Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
C:\System Volume Information\tracking.log.tmp
C:\System Volume Information\tracking.log
<SYSTEM32>\autorun.ini
<SYSTEM32>\system3_.exe
%WINDIR%\system3_.exe
Sets the 'hidden' attribute to the following files:
<Drive name for removable media>:\autorun.inf
<SYSTEM32>\autorun.ini
<SYSTEM32>\system3_.exe
Moves the following files:
from C:\System Volume Information\tracking.log.tmp to C:\System Volume Information\tracking.log
Network activity:
Connects to:
'h1.##pway.com':80
TCP:
HTTP GET requests:
h1.##pway.com/sdb00034/setting.ini
h1.##pway.com/sdb00033/setting.ini
h1.##pway.com/sdb00032/setting.ini
h1.##pway.com/sdb00037/setting.ini
h1.##pway.com/sdb00036/setting.ini
h1.##pway.com/sdb00035/setting.ini
h1.##pway.com/sdb00028/setting.ini
h1.##pway.com/sdb00027/setting.ini
h1.##pway.com/sdb00026/setting.ini
h1.##pway.com/sdb00031/setting.ini
h1.##pway.com/sdb00030/setting.ini
h1.##pway.com/sdb00029/setting.ini
h1.##pway.com/sdb00038/setting.ini
h1.##pway.com/sdb00047/setting.ini
h1.##pway.com/sdb00046/setting.ini
h1.##pway.com/sdb00045/setting.ini
h1.##pway.com/sdb00050/setting.ini
h1.##pway.com/sdb00049/setting.ini
h1.##pway.com/sdb00048/setting.ini
h1.##pway.com/sdb00041/setting.ini
h1.##pway.com/sdb00040/setting.ini
h1.##pway.com/sdb00039/setting.ini
h1.##pway.com/sdb00044/setting.ini
h1.##pway.com/sdb00043/setting.ini
h1.##pway.com/sdb00042/setting.ini
h1.##pway.com/sdb00025/setting.ini
h1.##pway.com/sdb00008/setting.ini
h1.##pway.com/sdb00007/setting.ini
h1.##pway.com/sdb00006/setting.ini
h1.##pway.com/sdb00011/setting.ini
h1.##pway.com/sdb00010/setting.ini
h1.##pway.com/sdb00009/setting.ini
h1.##pway.com/sdb00002/setting.ini
h1.##pway.com/sdb00001/setting.ini
h1.##pway.com/sdb00000/setting.ini
h1.##pway.com/sdb00005/setting.ini
h1.##pway.com/sdb00004/setting.ini
h1.##pway.com/sdb00003/setting.ini
h1.##pway.com/sdb00012/setting.ini
h1.##pway.com/sdb00021/setting.ini
h1.##pway.com/sdb00020/setting.ini
h1.##pway.com/sdb00019/setting.ini
h1.##pway.com/sdb00024/setting.ini
h1.##pway.com/sdb00023/setting.ini
h1.##pway.com/sdb00022/setting.ini
h1.##pway.com/sdb00015/setting.ini
h1.##pway.com/sdb00014/setting.ini
h1.##pway.com/sdb00013/setting.ini
h1.##pway.com/sdb00018/setting.ini
h1.##pway.com/sdb00017/setting.ini
h1.##pway.com/sdb00016/setting.ini
UDP:
DNS ASK h1.##pway.com
Miscellaneous:
Searches for the following windows:
ClassName: 'Indicator' WindowName: '(null)'
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni