Техническая информация
Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
- [HKCU\Software\Classes\uTorrent\shell\open\command] '' = '"%APPDATA%\uTorrent\uTorrent.exe" "%1" /SHELLASSOC'
- [HKCU\Software\Classes\Applications\uTorrent.exe\shell\open\command] '' = '"%APPDATA%\uTorrent\uTorrent.exe" "%1" /SHELLASSOC'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'ut' = '%APPDATA%\uTorrent\uTorrent.exe /MINIMIZED'
Вредоносные функции
Запускает на исполнение
- '%WINDIR%\syswow64\taskkill.exe' /f /im "uTorrent.exe"
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\rarsfx0\cybermania.url
- %TEMP%\rarsfx0\utorrent.exe
- %TEMP%\rarsfx0\pro.exe
- %TEMP%\nso462d.tmp\system.dll
- %TEMP%\nso462d.tmp\nsislog.txt
- %TEMP%\nso462d.tmp\bt_datachannel.dll
- %TEMP%\nso462d.tmp\utorrent.exe
- %APPDATA%\utorrent\bt_datachannel.dll
- %TEMP%\nso462d.tmp\nsisfirewall.dll
- %TEMP%\nso462d.tmp\inetc.dll
- %TEMP%\nso462d.tmp\utwin_install.log
- %TEMP%\utt5223.tmp
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-4226853953-3309226944-3078887307-1000\1f91d2d17ea675d4c2c3192e241743f9_8cf7b530-613e-439b-a8c5-ccfc0e745400
- %APPDATA%\utorrent\updates\3.6.0_46984.exe
- %APPDATA%\utorrent\updates.dat
- %APPDATA%\utorrent\settings.dat.new
- %APPDATA%\utorrent\utorrent.exe
- %APPDATA%\microsoft\windows\start menu\Вµtorrent.lnk
- %HOMEPATH%\desktop\Вµtorrent.lnk
- %APPDATA%\microsoft\internet explorer\quick launch\Вµtorrent.lnk
- %APPDATA%\utorrent\maindoc.ico
- %TEMP%\utt59a6.tmp
- %TEMP%\utt5e19.tmp
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-4226853953-3309226944-3078887307-1000\3ee9ac6db493fe79dd555232a81faa49_8cf7b530-613e-439b-a8c5-ccfc0e745400
- %LOCALAPPDATA%\microsoft\windows\inetcookies\deprecated.cookie
- %APPDATA%\utorrent\utorrent.lng
- %APPDATA%\utorrent\updates\3.6.0_46984\utorrentie.exe
- %LOCALAPPDATA%low\utorrent\utorrent_5092_00c79238_431867653
- %APPDATA%\utorrent\utorrent.ini
- %APPDATA%\utorrent\player\btinstall.txt
- %APPDATA%\utorrent\player\libvlc.dll
- %APPDATA%\utorrent\player\libvlccore.dll
- %APPDATA%\utorrent\player\plugins\3dnow\libmemcpy3dn_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_attachment_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_bd_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_ftp_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_http_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_imem_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_mms_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_rar_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_realrtsp_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_smb_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_tcp_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_udp_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libaccess_vdr_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libcdda_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libdshow_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libdtv_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libdvdnav_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libdvdread_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libfilesystem_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libidummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\liblibbluray_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\librtp_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libscreen_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libsdp_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libstream_filter_rar_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libvcd_plugin.dll
- %APPDATA%\utorrent\player\plugins\access\libzip_plugin.dll
- %APPDATA%\utorrent\player\plugins\access_output\libaccess_output_dummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\access_output\libaccess_output_file_plugin.dll
- %APPDATA%\utorrent\player\plugins\access_output\libaccess_output_http_plugin.dll
- %APPDATA%\utorrent\player\plugins\access_output\libaccess_output_livehttp_plugin.dll
- %APPDATA%\utorrent\player\plugins\access_output\libaccess_output_shout_plugin.dll
