Trojan.Siggen29.14133

Техническая информация

Вредоносные функции

Запускает на исполнение

'%WINDIR%\syswow64\taskkill.exe' /f /im WinToHDD.exe

Изменения в файловой системе

Создает следующие файлы

%TEMP%\rarsfx0\wintohdd_free.exe
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\it_it\lc_messages\is-0mudf.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\hu_hu\lc_messages\is-2iapj.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\fr_fr\lc_messages\is-62dqm.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\es_es\lc_messages\is-u3tiu.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\en_us\lc_messages\is-sap6r.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\el_gr\lc_messages\is-efjuf.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\de_de\lc_messages\is-vvpc8.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\bg_bg\lc_messages\is-vl87s.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ar_eg\lc_messages\is-0st0e.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ar_eg\lc_messages\is-6o4d0.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-bmqm5.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-0foo1.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ko_kr\lc_messages\is-et4e6.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ja_jp\lc_messages\is-lomf2.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-tmnvl.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-4urho.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-ru9t7.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-k0mrv.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-f643v.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\zh_tw\lc_messages\is-5hp77.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\zh_cn\lc_messages\is-ar76t.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\tr_tr\lc_messages\is-bs6gt.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ru_ru\lc_messages\is-khoib.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\pt_br\lc_messages\is-fo8em.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\pl_pl\lc_messages\is-k39tq.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\nl_nl\lc_messages\is-emsof.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-51lff.tmp
%ProgramFiles%\hasleo\wintohdd\res\pt_br\lc_messages\is-q0npj.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\nl_nl\lc_messages\is-ssuu4.tmp
%TEMP%\etilqs_dswiznfoe9c6nic
%TEMP%\etilqs_jdcjdcs0stt1ol1
%TEMP%\etilqs_kbpob1viaosf88f
%TEMP%\etilqs_bltdxrba0y47sbm
%TEMP%\etilqs_axg0jptqeedj1xo
%TEMP%\etilqs_sv5kfy6wcyciefo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\wintohdd.exe
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\wintohdd.exe
%ProgramFiles%\hasleo\wintohdd\bin\wintohdd.exe
%TEMP%\dup2patcher.dll
%ProgramFiles%\hasleo\wintohdd\is-cda77.tmp
%TEMP%\is-4cqln.tmp\_isetup\_setup64.tmp
%TEMP%\is-e4tka.tmp\activator.tmp
%ProgramFiles%\hasleo\wintohdd\unins000.dat
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\wintohdd.ini
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\wintohdd.ini
%ProgramFiles%\hasleo\wintohdd\bin\wintohdd.ini
C:\users\public\desktop\hasleo wintohdd.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\hasleo wintohdd\uninstall hasleo wintohdd.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\hasleo wintohdd\hasleo wintohdd on the web.url
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\hasleo wintohdd\hasleo wintohdd.lnk
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-20are.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\zh_tw\lc_messages\is-tjg5a.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\zh_cn\lc_messages\is-0q3aa.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\tr_tr\lc_messages\is-ds1fp.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ru_ru\lc_messages\is-q727h.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\pt_br\lc_messages\is-ne8lt.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ko_kr\lc_messages\is-1gfe2.tmp
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-j739d.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ja_jp\lc_messages\is-mg02e.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\it_it\lc_messages\is-i0875.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\hu_hu\lc_messages\is-d096u.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-tjgd8.tmp
%ProgramFiles%\hasleo\wintohdd\res\ja_jp\lc_messages\is-n583g.tmp
%ProgramFiles%\hasleo\wintohdd\res\it_it\lc_messages\is-tiv3a.tmp
%ProgramFiles%\hasleo\wintohdd\res\hu_hu\lc_messages\is-oid7u.tmp
%ProgramFiles%\hasleo\wintohdd\res\fr_fr\lc_messages\is-7qb8g.tmp
%ProgramFiles%\hasleo\wintohdd\res\es_es\lc_messages\is-6lq78.tmp
%ProgramFiles%\hasleo\wintohdd\res\en_us\lc_messages\is-e5j5f.tmp
%ProgramFiles%\hasleo\wintohdd\res\el_gr\lc_messages\is-mqlqi.tmp
%ProgramFiles%\hasleo\wintohdd\res\de_de\lc_messages\is-98f5k.tmp
%ProgramFiles%\hasleo\wintohdd\res\bg_bg\lc_messages\is-op343.tmp
%ProgramFiles%\hasleo\wintohdd\res\ar_eg\lc_messages\is-fsesk.tmp
%ProgramFiles%\hasleo\wintohdd\res\ar_eg\lc_messages\is-f9l1c.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-u93gc.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-br6j2.tmp
%ProgramFiles%\hasleo\wintohdd\res\nl_nl\lc_messages\is-8hn88.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-n70hm.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-kehd2.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-ic29v.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-auon0.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-q89kl.tmp
%ProgramFiles%\hasleo\wintohdd\is-gd13r.tmp
%TEMP%\is-v65lh.tmp\unins000.dll
%TEMP%\is-v65lh.tmp\_isetup\_setup64.tmp
%TEMP%\is-v5dbi.tmp\wintohdd_free.tmp
%TEMP%\rarsfx0\cybermania.url
%TEMP%\rarsfx0\crack.7z
%TEMP%\rarsfx0\activator.exe
%TEMP%\etilqs_5lc7lccxpuaudxv
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\pl_pl\lc_messages\is-18ij1.tmp
%ProgramFiles%\hasleo\wintohdd\res\pl_pl\lc_messages\is-8vmfu.tmp
%ProgramFiles%\hasleo\wintohdd\res\tr_tr\lc_messages\is-n9ne9.tmp
%ProgramFiles%\hasleo\wintohdd\res\ko_kr\lc_messages\is-kdboo.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\fr_fr\lc_messages\is-pbteb.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\es_es\lc_messages\is-uj90m.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\en_us\lc_messages\is-43rs6.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\el_gr\lc_messages\is-sf2ki.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\de_de\lc_messages\is-hubuf.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\bg_bg\lc_messages\is-rogbn.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ar_eg\lc_messages\is-peca7.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ar_eg\lc_messages\is-6f8ti.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-nlitm.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-qip9o.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-a1oid.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-cp726.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-9aiv6.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-s3f52.tmp
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-qi1a2.tmp
%ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\is-t1l6n.tmp
%ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\is-9ufaa.tmp
%ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\is-fcnbs.tmp
%ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\is-c2iqe.tmp
%ProgramFiles%\hasleo\wintohdd\is-jiqjd.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-fc7q8.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-tl3gf.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-30f0o.tmp
%ProgramFiles%\hasleo\wintohdd\bin\is-lufkf.tmp
%ProgramFiles%\hasleo\wintohdd\res\zh_tw\lc_messages\is-rviu8.tmp
%ProgramFiles%\hasleo\wintohdd\res\zh_cn\lc_messages\is-5c392.tmp
%ProgramFiles%\hasleo\wintohdd\res\ru_ru\lc_messages\is-lovq5.tmp
%TEMP%\etilqs_y9xhzdvvvvjhmfh

