Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'aClcxFNjY.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '<Полный путь к вирусу>'
Вредоносные функции:
Для затруднения выявления своего присутствия в системе
блокирует:
- Средство контроля пользовательских учетных записей (UAC)
Изменения в файловой системе:
Создает следующие файлы:
- <DRIVERS>\NlECFs.exe
- <DRIVERS>\IHdoBCL.dll
- %WINDIR%\gHCyXAwtO.dll
- <SYSTEM32>\hjMHi.dll
- %WINDIR%\bfvSTdv.exe
- %WINDIR%\KnySxCd.exe
- <SYSTEM32>\nSQjJO.dll
- <SYSTEM32>\QtFtEc.dll
- <DRIVERS>\laTJKeh.exe
- <SYSTEM32>\noJsn.dll
- %WINDIR%\LeBBYW.exe
- <DRIVERS>\NLeRW.exe
- <SYSTEM32>\UndBNKMs.dll
- %WINDIR%\sqrRPY.dll
- <SYSTEM32>\enPbylwO.dll
- <SYSTEM32>\FgQLwYH.exe
- <SYSTEM32>\FqqSooyDW.exe
- <SYSTEM32>\CXButLfoy.exe
- <DRIVERS>\KHpGDdjg.dll
- <SYSTEM32>\tWYCSlIu.dll
- %WINDIR%\oxKOGkRGH.dll
- %WINDIR%\WlrmWoy.dll
- <DRIVERS>\mPDNIW.dll
- <SYSTEM32>\fkmDxcrSC.exe
- <SYSTEM32>\RLqleN.exe
- <DRIVERS>\tMhIRL.dll
- <DRIVERS>\aMxXnp.exe
- <SYSTEM32>\AVcSxKTh.exe
- <DRIVERS>\KmNMpAVJ.dll
- <DRIVERS>\aPtwP.exe
- %WINDIR%\dMVrq.dll
- <SYSTEM32>\rAIXnI.exe
- %WINDIR%\tHqEWUE.exe
- <SYSTEM32>\QCGxvU.dll
- <DRIVERS>\FvlcuLS.dll
- %WINDIR%\OeULy.dll
- %WINDIR%\GWhWib.exe
- %WINDIR%\OqaSbNL.dll
- <DRIVERS>\MakMgW.dll
- <SYSTEM32>\ONRxxLB.dll
- <DRIVERS>\kgKPRmg.dll
- <DRIVERS>\wlFydIrY.dll
- %WINDIR%\qsHjOP.exe
- %WINDIR%\NWbQBYpc.dll
- <SYSTEM32>\IBjIGfYFm.exe
- %WINDIR%\IhGUgnamF.exe
- <SYSTEM32>\tbIqet.dll
- <DRIVERS>\bXcPkWl.exe
- %WINDIR%\qbKOVMsu.dll
- %WINDIR%\yxsNPx.dll
- <DRIVERS>\bBJvtmasB.dll
- <DRIVERS>\xnarwf.dll
- %WINDIR%\CibwlOve.dll
- %WINDIR%\thVblrwJU.exe
- <DRIVERS>\ricEbIDGi.dll
- %WINDIR%\oFygsy.dll
- <SYSTEM32>\LCRYJbb.dll
- %WINDIR%\Vpcxsul.exe
- %WINDIR%\pPcUw.exe
- <DRIVERS>\lUrObHGme.exe
- <DRIVERS>\xdQWLOl.dll
- %WINDIR%\XkNxfLiC.dll
- <DRIVERS>\QgEwtVG.dll
- <DRIVERS>\xIbhDWe.exe
- <DRIVERS>\EwkEyDGG.dll
- <DRIVERS>\VcfsuPEA.exe
- %WINDIR%\wxahkt.exe
- <SYSTEM32>\PTdgna.exe
- %WINDIR%\DsJufVaAh.dll
- %WINDIR%\BQhnCTDg.dll
- %WINDIR%\iKvVG.dll
- %WINDIR%\lhdnXgSW.exe
- <SYSTEM32>\LfDlSH.dll
- <DRIVERS>\ALfkHd.exe
- <DRIVERS>\JpFQcyeY.dll
- <SYSTEM32>\gLgcP.dll
- <DRIVERS>\vOgSGPFo.dll
- <DRIVERS>\bmRPkXg.exe
- <DRIVERS>\bHPbD.dll
- %WINDIR%\jDTELldlU.exe
- %WINDIR%\apdwLIdy.exe
- <SYSTEM32>\agdnb.dll
- <SYSTEM32>\NCMFGycp.dll
- <DRIVERS>\mjmYHtptf.dll
- <DRIVERS>\XSjaOnoW.exe
- %WINDIR%\UNfSELxX.dll
- <DRIVERS>\vtcbjElDl.exe
- <DRIVERS>\iyRouii.dll
- <SYSTEM32>\wVWjIuNdO.dll
- <DRIVERS>\MjelGV.dll
- %WINDIR%\jqDQul.exe
- <SYSTEM32>\iaCANPv.exe
- <DRIVERS>\SXrePQI.dll
- <DRIVERS>\PykANtII.dll
- %WINDIR%\wLrDr.dll
- %WINDIR%\RCVFmQ.dll
- <SYSTEM32>\vecEcPOX.exe
- %WINDIR%\nkbKTDvfN.exe
- <DRIVERS>\TVlSdUP.dll
- %WINDIR%\RnPgmkOH.exe
- <DRIVERS>\LSXAhf.dll
- <DRIVERS>\EmiWm.exe
- %WINDIR%\RalXPCW.exe
- <SYSTEM32>\CIEcCi.dll
- <SYSTEM32>\XQBwRqcw.exe
- <SYSTEM32>\xqswMUf.exe
- %WINDIR%\HhpStMKI.dll
- <DRIVERS>\tfkncQ.exe
- %WINDIR%\LGrcAb.exe
- %WINDIR%\WIsDfTrT.dll
- %WINDIR%\ghUcJvq.exe
- <DRIVERS>\ISXAUoKj.exe
- %WINDIR%\TWfEaQ.exe
- <DRIVERS>\nbvSJwfwA.dll
- <DRIVERS>\wWRsFI.dll
- <DRIVERS>\upcvwANaH.dll
- %WINDIR%\HImgpfPq.dll
- <SYSTEM32>\cYDFUwW.exe
- %WINDIR%\MyONVaaTr.dll
- <SYSTEM32>\fsXJMVJY.dll
- <DRIVERS>\RKoqCYYh.dll
- <SYSTEM32>\mGFIadbC.dll
- <DRIVERS>\nBEtrC.exe
- <SYSTEM32>\hkdvGc.dll
- <DRIVERS>\UrhhbsEtU.dll
- <SYSTEM32>\mocnIO.exe
- <SYSTEM32>\gMFmAPiTs.dll
- %WINDIR%\FOUiCE.dll
- <SYSTEM32>\cUcquxwqO.exe
- <SYSTEM32>\uNudk.dll
- %WINDIR%\OiLkgK.exe
- <DRIVERS>\uOIrIAlu.dll
- <SYSTEM32>\ufYbtLbs.dll
- %WINDIR%\HDTUDkUig.dll
- %WINDIR%\cIOuHnT.exe
- %WINDIR%\VJqJN.dll
- %WINDIR%\aeoPoCs.exe
- %WINDIR%\dmMbQNBo.dll
- <SYSTEM32>\UYDdTCQa.dll
- %WINDIR%\cTvjcL.exe
- <SYSTEM32>\wKQjQXRKt.exe
- <DRIVERS>\RohcSECW.dll
- <DRIVERS>\jkUrn.exe
- <DRIVERS>\vyHMefrqk.dll
- <DRIVERS>\DYsujNlM.exe
- <SYSTEM32>\AHDmuqAY.exe
- <SYSTEM32>\JjGxXqMLq.dll
- <SYSTEM32>\EIPTDgVaE.exe
- <DRIVERS>\HiPRTARuy.exe
- %WINDIR%\doxNve.dll
- <DRIVERS>\hUCCmVwv.exe
- <SYSTEM32>\THPLc.dll
- %WINDIR%\oSvuL.dll
- <SYSTEM32>\wJuSn.dll
- <DRIVERS>\qkAyStGv.exe
- %WINDIR%\meqRyGiC.dll
- <SYSTEM32>\LcVyQo.exe
- <DRIVERS>\JSYQlEq.exe
- <DRIVERS>\IwqrB.exe
- %WINDIR%\TWiMIAD.dll
- <SYSTEM32>\cKcBSmG.dll
- <DRIVERS>\RqpUhtKq.dll
- %WINDIR%\DfVcM.exe
- <SYSTEM32>\BlSlwbmj.dll
- %WINDIR%\xlhrHRumX.exe
- %WINDIR%\vySkATCDu.exe
- <DRIVERS>\XsKKh.exe
- %WINDIR%\rAwXmbKvq.dll
- %WINDIR%\JlAeuY.dll
- <SYSTEM32>\NBfWM.dll
- %WINDIR%\BefrRMkB.exe
- %WINDIR%\YjcUPcLWq.dll
- <DRIVERS>\UAnvLby.exe
- <SYSTEM32>\IvrRDRIWH.dll
- %WINDIR%\rxqWIWab.dll
- %WINDIR%\KSdHrcsxl.exe
- <DRIVERS>\lnNJWuJ.exe
- <SYSTEM32>\tHWHbWuF.dll
- %WINDIR%\VnDgyUsk.dll
- <DRIVERS>\sFhHkV.exe
- <SYSTEM32>\acuSQhD.exe
- %WINDIR%\eatVBL.dll
- %WINDIR%\YdQXFVWs.exe
- <DRIVERS>\NbLXtaX.exe
- <SYSTEM32>\EjTYrPDL.dll
- <SYSTEM32>\pqGtMK.exe
- <DRIVERS>\uAlrs.exe
- <SYSTEM32>\oYkqcPqSR.dll
- <DRIVERS>\hjAMWq.exe
- <DRIVERS>\aAAPwrl.exe
- <DRIVERS>\TAlbhw.dll
- <SYSTEM32>\IXiNcp.exe
- <SYSTEM32>\TLClQv.dll
- %WINDIR%\MGdANESpM.dll
- <SYSTEM32>\XPSgB.exe
- %WINDIR%\TCqknr.dll
- <SYSTEM32>\oSXgJG.exe
- <DRIVERS>\VYSAJ.exe
- <SYSTEM32>\ybIvk.exe
- %WINDIR%\VITDgSMvR.exe
- <SYSTEM32>\Skmpf.exe
- %WINDIR%\aWQnMoG.dll
- %WINDIR%\rSoPebua.dll
- %WINDIR%\aqNmsWKja.dll
- <SYSTEM32>\fkWqiPCln.dll
- <SYSTEM32>\BEOhFEnB.dll
- %WINDIR%\DhJkAtcQl.dll
- <SYSTEM32>\MwURFF.exe
- <DRIVERS>\DwyxvcWt.dll
- <SYSTEM32>\AShYyH.exe
- <SYSTEM32>\RTtNc.exe
- <DRIVERS>\jYciGNCcF.exe
- <SYSTEM32>\cGjpNtPC.dll
- <DRIVERS>\kruQRNDb.dll
- %WINDIR%\StkxqN.dll
- %WINDIR%\jNNAGCPFU.exe
- %WINDIR%\OgkokKB.dll
- %WINDIR%\LNicLhe.exe
- <SYSTEM32>\SeGArR.exe
- <DRIVERS>\NHdesuWb.exe
- <SYSTEM32>\asquvj.dll
- %WINDIR%\lEaHj.dll
- %WINDIR%\gOPUGwv.exe
- <DRIVERS>\wgyvvk.exe
- <SYSTEM32>\TcfSuA.dll
- %WINDIR%\AYbSsWeJ.exe
- %WINDIR%\igWwnga.dll
- %WINDIR%\PkPsGLs.dll
- <DRIVERS>\AMOfuUe.dll
- <DRIVERS>\UEUBgI.exe
- <SYSTEM32>\pUbUk.dll
- <SYSTEM32>\QDQQgaCkT.exe
- <DRIVERS>\FujHPUT.dll
- <SYSTEM32>\RUorTRHEM.dll
- <SYSTEM32>\qRGfw.dll
- <DRIVERS>\eVdILcbh.exe
- <DRIVERS>\QeoMTY.dll
- <DRIVERS>\oMpoqXhsI.dll
- %WINDIR%\mqCUy.dll
- <DRIVERS>\ttRYsdyvb.dll
- %WINDIR%\cwMmKe.exe
- <DRIVERS>\wgrVu.dll
- <SYSTEM32>\RaOWV.dll
- <SYSTEM32>\YUkuN.exe
- <DRIVERS>\dHhsPYGfQ.dll
- <SYSTEM32>\iKPVYdU.exe
- <DRIVERS>\MTREWaQ.exe
- <DRIVERS>\NhCgui.exe
- %WINDIR%\FVIVG.dll
- %WINDIR%\baOat.dll
- <DRIVERS>\YXMqbusx.exe
- %WINDIR%\glnGM.dll
- <DRIVERS>\pnTQqjxB.exe
- <DRIVERS>\KLTGxsnko.exe
- <DRIVERS>\tFQrFNA.dll
- %WINDIR%\UwwVw.exe
- <DRIVERS>\vvlReWv.dll
- %WINDIR%\bWCJMxcCy.exe
- %WINDIR%\KbMnf.dll