- %APPDATA%\utorrent\player\plugins\access_output\libaccess_output_udp_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\liba52tofloat32_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\liba52tospdif_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libaudiobargraph_a_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libaudio_format_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libchorus_flanger_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libcompressor_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libconverter_fixed_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libdtstofloat32_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libdtstospdif_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libequalizer_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libkaraoke_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libmono_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libmpgatofixed32_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libnormvol_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libparam_eq_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libsamplerate_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libscaletempo_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libspatializer_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libspeex_resampler_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_filter\libugly_resampler_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_mixer\libfixed32_mixer_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_mixer\libfloat32_mixer_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_output\libadummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_output\libamem_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_output\libaout_directx_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_output\libaout_file_plugin.dll
- %APPDATA%\utorrent\player\plugins\audio_output\libwaveout_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\liba52_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libaes3_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libaraw_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libavcodec_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libddummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libdmo_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libedummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libfaad_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libflac_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libkate_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\liblibass_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\liblibmpeg2_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libmpeg_audio_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libpng_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libquicktime_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\librawvideo_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libschroedinger_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libspeex_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libtheora_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libvorbis_plugin.dll
- %APPDATA%\utorrent\player\plugins\codec\libx264_plugin.dll
- %APPDATA%\utorrent\player\plugins\control\libdummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\control\libgestures_plugin.dll
- %APPDATA%\utorrent\player\plugins\control\libglobalhotkeys_plugin.dll
- %APPDATA%\utorrent\player\plugins\control\libhotkeys_plugin.dll
- %APPDATA%\utorrent\player\plugins\control\libnetsync_plugin.dll
- %APPDATA%\utorrent\player\plugins\control\libntservice_plugin.dll
- %APPDATA%\utorrent\player\plugins\control\liboldrc_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libaiff_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libasf_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libau_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libavi_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libdemuxdump_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libdemux_cdg_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libdemux_stl_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libdirac_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libes_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libflacsys_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libgme_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libh264_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libimage_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\liblive555_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libmjpeg_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libmkv_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libmod_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