Удаляет следующие файлы

%TEMP%\is-v65lh.tmp\unins000.dll
%TEMP%\is-v65lh.tmp\_isetup\_setup64.tmp
%TEMP%\is-v5dbi.tmp\wintohdd_free.tmp
%TEMP%\dup2patcher.dll
%ProgramFiles%\hasleo\wintohdd\wintohdd patcher.exe
%TEMP%\is-4cqln.tmp\_isetup\_setup64.tmp
%TEMP%\is-e4tka.tmp\activator.tmp

Перемещает следующие файлы

%ProgramFiles%\hasleo\wintohdd\is-gd13r.tmp в %ProgramFiles%\hasleo\wintohdd\unins000.exe
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-4urho.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\intl.dll
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-ru9t7.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\crash.suo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-k0mrv.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\apploader.exe
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-f643v.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\wintohdd.ini
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\zh_tw\lc_messages\is-5hp77.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\zh_tw\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\zh_cn\lc_messages\is-ar76t.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\zh_cn\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\tr_tr\lc_messages\is-bs6gt.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\tr_tr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ru_ru\lc_messages\is-khoib.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ru_ru\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\pt_br\lc_messages\is-fo8em.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\pt_br\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\pl_pl\lc_messages\is-k39tq.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\pl_pl\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\nl_nl\lc_messages\is-emsof.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\nl_nl\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ko_kr\lc_messages\is-1gfe2.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ko_kr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ja_jp\lc_messages\is-mg02e.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ja_jp\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\it_it\lc_messages\is-i0875.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\it_it\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\hu_hu\lc_messages\is-d096u.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\hu_hu\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\fr_fr\lc_messages\is-pbteb.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\fr_fr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\es_es\lc_messages\is-uj90m.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\es_es\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\en_us\lc_messages\is-43rs6.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\en_us\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\el_gr\lc_messages\is-sf2ki.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\el_gr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-tmnvl.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\libcurl.dll
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-j739d.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\log.dll
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-51lff.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\ntfsformat.dll
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-0foo1.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\vhdoperationex.dll
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\zh_tw\lc_messages\is-tjg5a.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\zh_tw\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\zh_cn\lc_messages\is-0q3aa.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\zh_cn\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\tr_tr\lc_messages\is-ds1fp.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\tr_tr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ru_ru\lc_messages\is-q727h.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ru_ru\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\pt_br\lc_messages\is-ne8lt.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\pt_br\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\pl_pl\lc_messages\is-18ij1.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\pl_pl\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\nl_nl\lc_messages\is-ssuu4.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\nl_nl\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ko_kr\lc_messages\is-et4e6.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ko_kr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ja_jp\lc_messages\is-lomf2.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ja_jp\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\hu_hu\lc_messages\is-2iapj.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\hu_hu\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\it_it\lc_messages\is-0mudf.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\it_it\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\fr_fr\lc_messages\is-62dqm.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\fr_fr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\es_es\lc_messages\is-u3tiu.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\es_es\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\en_us\lc_messages\is-sap6r.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\en_us\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\el_gr\lc_messages\is-efjuf.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\el_gr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\de_de\lc_messages\is-vvpc8.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\de_de\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\bg_bg\lc_messages\is-vl87s.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\bg_bg\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ar_eg\lc_messages\is-0st0e.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ar_eg\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ar_eg\lc_messages\is-6o4d0.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\res\ar_eg\lc_messages\translated by.txt