- <SYSTEM32>\FBhBDHCC.dll
- <SYSTEM32>\CYDhEuyLp.dll
- %WINDIR%\qefRD.dll
- <SYSTEM32>\WlSDXOf.dll
- <DRIVERS>\ExCFAeJkX.dll
- <SYSTEM32>\ikkKuiLw.exe
- %WINDIR%\wPrenBsP.exe
- <SYSTEM32>\XlUXeO.dll
- %WINDIR%\rrdYeqNL.dll
- %WINDIR%\qtapvo.dll
- <DRIVERS>\tblqJ.exe
- <DRIVERS>\WQgWdBUrO.dll
- <DRIVERS>\WCsbC.dll
- <SYSTEM32>\jlQGAUfx.dll
- %WINDIR%\CJfYjoj.exe
- <SYSTEM32>\UHdVWjvqx.exe
- %WINDIR%\nuQSyEks.exe
- <DRIVERS>\hhuOijxB.exe
- <DRIVERS>\xgaeggHH.exe
- <DRIVERS>\strSijMr.exe
- <DRIVERS>\uDBkMRyj.exe
- <SYSTEM32>\xXKKv.dll
- <SYSTEM32>\HjIVBvOCL.exe
- %WINDIR%\LEteAIa.dll
- <SYSTEM32>\kwnoWQW.exe
- <SYSTEM32>\kqUVpeO.exe
- %WINDIR%\qvaoic.exe
- %WINDIR%\aiMRVpX.exe
- <SYSTEM32>\NcTmy.dll
- <SYSTEM32>\UPeRrOfVE.exe
- <SYSTEM32>\ngxnJCrL.dll
- <DRIVERS>\dmeDIwL.dll
- %WINDIR%\FsDxPAEM.exe
- %WINDIR%\VaeJi.exe
- <DRIVERS>\mrpLnayv.dll
- %WINDIR%\UscAVAqm.dll
- %WINDIR%\NQtqapl.dll
- <DRIVERS>\vnbwLTG.exe
- <DRIVERS>\gSGdy.dll
- <DRIVERS>\hSHFAssdn.dll
- %WINDIR%\BLKtl.exe
- %WINDIR%\fRkFysm.exe
- <DRIVERS>\PhKbcqVh.exe
- <SYSTEM32>\LdmDgk.dll
- <DRIVERS>\WjRxW.dll
- %WINDIR%\vrLVwMavo.exe
- <DRIVERS>\SJnRs.dll
- <SYSTEM32>\kWgIXqcpd.exe
- <SYSTEM32>\fCPWHV.dll
- %WINDIR%\MfNGruB.dll
- <DRIVERS>\CAkExEw.dll
- %WINDIR%\KphNjOaFH.dll
- <SYSTEM32>\UuwKYgS.dll
- <SYSTEM32>\PwuhB.exe
- %WINDIR%\bPaVhAOc.dll
- <DRIVERS>\cylOQIl.dll
- <DRIVERS>\lesawkU.exe
- <SYSTEM32>\RTsUuoht.dll
- <DRIVERS>\XHnCfKM.exe
- %WINDIR%\RcKQkj.exe
- %WINDIR%\LyvhCbsc.exe
- <SYSTEM32>\PMMeD.dll
- <SYSTEM32>\piprl.exe
- %WINDIR%\rDXargGy.exe
- <DRIVERS>\TguWq.dll
- %WINDIR%\VnJtY.exe
- <SYSTEM32>\UBwAY.dll
- <DRIVERS>\CBLWL.dll
- %WINDIR%\FyLrSryJ.dll
- <DRIVERS>\bTPbjevcy.dll
- <DRIVERS>\OThkVvU.exe
- <SYSTEM32>\MVyIqCi.dll
- <DRIVERS>\lWoDniu.exe
- <SYSTEM32>\KxuMWIr.dll
- <SYSTEM32>\xcfGbNnBu.dll
- <SYSTEM32>\TasCpV.dll
- %WINDIR%\YCpDFnw.exe
- %WINDIR%\Tgscf.dll
- %WINDIR%\lqKYDrflk.exe
- <DRIVERS>\LsLUHs.dll
- <DRIVERS>\gPjkTEJw.exe
- <SYSTEM32>\VOOahHT.dll
- %WINDIR%\DAOYeYR.exe
- <SYSTEM32>\apUTiDM.exe
- %WINDIR%\uEojliOIt.dll
- %WINDIR%\GAngE.dll
- <SYSTEM32>\TCFcrOAd.exe
- <DRIVERS>\kwKriOEqS.exe
- <DRIVERS>\xrQDbkoB.exe
- <DRIVERS>\njENM.dll
- <SYSTEM32>\JVbJoNO.exe
- <DRIVERS>\EBWbAmF.dll
