Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe,'
Создает следующие сервисы:
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'ImagePath' = '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\vwYgEQEb] 'Start' = '00000002'
Заражает следующие исполняемые файлы:
- C:\Far2\Far.exe
Вредоносные функции:
Для затруднения выявления своего присутствия в системе
блокирует отображение:
- скрытых файлов
- расширений файлов
блокирует:
- Средство контроля пользовательских учетных записей (UAC)
Запускает на исполнение:
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c "<Текущая директория>\<Имя файла>"
- '%HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe'
- '%ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe'
- '%ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe'
Изменения в файловой системе:
Создает следующие файлы:
- %HOMEPATH%\gOEYMkgs\qEcM.exe
- %HOMEPATH%\gOEYMkgs\jYgc.exe
- %HOMEPATH%\gOEYMkgs\Dgow.exe
- %HOMEPATH%\gOEYMkgs\SwYK.exe
- %HOMEPATH%\gOEYMkgs\rUcO.exe
- %HOMEPATH%\gOEYMkgs\XEAI.exe
- %HOMEPATH%\gOEYMkgs\VIQw.exe
- %HOMEPATH%\gOEYMkgs\AAkU.exe
- %HOMEPATH%\gOEYMkgs\jcAo.exe
- %HOMEPATH%\gOEYMkgs\yQUa.exe
- %HOMEPATH%\gOEYMkgs\jUoU.exe
- %HOMEPATH%\gOEYMkgs\AsoO.exe
- %HOMEPATH%\gOEYMkgs\Zgsq.exe
- %HOMEPATH%\gOEYMkgs\BMoc.exe
- %HOMEPATH%\gOEYMkgs\cYYO.exe
- %HOMEPATH%\gOEYMkgs\UYMS.exe
- %HOMEPATH%\gOEYMkgs\JIoG.exe
- %HOMEPATH%\gOEYMkgs\jcMS.exe
- %HOMEPATH%\gOEYMkgs\HMMW.exe
- %HOMEPATH%\gOEYMkgs\rAYm.exe
- %HOMEPATH%\gOEYMkgs\XQwW.exe
- %HOMEPATH%\gOEYMkgs\kIwy.exe
- %HOMEPATH%\gOEYMkgs\dUcu.exe
- %HOMEPATH%\gOEYMkgs\iUMc.exe
- %HOMEPATH%\gOEYMkgs\gggw.exe
- %HOMEPATH%\gOEYMkgs\TgcU.exe
- %HOMEPATH%\gOEYMkgs\nMQg.exe
- %HOMEPATH%\gOEYMkgs\GwAQ.exe
- %HOMEPATH%\gOEYMkgs\xMcK.exe
- %HOMEPATH%\gOEYMkgs\OIAi.exe
- %HOMEPATH%\gOEYMkgs\WQIg.exe
- %HOMEPATH%\gOEYMkgs\PcoU.exe
- %HOMEPATH%\gOEYMkgs\PkQU.exe
- %HOMEPATH%\gOEYMkgs\NMcs.exe
- %HOMEPATH%\gOEYMkgs\tksu.exe
- %HOMEPATH%\gOEYMkgs\aEYm.exe
- %HOMEPATH%\gOEYMkgs\NMEK.exe
- %HOMEPATH%\gOEYMkgs\tskK.exe
- %HOMEPATH%\gOEYMkgs\bYgY.exe
- %HOMEPATH%\gOEYMkgs\EQIS.exe
- %HOMEPATH%\gOEYMkgs\LUAi.exe
- %HOMEPATH%\gOEYMkgs\fUMs.exe
- %HOMEPATH%\gOEYMkgs\PosU.exe
- %HOMEPATH%\gOEYMkgs\gMQe.exe
- %HOMEPATH%\gOEYMkgs\VUAu.exe
- %HOMEPATH%\gOEYMkgs\BIMY.exe
- %HOMEPATH%\gOEYMkgs\KYEO.exe
- %HOMEPATH%\gOEYMkgs\NAsa.exe
- %HOMEPATH%\gOEYMkgs\xcQQ.exe
- %HOMEPATH%\gOEYMkgs\xYoI.exe
- %HOMEPATH%\gOEYMkgs\zUYY.exe
- %HOMEPATH%\gOEYMkgs\yowy.exe
- %HOMEPATH%\gOEYMkgs\ykQm.exe
- %HOMEPATH%\gOEYMkgs\CsEq.exe
- %HOMEPATH%\gOEYMkgs\DEcA.exe
- %HOMEPATH%\gOEYMkgs\rAgy.exe
- %HOMEPATH%\gOEYMkgs\zEQC.exe
- %HOMEPATH%\gOEYMkgs\hAUo.exe
- %HOMEPATH%\gOEYMkgs\jcIs.exe
- %HOMEPATH%\gOEYMkgs\lQoK.exe
- %HOMEPATH%\gOEYMkgs\eQoS.exe
- %HOMEPATH%\gOEYMkgs\KwMk.exe
- %HOMEPATH%\gOEYMkgs\rYAC.exe
- %HOMEPATH%\gOEYMkgs\Mcgm.exe
- %HOMEPATH%\gOEYMkgs\qsce.exe
- %HOMEPATH%\gOEYMkgs\EMgs.exe
- %HOMEPATH%\gOEYMkgs\FAYS.exe
- %HOMEPATH%\gOEYMkgs\tEgE.exe
- %HOMEPATH%\gOEYMkgs\ecMU.exe
- %HOMEPATH%\gOEYMkgs\Tgsg.exe
- %HOMEPATH%\gOEYMkgs\mgUm.exe
- %HOMEPATH%\gOEYMkgs\MoEW.exe
- %HOMEPATH%\gOEYMkgs\lkwk.exe
- %HOMEPATH%\gOEYMkgs\KYws.exe
- %HOMEPATH%\gOEYMkgs\wsIA.exe
- %HOMEPATH%\gOEYMkgs\OAsi.exe
- %HOMEPATH%\gOEYMkgs\bgkC.exe
- %HOMEPATH%\gOEYMkgs\uQcK.exe
- %HOMEPATH%\gOEYMkgs\vQAI.exe
- %HOMEPATH%\gOEYMkgs\HEcQ.exe
- %TEMP%\WERde71.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WERde71.dir00\manifest.txt
- %TEMP%\WERde71.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\mQAe.exe
- %HOMEPATH%\gOEYMkgs\BgEG.exe
- %HOMEPATH%\gOEYMkgs\hYkY.exe
- %HOMEPATH%\gOEYMkgs\yUgy.exe
- %HOMEPATH%\gOEYMkgs\CAkw.exe
- %HOMEPATH%\gOEYMkgs\koIA.exe
- %TEMP%\WERde71.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\pcAW.exe
- %HOMEPATH%\gOEYMkgs\fskS.exe
- %HOMEPATH%\gOEYMkgs\qAMK.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
- <Текущая директория>\<Имя файла>
- %HOMEPATH%\gOEYMkgs\ZMoq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
- %HOMEPATH%\gOEYMkgs\tUkC.exe
- %HOMEPATH%\gOEYMkgs\hAAS.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
- %HOMEPATH%\gOEYMkgs\SUcO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
- %TEMP%\WERefa9.dir00\ZgMYMIIE.exe.hdmp
- %HOMEPATH%\gOEYMkgs\uYcI.exe
- %TEMP%\WERefa9.dir00\appcompat.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
- %HOMEPATH%\gOEYMkgs\dIwQ.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
- %HOMEPATH%\gOEYMkgs\JEou.exe
- %HOMEPATH%\gOEYMkgs\PYQO.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
- %TEMP%\WERefa9.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER77e4.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER77e4.dir00\ZgMYMIIE.exe.mdmp
- %TEMP%\WER77e4.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\LgYQ.exe
- %TEMP%\WER77e4.dir00\manifest.txt
- %ALLUSERSPROFILE%\caQc.txt
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ
- %HOMEPATH%\gOEYMkgs\SSIkQYgQ.exe
- %ALLUSERSPROFILE%\tuIMYcEM\ZgMYMIIE.exe
- %ALLUSERSPROFILE%\WuIEgAsU\lacMcYws.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
- %HOMEPATH%\gOEYMkgs\pIUq.exe
- %HOMEPATH%\gOEYMkgs\cUkI.exe
- %HOMEPATH%\gOEYMkgs\MwoA.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
- %HOMEPATH%\gOEYMkgs\UAIu.exe
- %HOMEPATH%\gOEYMkgs\NkIa.exe
- %HOMEPATH%\gOEYMkgs\xMAC.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Winter.jpg.exe
- %HOMEPATH%\gOEYMkgs\JcgM.exe
- %HOMEPATH%\gOEYMkgs\YgEg.exe
- %TEMP%\WER5abf.dir00\ZgMYMIIE.exe.hdmp
- %TEMP%\WER5abf.dir00\ZgMYMIIE.exe.mdmp
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe
- %HOMEPATH%\gOEYMkgs\pwEo.exe
- %HOMEPATH%\gOEYMkgs\TQgS.exe
- %HOMEPATH%\gOEYMkgs\ncko.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe
- %HOMEPATH%\gOEYMkgs\lskY.exe
- %HOMEPATH%\gOEYMkgs\bgIc.exe
- %HOMEPATH%\gOEYMkgs\Asks.exe
- %HOMEPATH%\gOEYMkgs\okMm.exe
- %HOMEPATH%\gOEYMkgs\vcMW.exe
- %HOMEPATH%\gOEYMkgs\MUQS.exe
- %HOMEPATH%\gOEYMkgs\TIgO.exe
- %TEMP%\WER5abf.dir00\appcompat.txt
- %HOMEPATH%\gOEYMkgs\GIgu.exe
- %TEMP%\WER5abf.dir00\manifest.txt
- %HOMEPATH%\gOEYMkgs\NEcC.exe
- %HOMEPATH%\gOEYMkgs\cYoo.exe
- %HOMEPATH%\gOEYMkgs\xsoW.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
- %HOMEPATH%\gOEYMkgs\WwUA.exe
- %HOMEPATH%\gOEYMkgs\OUMy.exe
- %HOMEPATH%\gOEYMkgs\Wscu.exe
- %TEMP%\WERefa9.dir00\manifest.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
- %HOMEPATH%\gOEYMkgs\qgwM.exe
- %HOMEPATH%\gOEYMkgs\aMQE.exe
- %HOMEPATH%\gOEYMkgs\Rwso.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\%USERNAME%.bmp.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe
- %HOMEPATH%\gOEYMkgs\ssww.exe
- %HOMEPATH%\gOEYMkgs\NYEs.exe
- %HOMEPATH%\gOEYMkgs\NIkq.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