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-bmqm5.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\wintohdd.exe
%ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\is-20are.tmp в %ProgramFiles%\hasleo\wintohdd\x64\wintohdd\bin\wintohdd.ini
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\de_de\lc_messages\is-hubuf.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\de_de\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\bg_bg\lc_messages\is-rogbn.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\bg_bg\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ar_eg\lc_messages\is-peca7.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ar_eg\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\ja_jp\lc_messages\is-n583g.tmp в %ProgramFiles%\hasleo\wintohdd\res\ja_jp\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\it_it\lc_messages\is-tiv3a.tmp в %ProgramFiles%\hasleo\wintohdd\res\it_it\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\hu_hu\lc_messages\is-oid7u.tmp в %ProgramFiles%\hasleo\wintohdd\res\hu_hu\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\fr_fr\lc_messages\is-7qb8g.tmp в %ProgramFiles%\hasleo\wintohdd\res\fr_fr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\es_es\lc_messages\is-6lq78.tmp в %ProgramFiles%\hasleo\wintohdd\res\es_es\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\en_us\lc_messages\is-e5j5f.tmp в %ProgramFiles%\hasleo\wintohdd\res\en_us\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\el_gr\lc_messages\is-mqlqi.tmp в %ProgramFiles%\hasleo\wintohdd\res\el_gr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\de_de\lc_messages\is-98f5k.tmp в %ProgramFiles%\hasleo\wintohdd\res\de_de\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\bg_bg\lc_messages\is-op343.tmp в %ProgramFiles%\hasleo\wintohdd\res\bg_bg\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\ar_eg\lc_messages\is-fsesk.tmp в %ProgramFiles%\hasleo\wintohdd\res\ar_eg\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\ar_eg\lc_messages\is-f9l1c.tmp в %ProgramFiles%\hasleo\wintohdd\res\ar_eg\lc_messages\translated by.txt
%ProgramFiles%\hasleo\wintohdd\bin\is-u93gc.tmp в %ProgramFiles%\hasleo\wintohdd\bin\wintohdd.exe
%ProgramFiles%\hasleo\wintohdd\bin\is-tjgd8.tmp в %ProgramFiles%\hasleo\wintohdd\bin\vhdoperationex.dll
%ProgramFiles%\hasleo\wintohdd\bin\is-br6j2.tmp в %ProgramFiles%\hasleo\wintohdd\bin\ntfsformat.dll
%ProgramFiles%\hasleo\wintohdd\bin\is-n70hm.tmp в %ProgramFiles%\hasleo\wintohdd\bin\log.dll
%ProgramFiles%\hasleo\wintohdd\bin\is-kehd2.tmp в %ProgramFiles%\hasleo\wintohdd\bin\libcurl.dll
%ProgramFiles%\hasleo\wintohdd\bin\is-ic29v.tmp в %ProgramFiles%\hasleo\wintohdd\bin\intl.dll
%ProgramFiles%\hasleo\wintohdd\bin\is-auon0.tmp в %ProgramFiles%\hasleo\wintohdd\bin\crash.suo
%ProgramFiles%\hasleo\wintohdd\bin\is-q89kl.tmp в %ProgramFiles%\hasleo\wintohdd\bin\apploader.exe
%ProgramFiles%\hasleo\wintohdd\res\ko_kr\lc_messages\is-kdboo.tmp в %ProgramFiles%\hasleo\wintohdd\res\ko_kr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\nl_nl\lc_messages\is-8hn88.tmp в %ProgramFiles%\hasleo\wintohdd\res\nl_nl\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\pl_pl\lc_messages\is-8vmfu.tmp в %ProgramFiles%\hasleo\wintohdd\res\pl_pl\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\pt_br\lc_messages\is-q0npj.tmp в %ProgramFiles%\hasleo\wintohdd\res\pt_br\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-nlitm.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\wintohdd.exe
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-qip9o.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\vhdoperationex.dll
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-a1oid.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\ntfsformat.dll
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-cp726.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\log.dll
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-9aiv6.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\libcurl.dll
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-s3f52.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\intl.dll
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\is-qi1a2.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\bin\apploader.exe
%ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\is-t1l6n.tmp в %ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\winpeshl.ini
%ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\is-9ufaa.tmp в %ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\winpeshl-usb.ini
%ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\is-c2iqe.tmp в %ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\unattend-x64.xml
%ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\is-fcnbs.tmp в %ProgramFiles%\hasleo\wintohdd\winpe\windows\system32\unattend.xml
%ProgramFiles%\hasleo\wintohdd\is-jiqjd.tmp в %ProgramFiles%\hasleo\wintohdd\unins000.dll
%ProgramFiles%\hasleo\wintohdd\bin\is-fc7q8.tmp в %ProgramFiles%\hasleo\wintohdd\bin\wintohdd.ini
%ProgramFiles%\hasleo\wintohdd\bin\is-tl3gf.tmp в %ProgramFiles%\hasleo\wintohdd\bin\license-enterprise.rtf
%ProgramFiles%\hasleo\wintohdd\bin\is-30f0o.tmp в %ProgramFiles%\hasleo\wintohdd\bin\license-professional.rtf
%ProgramFiles%\hasleo\wintohdd\bin\is-lufkf.tmp в %ProgramFiles%\hasleo\wintohdd\bin\license-free.rtf
%ProgramFiles%\hasleo\wintohdd\res\zh_tw\lc_messages\is-rviu8.tmp в %ProgramFiles%\hasleo\wintohdd\res\zh_tw\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\zh_cn\lc_messages\is-5c392.tmp в %ProgramFiles%\hasleo\wintohdd\res\zh_cn\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\tr_tr\lc_messages\is-n9ne9.tmp в %ProgramFiles%\hasleo\wintohdd\res\tr_tr\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\res\ru_ru\lc_messages\is-lovq5.tmp в %ProgramFiles%\hasleo\wintohdd\res\ru_ru\lc_messages\wintohdd.mo
%ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ar_eg\lc_messages\is-6f8ti.tmp в %ProgramFiles%\hasleo\wintohdd\x86\wintohdd\res\ar_eg\lc_messages\translated by.txt
%ProgramFiles%\hasleo\wintohdd\is-cda77.tmp в %ProgramFiles%\hasleo\wintohdd\wintohdd patcher.exe