- <DRIVERS>\emhYfEAM.dll
- <DRIVERS>\wuIdLys.exe
- <DRIVERS>\BAtMyFL.dll
- %WINDIR%\qfpxF.dll
- <DRIVERS>\jjyJbJTh.exe
- <DRIVERS>\tKiqQD.exe
- <DRIVERS>\gyBGIEea.exe
- <SYSTEM32>\DlBgWqWVi.dll
- <SYSTEM32>\IgUyDrb.exe
- <SYSTEM32>\NIOMDf.dll
- <SYSTEM32>\fwTipq.exe
- <DRIVERS>\iNvNC.exe
- <DRIVERS>\VxnyW.exe
- <DRIVERS>\MsQtiQ.dll
- <SYSTEM32>\BSLFLb.dll
- %WINDIR%\XxCWBR.dll
- <SYSTEM32>\BaveySQk.exe
- <DRIVERS>\Cuvpuuks.exe
- <DRIVERS>\KPgydOcXQ.dll
- %WINDIR%\orvYLrMg.exe
- <DRIVERS>\VdjIHOXBA.exe
- <SYSTEM32>\gvxreTPRR.exe
- %WINDIR%\VleuvBhO.dll
- <SYSTEM32>\oigkgYo.exe
- <DRIVERS>\WVavf.dll
- <SYSTEM32>\TOKYdt.dll
- <SYSTEM32>\gmuGFRUQV.dll
- %WINDIR%\bDsxIj.exe
- <DRIVERS>\iTErwyJ.dll
- <SYSTEM32>\AVEcgPYoY.exe
- <SYSTEM32>\NugUtbAp.dll
- <DRIVERS>\NEyNFFd.dll
- <DRIVERS>\AHHRUI.dll
- <DRIVERS>\tpdpK.dll
- <DRIVERS>\NagnWiv.dll
- <SYSTEM32>\mHgbjGvdt.exe
- %WINDIR%\rQhRBPLo.exe
- <DRIVERS>\bBjWTiuU.exe
- <DRIVERS>\GUBVnOwKb.dll
- %WINDIR%\qpqbMl.exe
- %WINDIR%\LmlOJy.dll
- %WINDIR%\YASWIrcTN.dll
- %WINDIR%\ElRib.exe
- %WINDIR%\cnlMMH.dll
- <DRIVERS>\xSyAOCQ.dll
- %WINDIR%\SxVSlDA.exe
- %WINDIR%\FQcAt.exe
- <DRIVERS>\nokmrbuC.exe
- <SYSTEM32>\auBRamttT.exe
- <SYSTEM32>\EnxJjfM.exe
- <SYSTEM32>\ryRTIwI.exe
- <SYSTEM32>\wBSPlonMk.exe
- <DRIVERS>\eDcMQL.exe
- %WINDIR%\trsgFQUP.exe
- %WINDIR%\oOtifkKfv.dll
- <SYSTEM32>\sUJxA.dll
- <DRIVERS>\POmRYHIJx.exe
- %WINDIR%\MBRqPjHMd.dll
- <DRIVERS>\bqLmpX.dll
- <SYSTEM32>\JahkJk.dll
- %WINDIR%\EXNRoau.dll
- <DRIVERS>\PtQveIUEG.exe
- <DRIVERS>\FqAhdl.exe
- <SYSTEM32>\XcPWKAD.dll
- <DRIVERS>\LAfjrEvec.exe
- <SYSTEM32>\RFPPVN.dll
- <DRIVERS>\cMDspOM.dll
- %WINDIR%\IaOwxOfk.dll
- <DRIVERS>\FpYCrwMb.dll
- %WINDIR%\pMlQr.exe
- %WINDIR%\wecyRWEog.dll
- %WINDIR%\NdRXmE.dll
- <SYSTEM32>\AVIBmGR.dll
- %WINDIR%\anVlvKi.exe
- <DRIVERS>\pQGyrLxCl.exe
- <SYSTEM32>\fnImkB.exe
- %WINDIR%\AqulGJCbl.exe
- <SYSTEM32>\UgMJkpSg.dll
- %WINDIR%\jsusCLYh.dll
- <SYSTEM32>\hcCvl.exe
- <SYSTEM32>\GhyicldHj.exe
- <SYSTEM32>\lWKrDx.exe
- <DRIVERS>\FFlTjh.exe
- <DRIVERS>\tCfBT.dll
- %WINDIR%\jSPty.exe
- <SYSTEM32>\ovOtyqEsS.dll
- %WINDIR%\OgIMTtaG.exe
- %WINDIR%\XirOWr.exe
- <DRIVERS>\NWwWxUm.dll
- <SYSTEM32>\YbgpMGN.exe
- <SYSTEM32>\cTpvQe.exe
- <SYSTEM32>\GrIHY.dll
- <SYSTEM32>\aeaTTrD.dll
- <DRIVERS>\PkAYOSYb.dll
- <SYSTEM32>\bDbOnHF.dll
- <SYSTEM32>\cphjx.exe
- <DRIVERS>\tfVAWyw.exe
- <SYSTEM32>\ljgwJoE.exe
- %WINDIR%\SYyYOIAc.exe
- <DRIVERS>\dVeiqtWI.dll
- <SYSTEM32>\wuDfQ.dll
- %WINDIR%\xMnupGa.dll
- <SYSTEM32>\ejYhgvo.exe
- <SYSTEM32>\oqpNQLsl.exe
- %WINDIR%\vXeSjFM.exe
- <DRIVERS>\DYaFXCTJ.dll
- <DRIVERS>\yNYyWjjp.exe
- <SYSTEM32>\jkTlwqc.dll
- <DRIVERS>\rhkueIp.exe
- %WINDIR%\WCKFfrm.exe
- %WINDIR%\OORxv.dll
- <SYSTEM32>\QbOTvA.exe
- <SYSTEM32>\aiVCpfFE.dll
- <DRIVERS>\MPUhFV.exe
- <DRIVERS>\HqEev.exe
- <SYSTEM32>\aClcxFNjY.dll
- %TEMP%\HTMLayout.dll
- <DRIVERS>\fIbmP.dll
- <DRIVERS>\liFdKmyS.dll
- <DRIVERS>\EFRjypYLt.dll
- %WINDIR%\thkiktnK.dll
- <DRIVERS>\fomULc.dll
- %WINDIR%\xFnSVXLdo.dll
- %WINDIR%\khWboO.exe
- <SYSTEM32>\aemDWXuRk.exe
- <DRIVERS>\iiTUNrSj.exe
- %WINDIR%\CLwSXRIAs.exe
- <DRIVERS>\uRmNg.exe
- %WINDIR%\nSuAMEOBI.dll
- <DRIVERS>\yHghtoKXD.dll
- <DRIVERS>\FqQHUNus.dll
- <SYSTEM32>\EaBvfcxt.dll
- <DRIVERS>\wrNRxLowo.dll
- <SYSTEM32>\pHpNCXtxU.exe
- %WINDIR%\IOCbABn.dll
- <SYSTEM32>\AcBjxyI.exe
- %WINDIR%\KDVjSDPNh.exe
- <SYSTEM32>\PfMgbQB.dll
- <DRIVERS>\gJLegMOft.dll
- %WINDIR%\qpjgAP.dll
- <DRIVERS>\cNoNMSYl.exe
- <DRIVERS>\rnncrKre.exe
- <SYSTEM32>\Ulmwiyjo.exe
- <DRIVERS>\QKwwdKvdu.exe
- <DRIVERS>\jEoFU.dll
- %WINDIR%\JtNXlGxPj.exe
- <DRIVERS>\YpFlb.exe
- %WINDIR%\TTqEj.dll
- %WINDIR%\xiYEVbXP.exe
- <SYSTEM32>\jDMFAbTg.dll
- <SYSTEM32>\cPElNtV.exe
- <DRIVERS>\jqYCyBHS.exe
- %WINDIR%\GbPMRE.exe
- %WINDIR%\nWMbhs.dll
- <DRIVERS>\gQwHcYe.dll
- %WINDIR%\MJJViaPfh.exe
- %WINDIR%\lRCFXO.exe
- <SYSTEM32>\IFjKi.dll
- <DRIVERS>\QNEiX.exe
- <SYSTEM32>\bKLwBbBDD.exe
- <SYSTEM32>\EioBEkree.exe
- <SYSTEM32>\EpSNoxI.exe
- <SYSTEM32>\nPIESCxGW.dll
- %WINDIR%\WuOSCC.exe
- %WINDIR%\xIAGnWO.exe
- %WINDIR%\gghykwUbe.dll
- <SYSTEM32>\RCHuEPls.dll
- <SYSTEM32>\FnNnwrR.dll
- %WINDIR%\sGcDSH.dll
- %WINDIR%\RXWtBW.exe
- %WINDIR%\HVENGql.exe
- %WINDIR%\VFNeRTBCQ.dll
- %WINDIR%\QYAvPwdOo.dll
- <DRIVERS>\JFUcwmuE.dll
- %WINDIR%\RIgxwLT.exe
- <SYSTEM32>\kINCF.dll
- <DRIVERS>\ibajFakK.dll
- %WINDIR%\VCqgmFW.exe
- %WINDIR%\HtcDBmL.exe
- %WINDIR%\lMrSLqht.dll
- <SYSTEM32>\NfiVxudq.exe
- %WINDIR%\YmKcpYitt.dll
- %WINDIR%\OcBOuXHUC.dll
- <SYSTEM32>\XPPiR.dll
- <DRIVERS>\ludJe.dll
- %WINDIR%\XbqVG.exe
- %WINDIR%\efjyCUdBo.exe
- %WINDIR%\liDfPopi.dll
- <SYSTEM32>\vyrQjKT.dll
- %WINDIR%\pmbDBwpQU.exe
- <DRIVERS>\SDiaSutw.dll
- <SYSTEM32>\MddVvw.dll
- <DRIVERS>\LQUOHawO.dll
- <DRIVERS>\rSMLiJhKa.dll
- <DRIVERS>\wkDuQVa.exe
- %WINDIR%\aPNLKNdpl.exe
- <SYSTEM32>\ApvVG.dll
- <SYSTEM32>\wxpqAgL.exe
- <DRIVERS>\DcVgXmfJn.exe
- <SYSTEM32>\uwgPPnm.exe
- %WINDIR%\nofUpjp.exe
- %WINDIR%\AiRRAYO.dll
- <SYSTEM32>\MYAhI.exe
- <SYSTEM32>\YtVLfEvF.dll
- %WINDIR%\EPawm.dll
- %WINDIR%\iYPvAgpGQ.exe
- <SYSTEM32>\rXnMLLTx.dll
- <SYSTEM32>\cgXBXNrK.dll
- <SYSTEM32>\iBgNVWQx.exe
- %WINDIR%\xVODB.dll
- <SYSTEM32>\XVudlsPAt.exe
- <DRIVERS>\iuOFTBpod.exe
- <DRIVERS>\NmYPBEJxG.dll
- <DRIVERS>\dHyedEUb.exe
- %WINDIR%\sHqoa.dll
- <DRIVERS>\faFct.dll
- <SYSTEM32>\EQJdmvkG.dll
- <DRIVERS>\RTFDm.dll
- <DRIVERS>\MuljxFdh.exe
- <DRIVERS>\ciuAKkfd.exe
- <SYSTEM32>\PLJDcC.dll
- <DRIVERS>\dpvyfT.exe
- %WINDIR%\lbIWQUI.exe
- <SYSTEM32>\EIdioQ.exe
- <DRIVERS>\bFysql.dll
- %WINDIR%\NGJPMHGJ.dll
- <SYSTEM32>\iaffdp.dll
- %WINDIR%\Ksgqkr.exe
- <DRIVERS>\rSNRw.dll
- %WINDIR%\IarbItSK.dll
- <SYSTEM32>\wJgPMwLa.dll
- <SYSTEM32>\CgVestB.exe
- <SYSTEM32>\QWFvyl.exe
- <SYSTEM32>\qTkIdyvAT.exe
- <SYSTEM32>\TvYvLf.dll
- %WINDIR%\diCxxyKb.dll
- %WINDIR%\WYxbYRncc.exe
- <SYSTEM32>\qxsygCv.dll
- %WINDIR%\lpumxl.exe
- <SYSTEM32>\gQtnWq.dll
- %WINDIR%\sLWxOoxjq.exe
- <SYSTEM32>\puEvIgBEM.exe
- %WINDIR%\twirniJ.exe
- %WINDIR%\iMmTLPoY.dll
- <SYSTEM32>\kbKpkEflB.dll
- <DRIVERS>\qLEwk.exe
- %WINDIR%\abTimtx.dll
- %WINDIR%\KHYFfm.exe
- %WINDIR%\FOwWq.exe
- <SYSTEM32>\VxCqx.dll
- <DRIVERS>\TAcHDh.dll
- %WINDIR%\gQgTqGW.dll
- <SYSTEM32>\ELlgDm.dll
- <DRIVERS>\AXLPX.exe
- <DRIVERS>\mdYCbg.dll
- %WINDIR%\BCKMpgL.dll
- %WINDIR%\dSMDY.dll
- <SYSTEM32>\escoleXv.exe
- %WINDIR%\QogGWsD.exe
- <DRIVERS>\cIjqdQWh.exe
- <DRIVERS>\EjSTtU.exe
- %WINDIR%\ofiRnP.exe
- <DRIVERS>\PhkJeASwo.dll
- %WINDIR%\IiMGJ.exe
- %WINDIR%\RjJoaui.exe
- %WINDIR%\TyfHH.dll
- <DRIVERS>\TcGVangsK.exe
- %WINDIR%\inECd.exe
- <DRIVERS>\lpvebEic.exe
- <DRIVERS>\oSjyS.exe
- <SYSTEM32>\PcwEm.exe
- <DRIVERS>\rXecre.dll
