Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'aMvaTatup.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '<Полный путь к вирусу>'
Вредоносные функции:
Для затруднения выявления своего присутствия в системе
блокирует:
- Средство контроля пользовательских учетных записей (UAC)
- Центр обеспечения безопасности (Security Center)
Изменяет следующие настройки браузера Windows Internet Explorer:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnZoneCrossing' = '00000000'
Изменения в файловой системе:
Создает следующие файлы:
- <DRIVERS>\BkmXm.dll
- <DRIVERS>\GFYVQ.exe
- <DRIVERS>\vSXWC.exe
- <DRIVERS>\RgMIaAWa.dll
- <DRIVERS>\wvnxd.dll
- <DRIVERS>\sqFxUb.dll
- %WINDIR%\LpxknAXGN.dll
- <DRIVERS>\inaCuBDqm.dll
- <DRIVERS>\OufcSpOMq.dll
- %WINDIR%\ExJnflUoP.exe
- %WINDIR%\Vihoc.dll
- <SYSTEM32>\rpqNRoDR.dll
- %WINDIR%\TyHul.dll
- <SYSTEM32>\iYjqpAgS.dll
- <DRIVERS>\eSFYlRaih.exe
- %WINDIR%\VoLpFy.dll
- %WINDIR%\WADrKp.dll
- %WINDIR%\SvGvlw.exe
- %WINDIR%\fphJnyH.exe
- <DRIVERS>\VekxVXTC.dll
- <SYSTEM32>\DuNiAV.dll
- %WINDIR%\JoToCGcw.exe
- %WINDIR%\OnVHpj.dll
- %WINDIR%\SLGCS.exe
- <DRIVERS>\FCFKmiNQ.dll
- <DRIVERS>\YXvRKuuD.dll
- <DRIVERS>\oAsmu.exe
- %WINDIR%\GWvSFHB.exe
- %WINDIR%\QWQIMuKk.dll
- <DRIVERS>\DyhqWSUO.dll
- <SYSTEM32>\NvjSXSugp.exe
- %WINDIR%\sfxAmhV.dll
- %WINDIR%\pAhBAxyP.exe
- <SYSTEM32>\XdgjTAoUd.dll
- <SYSTEM32>\PbXqWsf.exe
- %WINDIR%\IUnXuIeYw.exe
- <SYSTEM32>\CJqeCxsNb.dll
- <SYSTEM32>\fdAcCAc.dll
- <DRIVERS>\LCGPM.exe
- <SYSTEM32>\bwLGGimIn.dll
- %WINDIR%\vOLinq.exe
- <SYSTEM32>\TPoQdX.dll
- <DRIVERS>\wyVaQcUu.exe
- <DRIVERS>\uMgccvtIj.dll
- <SYSTEM32>\ymYfUnW.dll
- <DRIVERS>\mvliVeB.dll
- <DRIVERS>\Ogvsn.dll
- %WINDIR%\nDocSC.exe
- <DRIVERS>\mkjdD.dll
- <DRIVERS>\GhhvCA.dll
- <SYSTEM32>\mtMCtI.dll
- %WINDIR%\TivQSpS.exe
- <DRIVERS>\hBkVs.dll
- <SYSTEM32>\XQKpOJoY.dll
- %WINDIR%\YVptS.dll
- <SYSTEM32>\PPrrERf.dll
- <SYSTEM32>\WPKkAS.dll
- <DRIVERS>\GxpFTE.dll
- <SYSTEM32>\WKDlhVEH.exe
- %WINDIR%\qpyAuopjH.exe
- <DRIVERS>\ieaYhRO.dll
- <DRIVERS>\gOaYEHs.dll
- %WINDIR%\gxaphPp.exe
- <DRIVERS>\iOfsKmTu.dll
- <SYSTEM32>\VNflm.dll
- <DRIVERS>\JfbFjxt.exe
- %WINDIR%\aGeodg.exe
- <SYSTEM32>\MGCghCT.exe
- %WINDIR%\yXGrPvil.exe
- %WINDIR%\LpKrdusuY.dll
- <DRIVERS>\dpFBP.dll