Сетевая активность

Подключается к

'au######te.geo.opera.com':80
'au######te.geo.opera.com':443
'google.com':80
'se####.yahoo.com':80
'du###uckgo.com':443
'am##on.com':80
'bing.com':80
'am##on.com':443
'en.###ipedia.org':80
'se####.yahoo.com':443
'en.###ipedia.org':443

TCP

Запросы HTTP GET

http://au######te.geo.opera.com/geolocation/
http://www.google.com/favicon.ico
http://www.am##on.com/favicon.ico
http://se####.yahoo.com/favicon.ico
http://www.bing.com/s/a/bing_p.ico
http://en.###ipedia.org/favicon.ico

Другие

'au######te.geo.opera.com':443
'du###uckgo.com':443
'am##on.com':443
'se####.yahoo.com':443
'en.###ipedia.org':443

UDP

DNS ASK google.com
DNS ASK au######te.geo.opera.com
DNS ASK se####.yahoo.com
DNS ASK du###uckgo.com
DNS ASK am##on.com
DNS ASK bing.com
DNS ASK bi##.#ikimedia.org
DNS ASK en.###ipedia.org

Другое

Ищет следующие окна

ClassName: 'EDIT' WindowName: ''
ClassName: '' WindowName: ''
ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Opera Software\Opera Stable'

Создает и запускает на исполнение

'%TEMP%\rarsfx0\wintohdd_free.exe' /silent
'%TEMP%\is-v5dbi.tmp\wintohdd_free.tmp' /SL5="$1025A,9072300,131584,%TEMP%\RarSFX0\WinToHDD_Free.exe" /silent
'%TEMP%\rarsfx0\activator.exe' /TASKS="Enterprise" /VerySilent
'%TEMP%\is-e4tka.tmp\activator.tmp' /SL5="$2025A,446673,164352,%TEMP%\RarSFX0\Activator.exe" /TASKS="Enterprise" /VerySilent
'%ProgramFiles%\hasleo\wintohdd\wintohdd patcher.exe' /silent /nobackup

Запускает на исполнение

'%ProgramFiles(x86)%\opera\launcher.exe' -noautoupdate -- "http://www.easyuefi.com/wintohdd/thanks-install.html"
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.12.831865209\1923318882" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.11.1954426768\1151817969" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.10.87308431\735928495" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.9.1873366060\1925680480" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.8.426797696\1967622198" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.7.1477278154\243957300" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.6.207594668\1244875886" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' --type=utility --channel="1372.4.1660641907\534101724" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001 /crash-reporter-parent-id=356
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.5.991919038\1452892433" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.16.518044397\54956022" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.4.1660641907\534101724" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --disable-client-side-phishing-...
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1372.0.907607474\990014373" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="1016.0.1349047381\1600025614" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gp...
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- https://www.cybermania.ws/ /crash-reporter-parent-id=1016
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' -noautoupdate --ran-launcher -- https://www.cybermania.ws/
'%ProgramFiles(x86)%\opera\launcher.exe' -noautoupdate -- "https://www.cybermania.ws/"
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://www.easyuefi.com/wintohdd/thanks-install.html /crash-reporter-parent-id=1372
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' -noautoupdate --ran-launcher -- http://www.easyuefi.com/wintohdd/thanks-install.html
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --extension-process --enable-we...
'%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="1372.17.1216811854\15567853" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
'%WINDIR%\syswow64\taskkill.exe' /f /im WinToHDD.exe (со скрытым окном)

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней