0.54':139
'10.#.0.55':445
'10.#.0.52':445
'10.#.0.53':445
'10.#.0.53':139
'10.#.0.32':139
'10.#.0.13':445
'10.#.0.13':139
'10.#.0.14':445
'10.#.0.11':445
'10.#.0.12':445
'10.#.0.12':139
'10.#.0.14':139
'10.#.0.16':139
'10.#.0.17':445
'10.#.0.17':139
'10.#.0.15':445
'10.#.0.15':139
'10.#.0.16':445
'10.#.0.10':445
'10.#.0.5':139
'10.#.0.6':445
'10.#.0.2':445
'20#.#5.123.172':8080
'10.#.0.4':445
'10.#.0.5':445
'10.#.0.2':139
'10.#.0.8':139
'10.#.0.9':445
'10.#.0.9':139
'10.#.0.3':445
'10.#.0.7':445
'10.#.0.8':445
'10.#.0.18':445
'10.#.0.27':139
'10.#.0.28':445
'10.#.0.28':139
'10.#.0.25':139
'10.#.0.26':445
'10.#.0.27':445
'20#.#5.123.174':8080
'10.#.0.30':139
'10.#.0.31':445
'10.#.0.32':445
'10.#.0.29':445
'10.#.0.29':139
'10.#.0.30':445
'10.#.0.25':445
'10.#.0.20':445
'10.#.0.20':139
'10.#.0.21':445
'10.#.0.18':139
'10.#.0.19':445
'10.#.0.19':139
'10.#.0.21':139
'10.#.0.23':139
'10.#.0.24':445
'10.#.0.24':139
'10.#.0.22':445
'10.#.0.22':139
'10.#.0.23':445
'10.#.0.62':139
'20#.#5.123.173':8080
'10.#.0.103':445
'10.#.0.104':445
'10.#.0.101':445
'10.#.0.102':445
'10.#.0.102':139
'10.#.0.105':445
'10.#.0.107':445
'10.#.0.108':445
'10.#.0.109':445
'10.#.0.105':139
'10.#.0.106':445
'10.#.0.106':139
'10.#.0.100':139
'10.#.0.94':139
'10.#.0.95':445
'10.#.0.95':139
'10.#.0.93':445
'10.#.0.93':139
'10.#.0.94':445
'10.#.0.96':445
'10.#.0.98':445
'10.#.0.99':445
'10.#.0.100':445
'10.#.0.96':139
'10.#.0.97':445
'10.#.0.97':139
'10.#.0.109':139
'10.#.0.119':139
'10.#.0.120':445
'10.#.0.120':139
'10.#.0.118':445
'10.#.0.118':139
'10.#.0.119':445
'10.#.0.121':445
'10.#.0.123':445
'10.#.0.123':139
'10.#.0.124':445
'10.#.0.121':139
'10.#.0.122':445
'10.#.0.122':139
'10.#.0.117':139
'10.#.0.112':445
'10.#.0.113':445
'10.#.0.113':139
'10.#.0.110':445
'10.#.0.111':445
'10.#.0.111':139
'10.#.0.114':445
'10.#.0.116':445
'10.#.0.116':139
'10.#.0.117':445
'10.#.0.114':139
'20#.#5.123.170':8080
'10.#.0.115':445
'10.#.0.92':139
'10.#.0.71':139
'10.#.0.72':445
'10.#.0.72':139
'10.#.0.70':445
'10.#.0.70':139
'10.#.0.71':445
'10.#.0.73':445
'10.#.0.75':445
'10.#.0.75':139
'10.#.0.76':445
'10.#.0.73':139
'10.#.0.74':445
'10.#.0.74':139
'10.#.0.69':139
'10.#.0.64':139
'10.#.0.65':445
'10.#.0.65':139
'10.#.0.63':445
'10.#.0.63':139
'10.#.0.64':445
'10.#.0.66':445
'10.#.0.68':445
'10.#.0.68':139
'10.#.0.69':445
'10.#.0.67':445
'10.#.0.67':139
'20#.#5.123.171':8080
'10.#.0.76':139
'10.#.0.85':139
'10.#.0.86':445
'10.#.0.87':445
'10.#.0.84':445
'10.#.0.84':139
'10.#.0.85':445
'10.#.0.87':139
'10.#.0.90':139
'10.#.0.91':445
'10.#.0.92':445
'10.#.0.88':445
'10.#.0.89':445
'10.#.0.90':445
'10.#.0.83':139
'10.#.0.78':139
'10.#.0.79':445
'10.#.0.79':139
'10.#.0.77':445
'10.#.0.77':139
'10.#.0.78':445
'10.#.0.80':445
'10.#.0.82':445
'10.#.0.82':139
'10.#.0.83':445
'10.#.0.80':139
'10.#.0.81':445
'10.#.0.81':139

UDP:

DNS ASK www.ba##u.com
DNS ASK www.nx###477.info
'10.#.0.169':0
'10.#.0.170':0
'10.#.0.167':0
'10.#.0.168':0
'10.#.0.173':0
'10.#.0.174':0
'10.#.0.171':0
'10.#.0.172':0
'10.#.0.161':0
'10.#.0.162':0
'10.#.0.159':0
'10.#.0.160':0
'10.#.0.165':0
'10.#.0.166':0
'10.#.0.163':0
'10.#.0.164':0
'10.#.0.185':0
'10.#.0.186':0
'10.#.0.183':0
'10.#.0.184':0
'10.#.0.189':0
'10.#.0.190':0
'10.#.0.187':0
'10.#.0.188':0
'10.#.0.177':0
'10.#.0.178':0
'10.#.0.175':0
'10.#.0.176':0
'10.#.0.181':0
'10.#.0.182':0
'10.#.0.179':0
'10.#.0.180':0
'10.#.0.137':0
'10.#.0.138':0
'10.#.0.135':0
'10.#.0.136':0
'10.#.0.141':0
'10.#.0.142':0
'10.#.0.139':0
'10.#.0.140':0
'10.#.0.129':0
'10.#.0.130':0
'10.#.0.127':0
'10.#.0.128':0
'10.#.0.133':0
'10.#.0.134':0
'10.#.0.131':0
'10.#.0.132':0
'10.#.0.153':0
'10.#.0.154':0
'10.#.0.151':0
'10.#.0.152':0
'10.#.0.157':0
'10.#.0.158':0
'10.#.0.155':0
'10.#.0.156':0
'10.#.0.145':0
'10.#.0.146':0
'10.#.0.143':0
'10.#.0.144':0
'10.#.0.149':0
'10.#.0.150':0
'10.#.0.147':0
'10.#.0.148':0
'10.#.0.191':0
'10.#.0.234':0
'10.#.0.235':0
'10.#.0.232':0
'10.#.0.233':0
'10.#.0.238':0
'10.#.0.239':0
'10.#.0.236':0
'10.#.0.237':0
'10.#.0.226':0
'10.#.0.227':0
'10.#.0.224':0
'10.#.0.225':0
'10.#.0.230':0
'10.#.0.231':0
'10.#.0.228':0
'10.#.0.229':0
'10.#.0.250':0
'10.#.0.251':0
'10.#.0.248':0
'10.#.0.249':0
'10.#.0.254':0
'10.#.0.255':0
'10.#.0.252':0
'10.#.0.253':0
'10.#.0.242':0
'10.#.0.243':0
'10.#.0.240':0
'10.#.0.241':0
'10.#.0.246':0
'10.#.0.247':0
'10.#.0.244':0
'10.#.0.245':0
'10.#.0.202':0
'10.#.0.203':0
'10.#.0.200':0
'10.#.0.201':0
'10.#.0.206':0
'10.#.0.207':0
'10.#.0.204':0
'10.#.0.205':0
'10.#.0.194':0
'10.#.0.195':0
'10.#.0.192':0
'10.#.0.193':0
'10.#.0.198':0
'10.#.0.199':0
'10.#.0.196':0
'10.#.0.197':0
'10.#.0.218':0
'10.#.0.219':0
'10.#.0.216':0
'10.#.0.217':0
'10.#.0.222':0
'10.#.0.223':0
'10.#.0.220':0
'10.#.0.221':0
'10.#.0.210':0
'10.#.0.211':0
'10.#.0.208':0
'10.#.0.209':0
'10.#.0.214':0
'10.#.0.215':0
'10.#.0.212':0