- <SYSTEM32>\OhnnfrUyr.exe
- <DRIVERS>\ueGBH.dll
- <SYSTEM32>\TquOMXj.dll
- %WINDIR%\SwySNqIrP.exe
- <SYSTEM32>\iIehuHL.exe
- <SYSTEM32>\KJsaXGD.exe
- %WINDIR%\EuJMbxJ.exe
- <DRIVERS>\WiWWmGB.dll
- %WINDIR%\toMkmfJhf.exe
- <SYSTEM32>\TUAEAu.dll
- %WINDIR%\daaUL.dll
- <DRIVERS>\adLDkuq.dll
- <DRIVERS>\vjpvQXjnd.exe
- %WINDIR%\AKkbq.exe
- %WINDIR%\VyXuyWD.dll
- <DRIVERS>\DmnbT.dll
- <DRIVERS>\MvENeYvkq.dll
- <SYSTEM32>\UHnnkpr.dll
- %WINDIR%\PtmqKt.exe
- <DRIVERS>\XyFNS.dll
- <DRIVERS>\vYFJScyCc.exe
- %WINDIR%\uvdpY.dll
- <DRIVERS>\tNFEjgwmo.dll
- %WINDIR%\QOclhe.dll
- %WINDIR%\Qbngdv.exe
- <SYSTEM32>\SXEfTQo.dll
- <DRIVERS>\ejkGKfmE.dll
- %WINDIR%\VwSBvS.dll
- %WINDIR%\QAjYaSHy.dll
- <SYSTEM32>\TKswe.dll
- <DRIVERS>\TBCHvqYtP.dll
- <SYSTEM32>\WocNF.dll
- <DRIVERS>\KNaFpq.dll
- %WINDIR%\RaYot.dll
- <DRIVERS>\ELUdXduRL.exe
- <DRIVERS>\QBFLNc.dll
- <SYSTEM32>\igdujLU.dll
- <DRIVERS>\kTrYUHTy.dll
- %WINDIR%\epodfY.exe
- <SYSTEM32>\IyMTJUOsI.dll
- <SYSTEM32>\UDEHB.exe
- <SYSTEM32>\TONTtOGPA.dll
- <SYSTEM32>\Sbrklih.dll
- <DRIVERS>\yOEhUxjA.dll
- <DRIVERS>\UwUBpmpRH.exe
- <SYSTEM32>\xyYAicsFs.dll
- %WINDIR%\XbtAnvIBJ.dll
- %WINDIR%\XchgPpKfy.exe
- %WINDIR%\AwqgdpnBx.dll
- <DRIVERS>\BbfvsXal.dll
- <DRIVERS>\vexhVPBH.exe
- <DRIVERS>\TaiShg.dll
- <SYSTEM32>\sgxwbO.exe
- %WINDIR%\kXVVXeek.exe
- <SYSTEM32>\jFBFVFIbg.dll
- <DRIVERS>\udsaimuy.dll
- %WINDIR%\ndFjF.exe
- %WINDIR%\qSxmaBxc.exe
- %WINDIR%\tuinHyo.dll
- %WINDIR%\OIHEmf.dll
- %WINDIR%\AxyXessy.exe
- %WINDIR%\tRYSxMKs.dll
- %WINDIR%\GYYoCDEa.exe
- <DRIVERS>\vGVMw.dll
- <DRIVERS>\CMcGKrC.exe
- %WINDIR%\nclFXBoNQ.dll
- <DRIVERS>\UoEypIQ.dll
- %WINDIR%\StstuD.exe
- <SYSTEM32>\KGjneOR.dll
- <SYSTEM32>\EUiIchYNn.exe
- <SYSTEM32>\WfrIp.exe
- %WINDIR%\bVHUeUU.dll
- <SYSTEM32>\omYSBVGuq.dll
- <DRIVERS>\nJBUSevX.exe
- <SYSTEM32>\tGjfu.dll
- <DRIVERS>\LhyrkLG.exe
- %WINDIR%\gwJKDXiht.dll
- %WINDIR%\HnaOEqoPX.exe
- <SYSTEM32>\OEbQO.exe
- %WINDIR%\qFYOO.exe
- <SYSTEM32>\wHFbLVig.dll
- <SYSTEM32>\RuWJC.exe
- %WINDIR%\BVBWuAtr.dll
- %WINDIR%\OrlGGjM.dll
- <DRIVERS>\MHGVH.dll
- <SYSTEM32>\mNkon.exe
- %WINDIR%\GEqhVY.dll
- %WINDIR%\pgrnCx.dll
- %WINDIR%\PWMuMMdt.exe
- %WINDIR%\XONebS.exe
- <DRIVERS>\KRyETj.exe
- <DRIVERS>\hdkjp.dll
- <SYSTEM32>\PtqKY.dll
- %WINDIR%\NrlEp.dll
- <SYSTEM32>\ymciGaP.dll
- <SYSTEM32>\pVpToUkbX.dll
- <DRIVERS>\wpsCUI.dll
- %WINDIR%\EYlmm.exe
- %WINDIR%\ypiuvXGxI.exe
- <SYSTEM32>\fyGygu.dll
- <SYSTEM32>\HTNLVXJ.dll
- <DRIVERS>\pQIDcbxx.exe
- %WINDIR%\iBGupDb.exe
- %WINDIR%\vuuTqMm.dll
- <DRIVERS>\msNqyoCn.dll
- %WINDIR%\soswy.dll
- <SYSTEM32>\RfuySXMVQ.dll
- <DRIVERS>\ukXFh.dll
- <SYSTEM32>\fwvxiVECW.dll
- <SYSTEM32>\reCEGAuOv.dll
- <DRIVERS>\bwHslPeEr.exe
- <SYSTEM32>\JntgtHqy.exe
- <SYSTEM32>\SYWWCBh.dll
- %WINDIR%\WDKKlb.exe
- <SYSTEM32>\QNPEDtj.dll
- %WINDIR%\VVNcXcR.dll
- %WINDIR%\rsVvyM.exe
- %WINDIR%\PvFEW.exe
- <DRIVERS>\aBKCn.exe
- <DRIVERS>\BRRBL.dll
- <SYSTEM32>\JRRxTa.exe
- %WINDIR%\WCSboQ.dll
- %WINDIR%\WaudnEAJs.exe
- <SYSTEM32>\MOdkwAjY.dll
- <DRIVERS>\cdykkC.exe
- %WINDIR%\FlwErVRgB.dll
- %WINDIR%\tIjWKG.dll
- %WINDIR%\NKIGaEcJA.dll
- %WINDIR%\fYXNCoT.exe
- <DRIVERS>\nnHYKlY.exe
- <SYSTEM32>\SNhua.exe
- <DRIVERS>\UTuUg.exe
- %WINDIR%\IpUeFK.exe
- <DRIVERS>\yiOiiyMT.dll
- <SYSTEM32>\nqpHr.exe
- %WINDIR%\QCFBtSCB.exe
- <DRIVERS>\yhsoonhge.dll
- <SYSTEM32>\fGSStn.dll
- %WINDIR%\XaEisYPu.exe
- %WINDIR%\IKuMUFAN.dll
- <SYSTEM32>\EjGUuWj.dll
- %WINDIR%\NCMWN.dll
- <DRIVERS>\rtgWDFAYF.dll
- <SYSTEM32>\yykKMJ.dll
- %WINDIR%\WDgnnwBo.dll
- <SYSTEM32>\AkJOvxF.dll
- %WINDIR%\UFJRJn.dll
- <DRIVERS>\VqdjP.dll
- %WINDIR%\bpcCcvPH.dll
- <SYSTEM32>\mQEKxOQ.exe
- %WINDIR%\ppgMOMYTh.exe
- %WINDIR%\peBiJw.exe
- <DRIVERS>\jgFxDfDNg.exe
- <DRIVERS>\GdICMeGG.exe
- %WINDIR%\PkxadkjxY.dll
- <DRIVERS>\NBFCyWuiy.exe
- <SYSTEM32>\WwUOFsGF.exe
- <DRIVERS>\VIiShenP.exe
- <DRIVERS>\oWCNkVT.dll
- %WINDIR%\GcLfQxpjJ.exe
- <SYSTEM32>\pWhkB.exe
- <DRIVERS>\PvJofoO.exe
- %WINDIR%\qxvJa.dll
- <DRIVERS>\BOdOkIYh.dll
- <SYSTEM32>\UCxLpgu.dll
- <DRIVERS>\ExiqbHh.dll
- <SYSTEM32>\HJiwHKE.exe
- <DRIVERS>\csBmSByl.exe
- <DRIVERS>\NworIckaR.dll
- <DRIVERS>\iTVlMEkDN.exe
- <SYSTEM32>\jFbRFVWn.dll
- <DRIVERS>\KUPMnJHUx.exe
- <SYSTEM32>\eGvntbk.exe
- %WINDIR%\JIxMxXh.exe
- %WINDIR%\RpoQSkSyG.dll
- %WINDIR%\JdbYsmBmi.exe
- <DRIVERS>\MuyggxTQ.exe
- <SYSTEM32>\xBGTSSoo.exe
- %WINDIR%\XSPeQsyp.dll
- <DRIVERS>\tYiSH.exe
- %WINDIR%\wxslHiKD.dll
- %WINDIR%\URlbPCVEy.dll
- <DRIVERS>\kRQrmckWf.dll
- <SYSTEM32>\cbLhBPBWm.dll
- <DRIVERS>\VPEuEh.exe
- %WINDIR%\EqlXPTq.exe