- %HOMEPATH%\gOEYMkgs\ZEIq.exe
Удаляет следующие файлы:
- %HOMEPATH%\gOEYMkgs\JIoG.exe
- %HOMEPATH%\gOEYMkgs\cYYO.exe
- %HOMEPATH%\gOEYMkgs\bgkC.exe
- %HOMEPATH%\gOEYMkgs\UYMS.exe
- %HOMEPATH%\gOEYMkgs\jcMS.exe
- %HOMEPATH%\gOEYMkgs\kIwy.exe
- %HOMEPATH%\gOEYMkgs\Zgsq.exe
- %HOMEPATH%\gOEYMkgs\BMoc.exe
- %HOMEPATH%\gOEYMkgs\mgUm.exe
- %HOMEPATH%\gOEYMkgs\wsIA.exe
- %HOMEPATH%\gOEYMkgs\MoEW.exe
- %HOMEPATH%\gOEYMkgs\Tgsg.exe
- %HOMEPATH%\gOEYMkgs\uQcK.exe
- %HOMEPATH%\gOEYMkgs\OAsi.exe
- %HOMEPATH%\gOEYMkgs\vQAI.exe
- %HOMEPATH%\gOEYMkgs\HEcQ.exe
- %HOMEPATH%\gOEYMkgs\XEAI.exe
- %HOMEPATH%\gOEYMkgs\yQUa.exe
- %HOMEPATH%\gOEYMkgs\qEcM.exe
- %HOMEPATH%\gOEYMkgs\jYgc.exe
- %HOMEPATH%\gOEYMkgs\VIQw.exe
- %HOMEPATH%\gOEYMkgs\AAkU.exe
- %HOMEPATH%\gOEYMkgs\jUoU.exe
- %HOMEPATH%\gOEYMkgs\jcAo.exe
- %HOMEPATH%\gOEYMkgs\HMMW.exe
- %HOMEPATH%\gOEYMkgs\rAYm.exe
- %HOMEPATH%\gOEYMkgs\dUcu.exe
- %HOMEPATH%\gOEYMkgs\XQwW.exe
- %HOMEPATH%\gOEYMkgs\rUcO.exe
- %HOMEPATH%\gOEYMkgs\Dgow.exe
- %HOMEPATH%\gOEYMkgs\AsoO.exe
- %HOMEPATH%\gOEYMkgs\SwYK.exe
- %HOMEPATH%\gOEYMkgs\KYws.exe
- %HOMEPATH%\gOEYMkgs\EMgs.exe
- %HOMEPATH%\gOEYMkgs\hAUo.exe
- %HOMEPATH%\gOEYMkgs\FAYS.exe
- %HOMEPATH%\gOEYMkgs\qsce.exe
- %HOMEPATH%\gOEYMkgs\xcQQ.exe
- %HOMEPATH%\gOEYMkgs\KYEO.exe
- %HOMEPATH%\gOEYMkgs\xYoI.exe
- %HOMEPATH%\gOEYMkgs\zUYY.exe
- %HOMEPATH%\gOEYMkgs\eQoS.exe
- %HOMEPATH%\gOEYMkgs\jcIs.exe
- %HOMEPATH%\gOEYMkgs\KwMk.exe
- %HOMEPATH%\gOEYMkgs\rYAC.exe
- %HOMEPATH%\gOEYMkgs\tEgE.exe
- %HOMEPATH%\gOEYMkgs\ecMU.exe
- %HOMEPATH%\gOEYMkgs\lQoK.exe
- %HOMEPATH%\gOEYMkgs\Mcgm.exe
- %HOMEPATH%\gOEYMkgs\yUgy.exe
- %HOMEPATH%\gOEYMkgs\pcAW.exe
- %HOMEPATH%\gOEYMkgs\hYkY.exe
- %HOMEPATH%\gOEYMkgs\mQAe.exe
- %HOMEPATH%\gOEYMkgs\koIA.exe
- %HOMEPATH%\gOEYMkgs\lkwk.exe
- %HOMEPATH%\gOEYMkgs\fskS.exe
- %HOMEPATH%\gOEYMkgs\CAkw.exe
- %HOMEPATH%\gOEYMkgs\rAgy.exe
- %HOMEPATH%\gOEYMkgs\zEQC.exe
- %HOMEPATH%\gOEYMkgs\NAsa.exe
- %HOMEPATH%\gOEYMkgs\yowy.exe
- %HOMEPATH%\gOEYMkgs\CsEq.exe
- %HOMEPATH%\gOEYMkgs\BgEG.exe
- %HOMEPATH%\gOEYMkgs\DEcA.exe
- %HOMEPATH%\gOEYMkgs\ykQm.exe
- %HOMEPATH%\gOEYMkgs\bYgY.exe
- %HOMEPATH%\gOEYMkgs\WwUA.exe
- %HOMEPATH%\gOEYMkgs\xsoW.exe
- %HOMEPATH%\gOEYMkgs\NIkq.exe
- %HOMEPATH%\gOEYMkgs\aMQE.exe
- %HOMEPATH%\gOEYMkgs\Wscu.exe
- %HOMEPATH%\gOEYMkgs\uYcI.exe
- %HOMEPATH%\gOEYMkgs\OUMy.exe
- %HOMEPATH%\gOEYMkgs\qgwM.exe
- %HOMEPATH%\gOEYMkgs\TQgS.exe
- %HOMEPATH%\gOEYMkgs\pwEo.exe
- %HOMEPATH%\gOEYMkgs\JcgM.exe
- %HOMEPATH%\gOEYMkgs\ncko.exe
- %HOMEPATH%\gOEYMkgs\NYEs.exe
- %HOMEPATH%\gOEYMkgs\ZEIq.exe
- %HOMEPATH%\gOEYMkgs\ssww.exe
- %HOMEPATH%\gOEYMkgs\Rwso.exe
- %HOMEPATH%\gOEYMkgs\cUkI.exe
- %HOMEPATH%\gOEYMkgs\pIUq.exe
- %HOMEPATH%\gOEYMkgs\hAAS.exe
- %HOMEPATH%\gOEYMkgs\MwoA.exe
- %HOMEPATH%\gOEYMkgs\UAIu.exe
- %HOMEPATH%\gOEYMkgs\LgYQ.exe
- %HOMEPATH%\gOEYMkgs\xMAC.exe
- %HOMEPATH%\gOEYMkgs\NkIa.exe
- %HOMEPATH%\gOEYMkgs\JEou.exe
- %HOMEPATH%\gOEYMkgs\ZMoq.exe
- %HOMEPATH%\gOEYMkgs\dIwQ.exe
- %HOMEPATH%\gOEYMkgs\PYQO.exe
- %HOMEPATH%\gOEYMkgs\tUkC.exe
- %HOMEPATH%\gOEYMkgs\SUcO.exe
- %TEMP%\UiEcwksw.bat
- %HOMEPATH%\gOEYMkgs\qAMK.exe
- %HOMEPATH%\gOEYMkgs\YgEg.exe
- %HOMEPATH%\gOEYMkgs\tksu.exe
- %HOMEPATH%\gOEYMkgs\nMQg.exe
- %HOMEPATH%\gOEYMkgs\fUMs.exe
- %HOMEPATH%\gOEYMkgs\PosU.exe
- %HOMEPATH%\gOEYMkgs\iUMc.exe
- %HOMEPATH%\gOEYMkgs\gggw.exe
- %HOMEPATH%\gOEYMkgs\GwAQ.exe
- %HOMEPATH%\gOEYMkgs\TgcU.exe
- %HOMEPATH%\gOEYMkgs\aEYm.exe
- %HOMEPATH%\gOEYMkgs\NMEK.exe
- %HOMEPATH%\gOEYMkgs\EQIS.exe
- %HOMEPATH%\gOEYMkgs\tskK.exe
- %HOMEPATH%\gOEYMkgs\BIMY.exe
- %HOMEPATH%\gOEYMkgs\gMQe.exe
- %HOMEPATH%\gOEYMkgs\LUAi.exe
- %HOMEPATH%\gOEYMkgs\VUAu.exe
- %HOMEPATH%\gOEYMkgs\Asks.exe
- %HOMEPATH%\gOEYMkgs\TIgO.exe
- %HOMEPATH%\gOEYMkgs\okMm.exe
- %HOMEPATH%\gOEYMkgs\bgIc.exe
- %HOMEPATH%\gOEYMkgs\GIgu.exe
- %HOMEPATH%\gOEYMkgs\lskY.exe
- %HOMEPATH%\gOEYMkgs\NEcC.exe
- %HOMEPATH%\gOEYMkgs\cYoo.exe
- %HOMEPATH%\gOEYMkgs\NMcs.exe
- %HOMEPATH%\gOEYMkgs\PcoU.exe
- %HOMEPATH%\gOEYMkgs\xMcK.exe
- %HOMEPATH%\gOEYMkgs\PkQU.exe
- %HOMEPATH%\gOEYMkgs\vcMW.exe
- %HOMEPATH%\gOEYMkgs\MUQS.exe
- %HOMEPATH%\gOEYMkgs\OIAi.exe
- %HOMEPATH%\gOEYMkgs\WQIg.exe
Самоудаляется.
Сетевая активность:
Подключается к:
- '74.##5.232.51':80
TCP:
Запросы HTTP GET:
- http://google.com/ via 74.##5.232.51
- http:/// via 74.##5.232.51
UDP:
- DNS ASK google.com
Другое:
Ищет следующие окна:
- ClassName: '' WindowName: 'SSIkQYgQ.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: 'lacMcYws.exe'