libmp4_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libmpc_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libmpgv_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libnsc_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libnsv_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libnuv_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libogg_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libplaylist_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libps_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libpva_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\librawaud_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\librawdv_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\librawvid_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libreal_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libsid_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libsmf_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libsubtitle_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libts_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libtta_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libty_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libvc1_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libvoc_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libwav_plugin.dll
- %APPDATA%\utorrent\player\plugins\demux\libxa_plugin.dll
- %APPDATA%\utorrent\player\plugins\gui\libqt4_plugin.dll
- %APPDATA%\utorrent\player\plugins\gui\libskins2_plugin.dll
- %APPDATA%\utorrent\player\plugins\lua\liblua_plugin.dll
- %APPDATA%\utorrent\player\plugins\meta_engine\libfolder_plugin.dll
- %APPDATA%\utorrent\player\plugins\meta_engine\libtaglib_plugin.dll
- %APPDATA%\utorrent\player\plugins\misc\libaudioscrobbler_plugin.dll
- %APPDATA%\utorrent\player\plugins\misc\libexport_plugin.dll
- %APPDATA%\utorrent\player\plugins\misc\libgnutls_plugin.dll
- %APPDATA%\utorrent\player\plugins\misc\liblogger_plugin.dll
- %APPDATA%\utorrent\player\plugins\misc\libmemcpy_plugin.dll
- %APPDATA%\utorrent\player\plugins\misc\libosd_parser_plugin.dll
- %APPDATA%\utorrent\player\plugins\misc\libstats_plugin.dll
- %APPDATA%\utorrent\player\plugins\misc\libxml_plugin.dll
- %APPDATA%\utorrent\player\plugins\mmx\libi420_rgb_mmx_plugin.dll
- %APPDATA%\utorrent\player\plugins\mmx\libi420_yuy2_mmx_plugin.dll
- %APPDATA%\utorrent\player\plugins\mmx\libi422_yuy2_mmx_plugin.dll
- %APPDATA%\utorrent\player\plugins\mmx\libmemcpymmx_plugin.dll
- %APPDATA%\utorrent\player\plugins\mmxext\libmemcpymmxext_plugin.dll
- %APPDATA%\utorrent\player\plugins\mux\libmux_avi_plugin.dll
- %APPDATA%\utorrent\player\plugins\mux\libmux_dummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\mux\libmux_mp4_plugin.dll
- %APPDATA%\utorrent\player\plugins\mux\libmux_mpjpeg_plugin.dll
- %APPDATA%\utorrent\player\plugins\mux\libmux_ogg_plugin.dll
- %APPDATA%\utorrent\player\plugins\mux\libmux_ps_plugin.dll
- %APPDATA%\utorrent\player\plugins\notify\libmsn_plugin.dll
- %APPDATA%\utorrent\player\plugins\packetizer\libpacketizer_copy_plugin.dll
- %APPDATA%\utorrent\player\plugins\packetizer\libpacketizer_dirac_plugin.dll
- %APPDATA%\utorrent\player\plugins\packetizer\libpacketizer_flac_plugin.dll
- %APPDATA%\utorrent\player\plugins\packetizer\libpacketizer_h264_plugin.dll
- %APPDATA%\utorrent\player\plugins\packetizer\libpacketizer_mlp_plugin.dll
- %APPDATA%\utorrent\player\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
- %APPDATA%\utorrent\player\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
- %APPDATA%\utorrent\player\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
- %APPDATA%\utorrent\player\plugins\plugins.dat
- %APPDATA%\utorrent\player\plugins\services_discovery\libmediadirs_plugin.dll
- %APPDATA%\utorrent\player\plugins\services_discovery\libpodcast_plugin.dll
- %APPDATA%\utorrent\player\plugins\services_discovery\libsap_plugin.dll
- %APPDATA%\utorrent\player\plugins\services_discovery\libupnp_plugin.dll
- %APPDATA%\utorrent\player\plugins\services_discovery\libwindrive_plugin.dll
- %APPDATA%\utorrent\player\plugins\sse2\libi420_rgb_sse2_plugin.dll
- %APPDATA%\utorrent\player\plugins\sse2\libi420_yuy2_sse2_plugin.dll
- %APPDATA%\utorrent\player\plugins\sse2\libi422_yuy2_sse2_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_filter\libstream_filter_httplive_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_filter\libstream_filter_record_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_autodel_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_bridge_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_delay_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_description_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_display_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_dummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_duplicate_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_es_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_gather_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_langfromtelx_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_raop_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_record_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_rtp_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_select_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_setid_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_smem_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_standard_plugin.dll
- %APPDATA%\utorrent\player\plugins\stream_out\libstream_out_transcode_plugin.dll
- %APPDATA%\utorrent\player\plugins\text_renderer\libfreetype_plugin.dll
- %APPDATA%\utorrent\player\plugins\text_renderer\libtdummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_chroma\libgrey_yuv_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_chroma\libi420_rgb_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_chroma\libi420_yuy2_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_chroma\libi422_i420_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_chroma\libi422_yuy2_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_chroma\librv32_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_chroma\libyuy2_i420_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_chroma\libyuy2_i422_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libadjust_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libalphamask_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libantiflicker_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libatmo_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libaudiobargraph_v_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libball_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libblendbench_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libblend_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libbluescreen_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libcanvas_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libchain_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libclone_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libcolorthres_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libcroppadd_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libdeinterlace_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\liberase_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libextract_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libgaussianblur_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libgradfun_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libgradient_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libgrain_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libinvert_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\liblogo_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libmagnify_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libmarq_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libmirror_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libmosaic_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libmotionblur_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libmotiondetect_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libosdmenu_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libpanoramix_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libposterize_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libpostproc_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libpsychedelic_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libpuzzle_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libremoteosd_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libripple_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\librotate_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\librss_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libscale_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libscene_