- %WINDIR%\bDtvQB.exe
- <SYSTEM32>\FESBslE.exe
- %WINDIR%\bWXco.exe
- %WINDIR%\CSHGwgn.dll
- <DRIVERS>\gmOuJotN.exe
- <SYSTEM32>\oRlOGA.exe
- <SYSTEM32>\bNSSU.dll
- <SYSTEM32>\CUAjX.dll
- <DRIVERS>\GiTMx.exe
- <SYSTEM32>\bQtOMAObf.dll
- %WINDIR%\tJodSwuk.dll
- <SYSTEM32>\WmyjN.dll
- %WINDIR%\lQjNr.exe
- <SYSTEM32>\XEnesi.exe
- <DRIVERS>\eLwNitQ.exe
- %WINDIR%\hcfiUGX.exe
- <SYSTEM32>\oMfFYkor.exe
- %WINDIR%\IkhRCN.exe
- %WINDIR%\BASyrFLTV.dll
- <SYSTEM32>\kjQXOdBy.exe
- <DRIVERS>\xgldPKBaM.dll
- <DRIVERS>\PKRpYKFbF.exe
- <SYSTEM32>\UXWLKRveH.exe
- <SYSTEM32>\bXTohJUO.dll
- <SYSTEM32>\EVELKALJQ.dll
- <SYSTEM32>\DWNihhOw.dll
- <SYSTEM32>\wraIRlxkl.exe
- %WINDIR%\aDDafQb.exe
- %WINDIR%\okHWh.exe
- %WINDIR%\NOXfpyfKk.exe
- <DRIVERS>\joQrqLP.dll
- %WINDIR%\FfdXhG.exe
- <DRIVERS>\EeApdUpg.dll
- <DRIVERS>\JYTcAkb.exe
- %WINDIR%\FduSIkClY.exe
- <SYSTEM32>\rKPBcy.dll
- <DRIVERS>\EiGOISbW.dll
- <SYSTEM32>\cxaJwjQsj.exe
- %WINDIR%\joLKar.exe
- <DRIVERS>\gDTllOrSl.exe
- <DRIVERS>\iwnuRxuaH.exe
- <DRIVERS>\GRsmQtux.exe
- <DRIVERS>\oOenSaP.dll
- %WINDIR%\NoXGNy.exe
- <DRIVERS>\aKqnU.exe
- <SYSTEM32>\VwVLfWgpe.dll
- %WINDIR%\lOqpleOM.exe
- <SYSTEM32>\wTSHF.exe
- <SYSTEM32>\XHVpX.exe
- %WINDIR%\WmcFk.dll
- <DRIVERS>\nOlUO.dll
- <DRIVERS>\BECQqiHVG.exe
- <SYSTEM32>\wbrmPNbRV.dll
- <DRIVERS>\RhGfsVvBn.exe
- %WINDIR%\dqPgQX.exe
- <DRIVERS>\DDoFWDyx.exe
- %WINDIR%\YcjWpS.exe
- <DRIVERS>\MeWiaUSno.exe
- <SYSTEM32>\VTXBxdFmj.dll
- <SYSTEM32>\TBDEMIie.dll
- %WINDIR%\KSaXMeX.exe
- %WINDIR%\WPmgjHUc.exe
- %WINDIR%\TUiqrvcX.exe
- %WINDIR%\GFHtgd.dll
- <DRIVERS>\PQdxf.dll
- <SYSTEM32>\jthidjN.exe
- <DRIVERS>\OUMtLBuhf.dll
- <DRIVERS>\QatVhjtbY.dll
- <DRIVERS>\KSRBbsdgX.exe
- <DRIVERS>\AvTvEpWO.dll
- <DRIVERS>\xpvCRX.dll
- %WINDIR%\kSBKqrcM.dll
- <SYSTEM32>\cbvSUmT.dll
- <SYSTEM32>\kQJvVAxR.exe
- <DRIVERS>\IHyQe.dll
- <DRIVERS>\PmJlxV.exe
- <SYSTEM32>\CEHBMQQS.dll
- <SYSTEM32>\gGJnrS.exe
- <SYSTEM32>\VhHxgBG.dll
- <SYSTEM32>\gohbOoS.dll
- %WINDIR%\SAwHTobfH.dll
- %WINDIR%\HkCvnT.dll
- %WINDIR%\opVyxMN.dll
- %WINDIR%\YSuVEcQvK.exe
- <DRIVERS>\vLIOjsslH.dll
- <DRIVERS>\oRnLef.dll
- %WINDIR%\JuDhxPi.dll
- %WINDIR%\TLiTQd.dll
- <SYSTEM32>\WWpQuqJ.dll
- %WINDIR%\CJSWWmM.exe
- %WINDIR%\DheWwqkMl.dll
- <DRIVERS>\wrMKVYAcB.dll