- <SYSTEM32>\omJHyi.dll
- <SYSTEM32>\RjfCpNj.exe
- <DRIVERS>\knkFh.dll
- <DRIVERS>\cUtbWQ.exe
- <DRIVERS>\XeCKN.exe
- %WINDIR%\kVspsl.exe
- <DRIVERS>\CNOdklh.dll
- %WINDIR%\yKBPpXh.exe
- <DRIVERS>\BNqFoXxyv.dll
- %WINDIR%\tyWYY.dll
- %WINDIR%\QvusAirt.dll
- %WINDIR%\UTPkkA.exe
- %WINDIR%\sTnqqD.exe
- <SYSTEM32>\oXubQmAD.exe
- %WINDIR%\kTeFTg.dll
- <DRIVERS>\ASRybeca.exe
- %WINDIR%\sdtfTREjS.exe
- %WINDIR%\dLfFWKP.exe
- <SYSTEM32>\NhKFgTBXm.dll
- <SYSTEM32>\JUyrbUXFw.exe
- %WINDIR%\cexdvnya.exe
- <SYSTEM32>\WUlfubU.exe
- %WINDIR%\BsSaOg.exe
- <DRIVERS>\qOCoABpyr.exe
- <SYSTEM32>\EVXRob.dll
- <DRIVERS>\bLsGo.dll
- <DRIVERS>\nBNtu.exe
- <DRIVERS>\KtGyBnJ.dll
- <DRIVERS>\eOUMsa.exe
- <DRIVERS>\GEqOBDRR.dll
- <DRIVERS>\DyNJiu.exe
- <DRIVERS>\gWKhJva.dll
- <DRIVERS>\ENOFpv.dll
- <SYSTEM32>\uVQCXCCn.exe
- <DRIVERS>\bWbbb.exe
- %WINDIR%\CdqadX.exe
- <SYSTEM32>\UgPNvVK.dll
- %WINDIR%\mjNMb.dll
- %WINDIR%\OGgPof.dll
- <DRIVERS>\QJAFXILJx.exe
- %WINDIR%\BSCeh.exe
- %WINDIR%\KmEpr.exe
- <DRIVERS>\EbXGhe.exe
- <SYSTEM32>\FTJNockC.exe
- %WINDIR%\GPuiG.dll
- %WINDIR%\nsApvlP.dll
- <SYSTEM32>\xuqGkjC.dll
- %WINDIR%\rssnxhcQq.exe
- <DRIVERS>\ibLHM.exe
- <DRIVERS>\LICRp.dll
- <SYSTEM32>\hKSCrOqn.dll
- <DRIVERS>\kaWOJ.exe
- %WINDIR%\cDNleOHL.exe
- <SYSTEM32>\DCyykubwr.exe
- <DRIVERS>\TQOKVRU.dll
- <SYSTEM32>\YIgVBLPi.exe
- %WINDIR%\yEAKMSI.exe
- <SYSTEM32>\pyCliqKXv.exe
- %WINDIR%\GGuYRHe.exe
- %WINDIR%\rpIEpAhga.dll
- <SYSTEM32>\GGUhAD.exe
- <SYSTEM32>\tvkQp.exe
- %WINDIR%\FRSauQ.dll
- %WINDIR%\TPEhJT.exe
- <DRIVERS>\sgwPSTSJ.exe
- <SYSTEM32>\xRMKPiTVE.dll
- <DRIVERS>\jyhrrO.exe
- <DRIVERS>\cIPFgTnRg.exe
- <DRIVERS>\DNdfQ.dll
- %WINDIR%\hHtwM.dll
- %WINDIR%\GSkGSttu.dll
- <SYSTEM32>\OOORH.exe
- %WINDIR%\hQrLj.exe
- <SYSTEM32>\nyXKCa.exe
- %WINDIR%\ElobF.exe
- <DRIVERS>\vqJtqQKNe.exe
- <DRIVERS>\KFsOUJ.dll
- <SYSTEM32>\sqjid.exe
- %WINDIR%\FkkLWLak.exe
Сетевая активность:
Подключается к:
- 'www.bo##eav.com':80
TCP:
Запросы HTTP GET:
- www.bo##eav.com/protection/?i=##################################################################################################################################
UDP:
- DNS ASK www.bo##eav.com
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: ''