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libsepia_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libsharpen_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libsubsdelay_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libswscale_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libtransform_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libwall_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libwave_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_filter\libyuvp_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libcaca_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libdirect2d_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libdirect3d_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libdirectx_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libdrawable_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libglwin32_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libvdummy_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libvmem_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libwingdi_plugin.dll
- %APPDATA%\utorrent\player\plugins\video_output\libyuv_plugin.dll
- %APPDATA%\utorrent\player\plugins\visualization\libgoom_plugin.dll
- %APPDATA%\utorrent\player\plugins\visualization\libprojectm_plugin.dll
- %APPDATA%\utorrent\player\plugins\visualization\libvisual_plugin.dll
- %APPDATA%\utorrent\virusguard\avxdisk.dll
- %APPDATA%\utorrent\virusguard\bdcore.dll
- %APPDATA%\utorrent\virusguard\bdupdateservicecom.dll
- %APPDATA%\utorrent\virusguard\bittorrentantivirus.exe
- %APPDATA%\utorrent\virusguard\btinstall.txt
- %APPDATA%\utorrent\virusguard\plugins\7zip.xmd
- %APPDATA%\utorrent\virusguard\plugins\access.xmd
- %APPDATA%\utorrent\virusguard\plugins\ace.xmd
- %APPDATA%\utorrent\virusguard\plugins\adsntfs.xmd
- %APPDATA%\utorrent\virusguard\plugins\aitok.cvd
- %APPDATA%\utorrent\virusguard\plugins\alz.xmd
- %APPDATA%\utorrent\virusguard\plugins\ar.xmd
- %APPDATA%\utorrent\virusguard\plugins\arc.xmd
- %APPDATA%\utorrent\virusguard\plugins\arj.xmd
- %APPDATA%\utorrent\virusguard\plugins\aspy_emu.cvd
- %APPDATA%\utorrent\virusguard\plugins\auto.cvd
- %APPDATA%\utorrent\virusguard\plugins\auto.xmd
- %APPDATA%\utorrent\virusguard\plugins\autoit.xmd
- %APPDATA%\utorrent\virusguard\plugins\avxdisk.xmd
- %APPDATA%\utorrent\virusguard\plugins\bach.xmd
- %APPDATA%\utorrent\virusguard\plugins\boot.xmd
- %APPDATA%\utorrent\virusguard\plugins\bzip2.xmd
- %APPDATA%\utorrent\virusguard\plugins\cab.xmd
- %APPDATA%\utorrent\virusguard\plugins\cevakrnl.cvd
- %APPDATA%\utorrent\virusguard\plugins\cevakrnl.ivd
- %APPDATA%\utorrent\virusguard\plugins\cevakrnl.xmd
- %APPDATA%\utorrent\virusguard\plugins\ceva_dll.cvd
- %APPDATA%\utorrent\virusguard\plugins\ceva_emu.cvd
- %APPDATA%\utorrent\virusguard\plugins\ceva_vfs.cvd
- %APPDATA%\utorrent\virusguard\plugins\ceva_vfs.ivd
- %APPDATA%\utorrent\virusguard\plugins\chm.xmd
- %APPDATA%\utorrent\virusguard\plugins\cookie.cvd
- %APPDATA%\utorrent\virusguard\plugins\cookie.xmd
- %APPDATA%\utorrent\virusguard\plugins\cpio.xmd
- %APPDATA%\utorrent\virusguard\plugins\cran.cvd
- %APPDATA%\utorrent\virusguard\plugins\cran.ivd
- %APPDATA%\utorrent\virusguard\plugins\dalvik.cvd
- %APPDATA%\utorrent\virusguard\plugins\dalvik.ivd
- %APPDATA%\utorrent\virusguard\plugins\dalvik.xmd
- %APPDATA%\utorrent\virusguard\plugins\dbx.xmd
- %APPDATA%\utorrent\virusguard\plugins\disp.xmd
- %APPDATA%\utorrent\virusguard\plugins\docfile.xmd
- %APPDATA%\utorrent\virusguard\plugins\dummyarch.xmd
- %APPDATA%\utorrent\virusguard\plugins\dummyscan.xmd
- %APPDATA%\utorrent\virusguard\plugins\epoc.xmd
- %APPDATA%\utorrent\virusguard\plugins\e_spyw.cvd
- %APPDATA%\utorrent\virusguard\plugins\e_spyw.ivd
- %APPDATA%\utorrent\virusguard\plugins\gvmscripts.cvd
- %APPDATA%\utorrent\virusguard\plugins\gzip.xmd
- %APPDATA%\utorrent\virusguard\plugins\ha.xmd
- %APPDATA%\utorrent\virusguard\plugins\hlp.xmd
- %APPDATA%\utorrent\virusguard\plugins\hpe.cvd
- %APPDATA%\utorrent\virusguard\plugins\hqx.xmd
- %APPDATA%\utorrent\virusguard\plugins\html.xmd
- %APPDATA%\utorrent\virusguard\plugins\imp.xmd
- %APPDATA%\utorrent\virusguard\plugins\inno.xmd
- %APPDATA%\utorrent\virusguard\plugins\instyler.xmd
- %APPDATA%\utorrent\virusguard\plugins\iso.xmd
- %APPDATA%\utorrent\virusguard\plugins\java.cvd
- %APPDATA%\utorrent\virusguard\plugins\java.xmd
- %APPDATA%\utorrent\virusguard\plugins\jpeg.xmd
- %APPDATA%\utorrent\virusguard\plugins\lha.xmd
- %APPDATA%\utorrent\virusguard\plugins\lnk.xmd
- %APPDATA%\utorrent\virusguard\plugins\mbox.xmd
- %APPDATA%\utorrent\virusguard\plugins\mbx.xmd
- %APPDATA%\utorrent\virusguard\plugins\mdx.xmd
- %APPDATA%\utorrent\virusguard\plugins\mdx_97.cvd
- %APPDATA%\utorrent\virusguard\plugins\mdx_97.ivd
- %APPDATA%\utorrent\virusguard\plugins\mdx_w95.cvd
- %APPDATA%\utorrent\virusguard\plugins\mdx_x95.cvd
- %APPDATA%\utorrent\virusguard\plugins\mdx_xf.cvd
- %APPDATA%\utorrent\virusguard\plugins\mime.xmd
- %APPDATA%\utorrent\virusguard\plugins\mobmalware.cvd
- %APPDATA%\utorrent\virusguard\plugins\mobmalware.xmd
- %APPDATA%\utorrent\virusguard\plugins\mso.xmd
- %APPDATA%\utorrent\virusguard\plugins\na.cvd
- %APPDATA%\utorrent\virusguard\plugins\nelf.cvd
- %APPDATA%\utorrent\virusguard\plugins\nelf.xmd
- %APPDATA%\utorrent\virusguard\plugins\nsis.xmd
- %APPDATA%\utorrent\virusguard\plugins\objd.xmd
- %APPDATA%\utorrent\virusguard\plugins\orice.rvd
- %APPDATA%\utorrent\virusguard\plugins\pdf.xmd
- %APPDATA%\utorrent\virusguard\plugins\proc.xmd
- %APPDATA%\utorrent\virusguard\plugins\pst.xmd
- %APPDATA%\utorrent\virusguard\plugins\rar.xmd
- %APPDATA%\utorrent\virusguard\plugins\regarch.cvd
- %APPDATA%\utorrent\virusguard\plugins\regarch.xmd
- %APPDATA%\utorrent\virusguard\plugins\regscan.cvd
- %APPDATA%\utorrent\virusguard\plugins\regscan.xmd
- %APPDATA%\utorrent\virusguard\plugins\rpm.xmd
- %APPDATA%\utorrent\virusguard\plugins\rtf.xmd
- %APPDATA%\utorrent\virusguard\plugins\rup.cvd
- %APPDATA%\utorrent\virusguard\plugins\rup.xmd
- %APPDATA%\utorrent\virusguard\plugins\sdx.cvd
- %APPDATA%\utorrent\virusguard\plugins\sdx.ivd
- %APPDATA%\utorrent\virusguard\plugins\sdx.xmd
- %APPDATA%\utorrent\virusguard\plugins\sfx.xmd
- %APPDATA%\utorrent\virusguard\plugins\swf.xmd
- %APPDATA%\utorrent\virusguard\plugins\tar.xmd
- %APPDATA%\utorrent\virusguard\plugins\td0.xmd
- %APPDATA%\utorrent\virusguard\plugins\thebat.xmd
- %APPDATA%\utorrent\virusguard\plugins\tnef.xmd
- %APPDATA%\utorrent\virusguard\plugins\uif.xmd
- %APPDATA%\utorrent\virusguard\plugins\unpack.cvd
- %APPDATA%\utorrent\virusguard\plugins\unpack.ivd
- %APPDATA%\utorrent\virusguard\plugins\unpack.xmd
- %APPDATA%\utorrent\virusguard\plugins\update.txt
- %APPDATA%\utorrent\virusguard\plugins\uudecode.xmd
- %APPDATA%\utorrent\virusguard\plugins\ve.cvd
- %APPDATA%\utorrent\virusguard\plugins\ve.ivd
- %APPDATA%\utorrent\virusguard\plugins\ve.xmd
- %APPDATA%\utorrent\virusguard\plugins\vedata.cvd
- %APPDATA%\utorrent\virusguard\plugins\viza.xmd
- %APPDATA%\utorrent\virusguard\plugins\wise.xmd
- %APPDATA%\utorrent\virusguard\plugins\xar.xmd
- %APPDATA%\utorrent\virusguard\plugins\xcookies.xmd
- %APPDATA%\utorrent\virusguard\plugins\xishield.xmd
- %APPDATA%\utorrent\virusguard\plugins\xlmrd.cvd
- %APPDATA%\utorrent\virusguard\plugins\xlmrd.ivd
- %APPDATA%\utorrent\virusguard\plugins\z.xmd
- %APPDATA%\utorrent\virusguard\plugins\zip.xmd
- %APPDATA%\utorrent\virusguard\plugins\zoo.xmd
- %APPDATA%\utorrent\virusguard\plugins.htm
- %APPDATA%\utorrent\virusguard\scan.dll
- %APPDATA%\utorrent\secur32.dll
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-695454be-5ac.pma
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-695454c1-604.pma
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000002
- %LOCALAPPDATA%\microsoft\edge\user data\default\000002.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\index
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_2
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_3
- %LOCALAPPDATA%\microsoft\edge\user data\default\cookies-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\cookies
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\index
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_2
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_3
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\reporting and nel-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\reporting and nel
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\e5c5c49b169373ef_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\f6b2e04d03c656dc_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000002
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000003
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000004
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000005
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000006
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\5610223cb6087d2f_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\9e5c59d5a0eec716_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\99a566994112de1e_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\f8deeab672257e1f_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\060a09b50906ca92_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\7f43a816b2242666_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\6019b090dc496db5_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\e3fff649ca5a5771_0
- %TEMP%\707f7187-a41a-4fe6-89f6-752cb7cd9c86.tmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\index-dir\temp-index
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000007
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\b376764a549a4580_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000008
- %LOCALAPPDATA%\microsoft\edge\user data\default\entityextraction\extractable_domains.pb
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\entityextraction\domains_config.json
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\manifest-000004
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\000004.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\shortcuts-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\shortcuts
- %LOCALAPPDATA%\microsoft\edge\user data\default\network action predictor-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\network action predictor
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\functional data-wal
- %LOCALAPPDATA%\microsoft\edge\user data\functional san data-wal
Удаляет файлы, которые сам же создал
- %TEMP%\utt5223.tmp
- %TEMP%\utt59a6.tmp
- %TEMP%\nso462d.tmp\bt_datachannel.dll
- %TEMP%\nso462d.tmp\inetc.dll
- %TEMP%\nso462d.tmp\nsisfirewall.dll
- %TEMP%\nso462d.tmp\system.dll
- %TEMP%\nso462d.tmp\utorrent.exe
- %TEMP%\nso462d.tmp\utwin_install.log
- %TEMP%\utt5e19.tmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-695454be-5ac.pma
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-695454c1-604.pma
- %TEMP%\edge_bits_1540_673798625\dde93974-5cbc-4ecc-898f-436e62207c34
Перемещает следующие файлы
- %APPDATA%\utorrent\settings.dat.new в %APPDATA%\utorrent\settings.dat
- %APPDATA%\utorrent\settings.dat в %APPDATA%\utorrent\settings.dat.old
- %LOCALAPPDATA%\microsoft\edge\user data\default\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\current
Изменяет следующие файлы
- %LOCALAPPDATA%\microsoft\edge\user data\last version
- %LOCALAPPDATA%\microsoft\edge\user data\default\sync data\leveldb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\site characteristics database\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\sync data\leveldb\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\web data-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\web data
- %LOCALAPPDATA%\microsoft\edge\user data\default\visited links
- %LOCALAPPDATA%\microsoft\edge\user data\default\history-journal
- %LOCALAPPDATA%\microsoft\tokenbroker\cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
- %LOCALAPPDATA%\microsoft\edge\user data\default\local storage\leveldb\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\history
- %LOCALAPPDATA%\microsoft\edge\user data\default\favicons-journal
- %LOCALAPPDATA%\microsoft\edge\user data\last browser
- %LOCALAPPDATA%\microsoft\edge\user data\default\favicons
- %TEMP%\.ses
Подменяет следующие файлы
- %APPDATA%\utorrent\settings.dat.new
- %APPDATA%\utorrent\settings.dat
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\BudgetDatabase\LOG
Сетевая активность
Подключается к
- 'i-####.####984.ut.bench.utorrent.com':80
- 'i-##.#####84.ut.bench.utorrent.com':80
- 'up####.utorrent.com':80
- 'go.microsoft.com':443
- 'msedge.sf.dl.delivery.mp.microsoft.com':443
- 'co####.edge.skype.com':443
- 'cy###mania.ws':443
- 'go#####agmanager.com':443
- 'dr#######bidk.cloudfront.net':443
- 'x.##2.us':80
- 'st####.##oudflareinsights.com':443
- 'st####e.ko-fi.com':443
- 'zb.###ikfangas.com':443
- 'x1.#.lencr.org':80
- 'gh####ethec.info':443
- 'ou#####tobeconsist.org':443
- 'to####iukzemydr.org':443
- 'fo####entsyshru.org':443
- 'cr#.####g2.amazontrust.com':80
- 'uk####ngwithea.com':443
- 'fa###ook.com':443
- 'accounts.google.com':443
- 'a###ytics.google.com':443
- 'st###.#.doubleclick.net':443
- 'go##le.ru':443
- 'a.###.#loudflare.com':443
TCP
Запросы HTTP GET
- http://up####.utorrent.com/installstats.php?cl###################################################################################################################################################...
- http://ut###ent.com/download/langpacks/dl.php?bu##################################################################
- http://le####.utorrent.com/scripts/dl.php?bu##################################################################
- http://x.##2.us/x.cer
- http://x1.#.lencr.org/
Запросы HTTP POST
- http://i-####.####984.ut.bench.utorrent.com/e?i=####
- http://i-##.#####84.ut.bench.utorrent.com/e?i=##
Другие
- 'go.microsoft.com':443
- 'ctldl.windowsupdate.com':443
- 'co####.edge.skype.com':443
- 'cy###mania.ws':443
- 'go#####agmanager.com':443
- 'dr#######bidk.cloudfront.net':443
- 'st####e.ko-fi.com':443
- 'zb.###ikfangas.com':443
- 'st####.##oudflareinsights.com':443
- 'gh####ethec.info':443
- 'to####iukzemydr.org':443
- 'ou#####tobeconsist.org':443
- 'cr#.####g2.amazontrust.com':443
- 'uk####ngwithea.com':443
- 'accounts.google.com':443
- 'fa###ook.com':443
- 'a###ytics.google.com':443
- 'st###.#.doubleclick.net':443
- 'go##le.ru':443
- 'a.###.#loudflare.com':443
UDP
- DNS ASK i-####.####984.ut.bench.utorrent.com
- DNS ASK ro####.bittorrent.com
- DNS ASK ro####.utorrent.com
- DNS ASK i-##.#####84.ut.bench.utorrent.com
- DNS ASK up####.utorrent.com
- DNS ASK ut###ent.com
- DNS ASK le####.utorrent.com
- DNS ASK ap##.#ittorrent.com
- DNS ASK go.microsoft.com
- DNS ASK msedge.sf.dl.delivery.mp.microsoft.com
- DNS ASK cy###mania.ws
- DNS ASK co####.edge.skype.com
- DNS ASK fo###.#oogleapis.com
- DNS ASK go#####agmanager.com
- DNS ASK dr#######bidk.cloudfront.net
- DNS ASK x.##2.us
- DNS ASK zb.###ikfangas.com
- DNS ASK st####e.ko-fi.com
- DNS ASK st####.##oudflareinsights.com
- DNS ASK x1.#.lencr.org
- DNS ASK ou#####tobeconsist.org
- DNS ASK to####iukzemydr.org
- DNS ASK gh####ethec.info
- DNS ASK fo####entsyshru.org
- DNS ASK cr#.####g2.amazontrust.com
- DNS ASK uk####ngwithea.com
- DNS ASK di##ord.gg
- DNS ASK t.#e
- DNS ASK yo##ube.com
- DNS ASK fa###ook.com
- DNS ASK accounts.google.com
- DNS ASK a###ytics.google.com
- DNS ASK st###.#.doubleclick.net
- DNS ASK go##le.ru
- DNS ASK a.###.#loudflare.com
- '<LOCALNET>..26.1':5351
- '23#.#55.255.250':1900
- 'ro####.bittorrent.com':6881
- 'ro####.utorrent.com':6881
- '19#.#7.78.124':1225
- '15#.#5.11.160':52490
- '18#.#11.132.153':12195
- '13#.#84.160.87':43711
- '12#.#56.68.63':9813
- '36.##1.181.247':6884
- '94.##4.60.232':6881
- '11#.#75.68.136':43745
- '39.#49.15.6':19473
- '18#.#.91.158':9216
- '12#.#33.34.146':6886
- '12#.#17.236.225':44884
- '21#.#.141.67':61496
- '20#.#.113.138':51413
- '18#.#87.78.20':11640
- '19#.#54.86.27':8999
- '67.##7.250.171':6881
- '11#.#99.163.124':7903
- '62.##6.4.170':58566
- '76.##.171.189':9010
- '90.##8.247.90':1952
- '11#.#17.245.202':38800
- '22#.#09.211.51':6884
- '16#.#56.101.134':55268
- '77.##.210.47':10163
- '1.##5.35.47':44608
- '23.#0.81.47':32681
- '34.##.215.101':6881
- '43.##0.149.123':32681
- '71.##8.1.135':27632
- '18#.38.87.7':42143
- '75.##0.158.38':6881
- '21#.#38.252.123':14371
- '89.##1.118.167':3787
- '95.##.146.128':18093
- '65.#1.79.85':49465
- '18#.#1.216.197':57808
- '37.##.95.198':57514
- '51.##.181.72':58007
- '10#.#40.3.18':15562
- '97.##3.193.119':32809
- '46.##.181.191':42135
- '19#.#2.2.244':53733
- '14#.#2.181.27':49001
- '12#.#9.90.212':40683
- '5.##.102.200':51523
- '24.##2.246.227':51413
- '19#.#54.172.179':22256
- '13#.#8.232.16':6880
Другое
Ищет следующие окна
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'ВµTorrent4823DF041B09' WindowName: ''
- ClassName: 'ВµTorrent4823DF041B0D' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Chrome_MessageWindow' WindowName: '%LOCALAPPDATA%\Microsoft\Edge\User Data'
Создает и запускает на исполнение
- '%TEMP%\rarsfx0\utorrent.exe' /S
- '%TEMP%\nso462d.tmp\utorrent.exe' /S
- '%APPDATA%\utorrent\utorrent.exe' /NOINSTALL /BRINGTOFRONT /S
- '%APPDATA%\utorrent\updates\3.6.0_46984\utorrentie.exe' uTorrent_5092_00C79238_431867653 еTorrent4823DF041B09 uTorrent ie unp
- '%TEMP%\rarsfx0\pro.exe'
Запускает на исполнение
- '%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe' --single-argument https://www.cybermania.ws/
- '%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe' --flag-switches-begin --flag-switches-end --do-not-de-elevate https://www.cybermania.ws/ (со скрытым окном)
- '%ProgramFiles(x86)%\microsoft\edge\application\89.0.774.68\identity_helper.exe' --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,7435655090811971834,9757430539674030082,131072 --lang=en-US --service-sandbox-type=none --mojo-p...