- <DRIVERS>\BLurtFwp.dll
- <SYSTEM32>\DWXykQoW.dll
- <DRIVERS>\ecWihEC.dll
- <SYSTEM32>\gQJekO.dll
- <DRIVERS>\aRBlHoqRb.exe
- %WINDIR%\dWVbkhqK.dll
- %WINDIR%\KHNAWGu.exe
- <DRIVERS>\TckJJoiqN.exe
- <DRIVERS>\SYpEMmqyK.dll
- <SYSTEM32>\ApysS.dll
- <DRIVERS>\lqEVJQ.exe
- <SYSTEM32>\eTwJsr.exe
- <SYSTEM32>\bagsxv.dll
- <DRIVERS>\emQHdDGg.exe
- <SYSTEM32>\AhWpHDJ.exe
- <DRIVERS>\DMSXD.dll
- %WINDIR%\UeMxCJYQ.exe
- <SYSTEM32>\oAwqabtB.exe
- %WINDIR%\kFkGkFo.dll
- %WINDIR%\jxrXbINRp.dll
- <DRIVERS>\iFdHBcuWJ.dll
- <SYSTEM32>\FcqKkSrJi.exe
- %WINDIR%\dlsVPwNkv.dll
- <SYSTEM32>\TnPwMT.exe
- <SYSTEM32>\OMgMjsK.dll
- <SYSTEM32>\hFthb.exe
- <SYSTEM32>\urGwnhIb.exe
- <SYSTEM32>\etufgtM.exe
- %WINDIR%\FdLJR.exe
- <SYSTEM32>\KbhbR.exe
- <DRIVERS>\IHtOtDTw.dll
- %WINDIR%\ydQLp.dll
- %WINDIR%\WtMRttm.dll
- %WINDIR%\EAGmxXcOR.dll
- %WINDIR%\peJlkuExm.dll
- <SYSTEM32>\bpWduQ.exe
- <DRIVERS>\HXVBOeuj.exe
- <DRIVERS>\dFWjVuRvM.exe
- <DRIVERS>\uWhux.exe
- <DRIVERS>\fmIHyuAq.exe
- <SYSTEM32>\BdxJqxx.dll
- <SYSTEM32>\YpaeO.dll
- %WINDIR%\CeCteLomY.exe
- <DRIVERS>\EBTVmeD.dll
- <DRIVERS>\tuDwqYHQV.dll
- %WINDIR%\XbhmTsDQ.exe
- %WINDIR%\RClJVdd.dll
- <SYSTEM32>\UePPjFQMM.exe
- <SYSTEM32>\GwadO.exe
- %WINDIR%\CQRQb.exe
- <SYSTEM32>\xXqAHmJ.exe
- %WINDIR%\oeKVWYxh.dll
- <SYSTEM32>\EhwlrU.dll
- <SYSTEM32>\jqnOd.dll
- %WINDIR%\qAVBXw.dll
- %WINDIR%\EkrEFLlAk.exe
- %WINDIR%\BibwO.dll
- %WINDIR%\DKeCi.dll
- <SYSTEM32>\rdkoa.dll
- <DRIVERS>\MpvIRL.dll
- %WINDIR%\GCmlXe.dll
- <DRIVERS>\gjIPYwR.exe
- %WINDIR%\YTJnmA.exe
- <DRIVERS>\xCgBmJ.exe
- <SYSTEM32>\IFHCsWW.exe
- <DRIVERS>\itjPJn.dll
- <DRIVERS>\eyoOpRvsY.dll
- <DRIVERS>\HuFLXyftt.exe
- <DRIVERS>\lGIUtITv.dll
- <DRIVERS>\iDeABXYa.dll
- <SYSTEM32>\OviCNhNM.exe
- %WINDIR%\BcJBS.dll
- <SYSTEM32>\ltWByuQ.exe
- <SYSTEM32>\nukAmEtX.exe
- <SYSTEM32>\RoWFof.exe
- <DRIVERS>\yXyPm.dll
- %WINDIR%\RdrYmaP.exe
- <SYSTEM32>\kmRsWa.dll
- <SYSTEM32>\HLxUOOhm.dll
- %WINDIR%\YawFnGOrr.exe
- %WINDIR%\YcOAA.exe
- %WINDIR%\mqAVyjFR.exe
- <SYSTEM32>\ULvXOPnhe.exe
- %WINDIR%\gyFRGmBxW.dll
- <DRIVERS>\PSKoigWd.dll
- <DRIVERS>\MgUuxNd.exe
- %WINDIR%\USYta.exe
- <DRIVERS>\QLMMwCT.exe
- <DRIVERS>\aySSbuBt.exe
- <SYSTEM32>\GLEVsGd.dll
- <SYSTEM32>\gONjrfh.exe
- <DRIVERS>\DmLcabwa.dll
- %WINDIR%\mpsAjqua.dll
- <SYSTEM32>\SCkTg.exe
- %WINDIR%\VdERaejUe.exe
- %WINDIR%\vrvkvnmMK.dll
- <SYSTEM32>\uSObFbR.exe
- %WINDIR%\MMFObHlkV.dll
- <DRIVERS>\gWYut.dll
- <SYSTEM32>\lAFOy.exe
- %WINDIR%\aiQTUuLnv.dll
- %WINDIR%\rkgPCcmxR.exe
- <SYSTEM32>\dRoDjA.exe
- <DRIVERS>\tYQlU.exe
- <SYSTEM32>\WDnue.dll
- %WINDIR%\TWAKJX.dll
- <SYSTEM32>\ytwfnASiA.exe
- <SYSTEM32>\akNVX.dll
- %WINDIR%\pcNBxGT.dll
- <DRIVERS>\MHDffICEd.exe
- %WINDIR%\DJfTjIivF.exe
- <SYSTEM32>\sGltXL.dll
- %WINDIR%\TgphckD.dll
- <DRIVERS>\xLKrU.exe
- %WINDIR%\rMtGFRHV.dll
- %WINDIR%\UnpViwC.exe
- <DRIVERS>\DHAcdjYty.exe
- <DRIVERS>\qCPCQxMm.dll
- <SYSTEM32>\aMvaTatup.dll
- %TEMP%\HTMLayout.dll
- <SYSTEM32>\CnOgX.exe
- <DRIVERS>\gqmJwi.exe
- %WINDIR%\dDdpDWEG.exe
- %WINDIR%\AHYuxKnv.dll
- %WINDIR%\RsnyRcVA.exe
- <DRIVERS>\yPBYta.dll
- <DRIVERS>\GMpTFivD.dll
- <DRIVERS>\PchuM.exe
- <SYSTEM32>\Gaeev.exe
- <SYSTEM32>\nvXOsh.dll
- <SYSTEM32>\XpLDth.dll
- %WINDIR%\JiUdt.exe
- <SYSTEM32>\mIrsL.dll
- <DRIVERS>\bSljhP.dll
- <SYSTEM32>\iKbjbusG.dll
- %WINDIR%\ktQCE.dll
- <DRIVERS>\xxlVMPjW.dll
- <SYSTEM32>\NscNKSvhU.exe
- <SYSTEM32>\pjQyDS.dll
- <DRIVERS>\cCkBKs.exe
- <SYSTEM32>\tawglv.exe
- %WINDIR%\OOFoY.dll
- <DRIVERS>\LDmlErvvg.dll
- <SYSTEM32>\esiiuhqF.exe
- %WINDIR%\rtjMG.dll
- <SYSTEM32>\sBSvHLLKt.dll
- <DRIVERS>\ajLvitO.exe
- <SYSTEM32>\hngYtdv.exe
- <DRIVERS>\TOwpMqW.exe
- <SYSTEM32>\SReQhUifm.dll
- <DRIVERS>\NltoCKwqh.exe
- %WINDIR%\QNjFDJUY.dll
- %WINDIR%\YeThF.dll
- <SYSTEM32>\KhqnTG.dll
- <DRIVERS>\UeAIGVFG.dll
- <SYSTEM32>\UInKHW.dll
- <SYSTEM32>\oNcnUtXOj.dll
- <SYSTEM32>\erswYYm.exe
- %WINDIR%\FoHxHQM.dll
- <SYSTEM32>\MXLTiv.exe
- %WINDIR%\TUEgvfFq.exe
- <SYSTEM32>\JQKOEfBf.exe
- <SYSTEM32>\OeoSJSGMo.dll
- <DRIVERS>\OPJUol.exe
- <DRIVERS>\qojhk.exe
- %WINDIR%\qdWXKwYc.exe
- %WINDIR%\gbPVlm.exe
- <SYSTEM32>\CnXBHQ.dll
- %WINDIR%\ECoFXWG.dll
- %WINDIR%\rqNdcT.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\protection[1]
- <SYSTEM32>\IiThFAFhy.exe
- <DRIVERS>\CBpYAxpR.dll
- <DRIVERS>\OkfHehUj.dll
- <DRIVERS>\uGkuQrj.exe
- <SYSTEM32>\HtQfdj.dll
- <SYSTEM32>\bpmnqrr.dll
- <DRIVERS>\jXWipTGm.dll
- <SYSTEM32>\fRSssTtY.dll
- <SYSTEM32>\GXvwi.exe
- <SYSTEM32>\npKQURYQW.dll
- %WINDIR%\vlAFalXH.dll
- <SYSTEM32>\AtfTwL.exe
- %WINDIR%\QHmEJ.exe
- <SYSTEM32>\HtGXdn.dll
- <DRIVERS>\oOEhUayfs.exe
- <DRIVERS>\gvDGRVo.dll
- <DRIVERS>\wqsNKIoh.exe
- <SYSTEM32>\fTItgYB.dll
- %WINDIR%\msKQK.dll
- <SYSTEM32>\gKRNg.exe
- <SYSTEM32>\aRmON.exe
- <DRIVERS>\vxQKHyKP.exe
- <DRIVERS>\njmjbvW.exe
- <DRIVERS>\qyCLB.dll
- <DRIVERS>\REoWgtg.exe
- <DRIVERS>\AgvEg.exe
- <SYSTEM32>\pYuvUW.exe
- <SYSTEM32>\nJReWp.dll
- <SYSTEM32>\ftMioFgHw.exe
- <SYSTEM32>\wGnpeBqH.dll
- %WINDIR%\sAatTeNl.dll
- <SYSTEM32>\YrLCpLREE.dll
- <SYSTEM32>\kjKJMutA.exe
- <SYSTEM32>\tFcsOQ.exe
- <SYSTEM32>\MSgPeQ.exe
- %WINDIR%\lKNHh.exe
- <SYSTEM32>\VVarnBaku.dll
- <SYSTEM32>\bQYCW.exe
- <DRIVERS>\SyJQsmfv.exe
- %WINDIR%\fMAgO.dll
- <DRIVERS>\tGEXLgWKy.exe
- %WINDIR%\JujMvswjv.dll
- %WINDIR%\uTUhyLPO.exe
- <SYSTEM32>\qAbmfbpRW.dll
- %WINDIR%\iVBbr.exe
- %WINDIR%\dQssy.dll
- %WINDIR%\VIERWM.dll
- <SYSTEM32>\sniBHbIjB.exe
- <DRIVERS>\EiUEEXxR.exe
- %WINDIR%\InVyMmhy.exe
- %WINDIR%\UVRoo.dll
- <DRIVERS>\XRQpGDHt.dll
- <DRIVERS>\XHrgxtH.dll
- <SYSTEM32>\YKOATd.dll
- <SYSTEM32>\fETrhSuOB.dll
- %WINDIR%\wyAdsy.exe
- <DRIVERS>\jnxjBTkoO.exe
- <DRIVERS>\FuBWRrT.dll
- <DRIVERS>\pFlDKTTG.dll
- %WINDIR%\ChwLmuojG.dll
- <DRIVERS>\gbUYqr.exe
- <DRIVERS>\mxLKVN.exe
- %WINDIR%\IYbyB.dll
- <SYSTEM32>\sKTcs.dll
- <SYSTEM32>\HPVnMFpO.dll
- <DRIVERS>\pebmN.dll
- %WINDIR%\pnSGF.dll
- <DRIVERS>\aETyVstG.dll
- <DRIVERS>\INcUOP.dll
- <DRIVERS>\Crues.dll
- <DRIVERS>\qNLLtOeVw.dll
- %WINDIR%\VpimtfSc.dll
- <SYSTEM32>\SbRCMQgxS.exe
- <SYSTEM32>\VhfIOUKej.dll
- <DRIVERS>\mMANUqByO.exe
- <SYSTEM32>\FGDxQn.dll
- %WINDIR%\hhuaE.exe
- <DRIVERS>\tiYVpceD.dll
- <SYSTEM32>\XyaOFuag.dll
- <SYSTEM32>\IWkGd.exe
- <DRIVERS>\vUhwqr.dll
- %WINDIR%\mSyvdQB.dll
- <DRIVERS>\EJVQTxj.dll
- <DRIVERS>\nMjPicvYl.exe
- <SYSTEM32>\nAFiRoJCQ.dll
- <DRIVERS>\CNiPaNE.dll
- %WINDIR%\iFjXN.dll
- <DRIVERS>\fdpkHFT.dll
- %WINDIR%\NCnhefg.dll
- <SYSTEM32>\CjLfnunt.dll
- <DRIVERS>\OiaUmyXfe.dll
- %WINDIR%\NWrFLy.exe
- <DRIVERS>\niQfip.exe
- <SYSTEM32>\kirQT.dll
- %WINDIR%\eQjBaoSYm.exe
- <DRIVERS>\KUGOgVu.dll
- <SYSTEM32>\IUSRCpMf.dll
- %WINDIR%\UHglrYcrI.dll
- <DRIVERS>\htbgqWT.dll
- %WINDIR%\aNCCc.dll
- <SYSTEM32>\dQgIj.exe
- <DRIVERS>\XAruYtE.exe
- <DRIVERS>\gYEkJfWSX.dll
- <SYSTEM32>\ihkECJjon.dll
- <SYSTEM32>\vFRBuWRqP.dll
- <DRIVERS>\tbGgEP.dll
- <DRIVERS>\BiYske.exe
- %WINDIR%\FsmwGT.dll
- %WINDIR%\thXAgSq.exe
- %WINDIR%\CHGsnFJA.dll
- <DRIVERS>\EEAAv.dll
- <SYSTEM32>\vBYRFitY.exe
- <SYSTEM32>\EmkGsKYnt.dll
- %WINDIR%\rMtJcOX.dll
- %WINDIR%\kIaImsm.exe
- <DRIVERS>\JMSAsSo.dll
- %WINDIR%\CslOul.exe
- %WINDIR%\mxAfGaBtX.exe
- <SYSTEM32>\SSeHVQ.dll
- %WINDIR%\oHBnldvYj.dll
- <DRIVERS>\pWbEvkUyd.dll
- <SYSTEM32>\BpbyjE.dll
- <DRIVERS>\EoagRcSiv.dll
- %WINDIR%\JFanu.dll
- <SYSTEM32>\wYtyDJux.exe
- %WINDIR%\MIWIhF.dll
- %WINDIR%\sVDKbQLB.exe
- <SYSTEM32>\cPeQmr.dll
- <DRIVERS>\EdcAgcGF.dll
- <SYSTEM32>\FytHcD.exe
- <SYSTEM32>\LPedE.exe
- %WINDIR%\TQSseg.exe
- %WINDIR%\DBmVos.exe
- <DRIVERS>\dmFgYOCNS.exe
- %WINDIR%\LsTUBve.exe
- <SYSTEM32>\pxftRuXj.dll
- %WINDIR%\yyMtbfROh.dll
- <DRIVERS>\aHIXiviL.exe
- <SYSTEM32>\TtcOIopr.exe
- %WINDIR%\pafiY.exe
- %WINDIR%\aAdAO.dll
- <SYSTEM32>\McllREgD.dll
- <SYSTEM32>\yieWLpBGb.exe
- %WINDIR%\DwLQJRUC.dll
- <SYSTEM32>\tweWWnX.exe
- <DRIVERS>\fcJHsL.exe
- <DRIVERS>\dTITyraY.exe
- <SYSTEM32>\eIyeEeN.exe
- <DRIVERS>\KLIdfr.exe
- %WINDIR%\wSCwldk.exe
- %WINDIR%\KvJpmB.dll
- %WINDIR%\vXMPUtM.exe
- <DRIVERS>\FHGlM.dll
- <SYSTEM32>\fVDmXek.exe
- <SYSTEM32>\BvFQelYLe.exe
- %WINDIR%\hVUlrm.exe
- %WINDIR%\cxkqFg.dll
- <DRIVERS>\UoFVF.exe
- %WINDIR%\grXrACQ.dll
- %WINDIR%\QPlspH.dll
- %WINDIR%\rowNmaw.exe
- %WINDIR%\BOcfy.dll
- %WINDIR%\BXuIpXgRD.dll
- %WINDIR%\NetdrQy.dll
- %WINDIR%\QWVvGMP.dll
- <DRIVERS>\NOWSE.exe
- %WINDIR%\qRGui.exe
- <DRIVERS>\KMeXQfx.dll
- <DRIVERS>\AEkSAN.dll
- %WINDIR%\LvUrGD.dll
- %WINDIR%\CXhVeJWqU.dll
- %WINDIR%\hFptuOLdd.exe
- <SYSTEM32>\bTaImehsS.dll
- <DRIVERS>\phHMwQ.exe
- <DRIVERS>\lfPgpvaC.dll
- %WINDIR%\GALeBoR.dll
- <DRIVERS>\JtyJUxiXt.exe
- %WINDIR%\COwFYr.dll
- <SYSTEM32>\HsBPTu.exe
- <DRIVERS>\FsVBSkug.dll
- <DRIVERS>\YeyYo.exe
- <DRIVERS>\qhOGatAf.exe
- <DRIVERS>\QyYjXkVFK.exe
Сетевая активность:
Подключается к:
- 'localhost':1038
- 'www.pr###ctapc.com':80
TCP:
Запросы HTTP GET:
- www.pr###ctapc.com/protection/?i=##########################################################################################################
UDP:
- DNS ASK www.pr###ctapc.com
Другое:
Ищет следующие окна:
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