'10.#.0.213':0
'10.#.0.126':0
'10.#.0.39':0
'10.#.0.40':0
'10.#.0.37':0
'10.#.0.38':0
'10.#.0.43':0
'10.#.0.44':0
'10.#.0.41':0
'10.#.0.42':0
'10.#.0.31':0
'10.#.0.32':0
'10.#.0.29':0
'10.#.0.30':0
'10.#.0.35':0
'10.#.0.36':0
'10.#.0.33':0
'10.#.0.34':0
'10.#.0.55':0
'10.#.0.56':0
'10.#.0.53':0
'10.#.0.54':0
'10.#.0.59':0
'10.#.0.60':0
'10.#.0.57':0
'10.#.0.58':0
'10.#.0.47':0
'10.#.0.48':0
'10.#.0.45':0
'10.#.0.46':0
'10.#.0.51':0
'10.#.0.52':0
'10.#.0.49':0
'10.#.0.50':0
'10.#.0.8':0
'10.#.0.9':0
'10.#.0.6':0
'10.#.0.7':0
'10.#.0.12':0
'10.#.0.13':0
'10.#.0.10':0
'10.#.0.11':0
'10.#.1.1':1037
'20#.#5.123.171':0
'10.#.1.1':1035
'10.#.1.1':1034
'10.#.0.4':0
'10.#.0.5':0
'10.#.0.2':0
'10.#.0.3':0
'10.#.0.23':0
'10.#.0.24':0
'10.#.0.22':0
'10.#.1.1':1036
'10.#.0.27':0
'10.#.0.28':0
'10.#.0.25':0
'10.#.0.26':0
'10.#.0.16':0
'10.#.0.17':0
'10.#.0.14':0
'10.#.0.15':0
'10.#.0.20':0
'10.#.0.21':0
'10.#.0.18':0
'10.#.0.19':0
'10.#.0.61':0
'10.#.0.104':0
'10.#.0.105':0
'10.#.0.102':0
'10.#.0.103':0
'10.#.0.108':0
'10.#.0.109':0
'10.#.0.106':0
'10.#.0.107':0
'10.#.0.96':0
'10.#.0.97':0
'10.#.0.94':0
'10.#.0.95':0
'10.#.0.100':0
'10.#.0.101':0
'10.#.0.98':0
'10.#.0.99':0
'10.#.0.120':0
'10.#.0.121':0
'10.#.0.118':0
'10.#.0.119':0
'10.#.0.124':0
'10.#.0.125':0
'10.#.0.122':0
'10.#.0.123':0
'10.#.0.112':0
'10.#.0.113':0
'10.#.0.110':0
'10.#.0.111':0
'10.#.0.116':0
'10.#.0.117':0
'10.#.0.114':0
'10.#.0.115':0
'10.#.0.72':0
'10.#.0.73':0
'10.#.0.70':0
'10.#.0.71':0
'10.#.0.76':0
'10.#.0.77':0
'10.#.0.74':0
'10.#.0.75':0
'10.#.0.64':0
'10.#.0.65':0
'10.#.0.62':0
'10.#.0.63':0
'10.#.0.68':0
'10.#.0.69':0
'10.#.0.66':0
'10.#.0.67':0
'10.#.0.88':0
'10.#.0.89':0
'10.#.0.86':0
'10.#.0.87':0
'10.#.0.92':0
'10.#.0.93':0
'10.#.0.90':0
'10.#.0.91':0
'10.#.0.80':0
'10.#.0.81':0
'10.#.0.78':0
'10.#.0.79':0
'10.#.0.84':0
'10.#.0.85':0
'10.#.0.82':0
'10.#.0.83':0

Технології

Терміни

Навчання

Міфи

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней