Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Runservices] 'services' = '%WINDIR%\services.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Run' = '%WINDIR%\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] 'services' = '%WINDIR%\services.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'services' = '%WINDIR%\services.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'services' = '%WINDIR%\services.exe'
Создает или изменяет следующие файлы:
- %HOMEPATH%\Start Menu\Programs\Startup\inqedoruang232.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\zhiekrxeng.exe
Вредоносные функции:
Создает и запускает на исполнение:
- '%WINDIR%\services.exe'
Изменения в файловой системе:
Создает следующие файлы:
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\xpinstall\nrishi446.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\passwordmgr\muowuiang.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\satchel\ancsi649.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\preferences\oyuduengong739.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\profile\uanoszirchi.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\update\enguanwfv.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\jsvzeniang.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\riuangnkcsx248.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\uanuanlhvov.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\xbl-marquee\sicqing.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\res\ciwuq.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\yunyumkb816.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\plugins\iangudujwshi781.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\alerts\rieuan406.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\bindings\uangiiong.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\yuiangrh481.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\yuanwtac893.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\cookie\ianyiwkgyd229.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\uensmfdri.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\downloads\zhichibf884.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\extensions\yodziwu227.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\handling\inenm.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\svg\singci948.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\xml\angxngkri.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\mozapps\uanzhitymo496.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\alerts\xurzingyun605.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\passwordmgr\wvxhuanen.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\places\ianuennrqe931.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\plugins\shiianszf851.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\downloads\ianuanjiai.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\extensions\yianmr.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\handling\dtbsiian.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\xpinstall\uengziz656.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\gchiri659.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\alerts\zhiricbgns269.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\profile\anzihozoi821.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\update\ciaen56.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\viewsource\sisci616.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\mozapps\uanuandfpu.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\dirListing\chiuanl.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\cichic50.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\media\anrqbjzi.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\engyuapujj.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\jljinong320.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\console\ingvan662.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\uangzhix.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\toolbar\uenglrxpuen.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\tree\riyrxagyu.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\printpreview\ziydanri.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\uanuin850.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\scrollbar\zhikazhi258.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\cookie\jjwzieng.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\ueniitiang560.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\dom\inoruen.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\vpnfhyuning990.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\alerts\ingcykchi882.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\autoconfig\mwwuenuen.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\svg\btackianyun152.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xml\elqmyiuan391.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xpinstall\wuzhaan329.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\layout\mlshien.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\search\engidkeng632.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\security\angitxan.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser-region\uengshiuncdv.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\branding\dkiianchi297.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\wuwuyeh.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\downloads\zhiuenghv.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\communicator\chiiangtiiu872.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\ongcsetueng.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\iangbejbuan.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\preferences\uenguengam491.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\safebrowsing\ziden.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\sidebar\ciueneng.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\feeds\bzien719.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\migration\ffrbvuanyun.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\browser\places\jvcqiangian.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global\xslt\dyiiang178.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\pipnss\antgaviyi201.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\pippki\uenflsmxen.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\places\yiyuncwoh119.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\xpinstall\llianuan403.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\necko\ianktvaawu637.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\passwordmgr\ibtenguan.exe
- %PROGRAM_FILES%\FireFox\chrome\pippki\content\yienbuodw.exe
- %PROGRAM_FILES%\FireFox\chrome\pippki\content\pippki\xhksiing997.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\uenlcfrguan.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\services\yqxbhiongang799.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\feedback\yungri962.exe
- %PROGRAM_FILES%\FireFox\chrome\pippki\iongatri614.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\update\engsiemc.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\win\yisit.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-region\uanenoohy.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\ianwmuen833.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\shiqeeing.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\mac\yuniny725.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\global-platform\unix\ionggkepwchi.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\plugins\ongyutnx169.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\preferences\zhizhivazrd.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\profile\anguanlw332.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\downloads\qyuueng.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\extensions\uwqmoyunyun.exe
- %PROGRAM_FILES%\FireFox\chrome\en-US\locale\en-US\mozapps\handling\uusingsi962.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\rxfuaniang.exe
- %PROGRAM_FILES%\MSN\iningtrl808.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\nwrinuan3.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\uenibxci198.exe
- %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\bhlaongueng.exe
- %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\yuruan.exe
- %PROGRAM_FILES%\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\riinghhx.exe
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\inengg520.exe
- %PROGRAM_FILES%\NetMeeting\bqfyshien.exe
- %PROGRAM_FILES%\Online Services\angiang.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\sciing.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\yiongwcclf.exe
- %PROGRAM_FILES%\MSN Gaming Zone\oguenuen754.exe
- %PROGRAM_FILES%\MSBuild\Microsoft\ianbepiri648.exe
- %PROGRAM_FILES%\microsoft frontpage\version3.0\bin\anguena.exe
- %PROGRAM_FILES%\Microsoft.NET\riuangzyaz771.exe
- %PROGRAM_FILES%\Microsoft.NET\RedistList\engnrzi599.exe
- %PROGRAM_FILES%\Messenger\uengyisian154.exe
- %PROGRAM_FILES%\microsoft frontpage\uanongoipr478.exe
- %PROGRAM_FILES%\microsoft frontpage\version3.0\yiyyqqzhi.exe
- %PROGRAM_FILES%\Movie Maker\Shared\shiuengtt951.exe
- %PROGRAM_FILES%\Movie Maker\Shared\Profiles\anguaneltbj.exe
- %PROGRAM_FILES%\MSBuild\uanuanh.exe
- %PROGRAM_FILES%\Movie Maker\yivrdxnong804.exe
- %PROGRAM_FILES%\Movie Maker\MUI\chiiongf337.exe
- %PROGRAM_FILES%\Movie Maker\MUI\0409\yirinlz.exe
- %PROGRAM_FILES%\Outlook Express\kmyuyi.exe
- %PROGRAM_FILES%\Windows NT\Pinball\inuanivx.exe
- %PROGRAM_FILES%\xerox\uengmczi.exe
- %PROGRAM_FILES%\xerox\nwwia\rilkaygan266.exe
- %PROGRAM_FILES%\Windows Media Player\Visualizations\nchciwu.exe
- %PROGRAM_FILES%\Windows NT\englian784.exe
- %PROGRAM_FILES%\Windows NT\Accessories\uanengm687.exe
- %WINDIR%\Config\iangguan896.exe
- %WINDIR%\Connection Wizard\ianengv.exe
- %WINDIR%\Cursors\chiyunmyki.exe
- %WINDIR%\uanhfzi390.exe
- %WINDIR%\addins\yiiwuan.exe
- %WINDIR%\AppPatch\inongitpm.exe
- %PROGRAM_FILES%\Windows Media Player\Skins\qgpziin857.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\uanwfviang.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\uengqytlyu.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\skxranguen.exe
- %PROGRAM_FILES%\Reference Assemblies\zhiiurkiang.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\uenguci39.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\dpriri444.exe
- %PROGRAM_FILES%\Windows Media Player\yunxbian808.exe
- %PROGRAM_FILES%\Windows Media Player\Icons\nsuenueng.exe
- %PROGRAM_FILES%\Windows Media Player\Sample Playlists\uanuangzlyra.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\yuwuijdc124.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\aingyun.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\yoranshi370.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\places\cimcci62.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\plugins\wuangs402.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\profile\gepkmangang.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\extensions\yunoyi252.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\handling\zznrryuyi412.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\passwordmgr\vxexfciwu187.exe
- %PROGRAM_FILES%\FireFox\components\ensang490.exe
- %PROGRAM_FILES%\FireFox\defaults\suangong16.exe
- %PROGRAM_FILES%\FireFox\defaults\autoconfig\ooatuengueng546.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\update\zryyunyun.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\viewsource\xszhiiong428.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\xpinstall\engkzhi.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\downloads\yujqen.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\icons\shisifxefm.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\media\nnciwensi.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\printpreview\riongzsf.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\checkbox\yuenggfbwa.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\console\onguenriku.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\dirListing\yunuengwfxn.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\toolbar\inguanwtwk.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\tree\sronguan665.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\mozapps\rssmuanci540.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\radio\angongtwr.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\scrollbar\ciwlcuing99.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\splitter\riofuang.exe
- %PROGRAM_FILES%\FireFox\defaults\pref\brbwushi998.exe
- %PROGRAM_FILES%\FireFox\res\html\shiziafj855.exe
- %PROGRAM_FILES%\FireFox\searchplugins\crian.exe
- %PROGRAM_FILES%\FireFox\uninstall\enqjoong.exe
- %PROGRAM_FILES%\FireFox\res\dtd\wushiwobvy.exe
- %PROGRAM_FILES%\FireFox\res\entityTables\chihknbiian223.exe
- %PROGRAM_FILES%\FireFox\res\fonts\uanxri209.exe
- %PROGRAM_FILES%\Internet Explorer\MUI\0409\inuancnjs.exe
- %PROGRAM_FILES%\Internet Explorer\PLUGINS\hinuan398.exe
- %PROGRAM_FILES%\Internet Explorer\SIGNUP\yuendic.exe
- %PROGRAM_FILES%\Internet Explorer\yichigcgqh.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\lwuyu436.exe
- %PROGRAM_FILES%\Internet Explorer\MUI\ianeng452.exe
- %PROGRAM_FILES%\FireFox\res\engzhip.exe
- %PROGRAM_FILES%\FireFox\extensions\qluanyun487.exe
- %PROGRAM_FILES%\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\nfiongiang.exe
- %PROGRAM_FILES%\FireFox\modules\uanwufeeg.exe
- %PROGRAM_FILES%\FireFox\defaults\profile\ianchibkcuk803.exe
- %PROGRAM_FILES%\FireFox\defaults\profile\chrome\lgzxnriri488.exe
- %PROGRAM_FILES%\FireFox\dictionaries\ygetiziueng.exe
- %PROGRAM_FILES%\FireFox\modules\services-sync\ext\byunian.exe
- %PROGRAM_FILES%\FireFox\modules\tabview\xpdcuenwu513.exe
- %PROGRAM_FILES%\FireFox\plugins\yuangrrt285.exe
- %PROGRAM_FILES%\FireFox\modules\services-crypto\ciuanqop.exe
- %PROGRAM_FILES%\FireFox\modules\services-sync\nmengong.exe
- %PROGRAM_FILES%\FireFox\modules\services-sync\engines\cpmtrian285.exe
- C:\Far2\Plugins\Colorer\hrd\console\zhichih595.exe
- C:\Far2\Plugins\Colorer\hrd\console\contrib\uanpctvuan.exe
- C:\Far2\Plugins\Compare\hanian.exe
- C:\Far2\Plugins\Colorer\hrc\auto\uenbfeng535.exe
- C:\Far2\Plugins\Colorer\hrc\auto\types\ianguenalrpj.exe
- C:\Far2\Plugins\Colorer\hrd\infageng807.exe
- C:\Far2\Plugins\ExtSearch\ziinl.exe
- C:\Far2\Plugins\ExtSearch\doc\chicipenza781.exe
- C:\Far2\Plugins\ExtSearch\keys\yiven666.exe
- C:\Far2\Plugins\DrawLine\ongyuuvus.exe
- C:\Far2\Plugins\EditCase\delianuang913.exe
- C:\Far2\Plugins\EMenu\uanlci305.exe
- C:\Far2\Plugins\Colorer\hrc\lzdxxanian309.exe
- C:\Far2\FExcept\yzdquanzhi665.exe
- C:\Far2\Plugins\iongqtian.exe
- C:\Far2\Plugins\7-Zip\yuongs.exe
- C:\Far2\Documentation\eng\uangengeuxh.exe
- C:\Far2\Documentation\rus\ridsgiong.exe
- C:\Far2\Encyclopedia\hjslpsiyi.exe
- C:\Far2\Plugins\Brackets\igecianin840.exe
- C:\Far2\Plugins\Colorer\zidlubjan.exe
- C:\Far2\Plugins\Colorer\bin\ncyuniong.exe
- C:\Far2\Plugins\Align\ttqywuing407.exe
- C:\Far2\Plugins\arclite\nsggnuangan422.exe
- C:\Far2\Plugins\AutoWrap\yiendbaim.exe
- C:\Far2\Plugins\ExtSearch\sources\dwsnyiueng.exe
- C:\Far2\Plugins\WinSCP\fari\cdyunuan.exe
- C:\Far2\Plugins\WinSCP\filezilla\irqjnyuzhi831.exe
- C:\Far2\Plugins\WinSCP\filezilla\misc\anegqvang88.exe
- C:\Far2\Plugins\WinSCP\core\ezfgengchi.exe
- C:\Far2\Plugins\WinSCP\dragext\angyunmiw.exe
- C:\Far2\Plugins\WinSCP\far\uanglri226.exe
- C:\Far2\Plugins\WinSCP\packages\dragndrop\iongeen.exe
- C:\Far2\Plugins\WinSCP\packages\filemng\ziubzi.exe
- C:\Far2\Plugins\WinSCP\packages\my\uenchidq201.exe
- C:\Far2\Plugins\WinSCP\forms\yzongeng.exe
- C:\Far2\Plugins\WinSCP\lib\ingyufbmh682.exe
- C:\Far2\Plugins\WinSCP\packages\wmruengan.exe
- C:\Far2\Plugins\WinSCP\console\zhiigsjkyu.exe
- C:\Far2\Plugins\FTP\jubyunin361.exe
- C:\Far2\Plugins\FTP\lib\wuenn.exe
- C:\Far2\Plugins\HlfViewer\uengpywu.exe
- C:\Far2\Plugins\ExtSearch\sources\RegExp\yunhxqang.exe
- C:\Far2\Plugins\FarCmds\ianuanymmal936.exe
- C:\Far2\Plugins\FileCase\chiuanems.exe
- C:\Far2\Plugins\TmpPanel\ianongaya250.exe
- C:\Far2\Plugins\WinSCP\aninofago.exe
- C:\Far2\Plugins\WinSCP\components\uanuengni699.exe
- C:\Far2\Plugins\MacroView\ianiawxiang939.exe
- C:\Far2\Plugins\Network\enyugwi.exe
- C:\Far2\Plugins\ProcList\aneuviong176.exe
- %ALLUSERSPROFILE%\Favorites\ecyuan354.exe
- %ALLUSERSPROFILE%\Start Menu\ridyu681.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\echiri.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\zcbwuanuan358.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\wmvsiong.exe
- %ALLUSERSPROFILE%\Documents\My Videos\ciingbq673.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\ueotziueng856.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\ingchidzgc108.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\angriyz.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\sizijf613.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\vyunci394.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\uanuanla524.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\uanypdquan870.exe
- <Текущая директория>\ensiongyi873.exe
- C:\Documents and Settings\iongtsyzi240.exe
- %ALLUSERSPROFILE%\riwuan885.exe
- %WINDIR%\services.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].asp
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\uengchimc.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\siixglcing921.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\yivpvqzyun.exe
- %ALLUSERSPROFILE%\Desktop\ianguvhsi289.exe
- %ALLUSERSPROFILE%\Documents\rigpzi.exe
- %ALLUSERSPROFILE%\Documents\My Music\yuauan910.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Games\uengberyu904.exe
- C:\Far2\Addons\Colors\wroingian.exe
- C:\Far2\Addons\Colors\Custom Highlighting\yucghchi32.exe
- C:\Far2\Addons\Colors\Default Highlighting\vfoziuan.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\ongqoouang.exe
- C:\Far2\luianiang.exe
- C:\Far2\Addons\uanuanw.exe
- C:\Far2\Addons\XLat\goziiang511.exe
- C:\Far2\Addons\XLat\Russian\zhiinpxc.exe
- C:\Far2\Documentation\cizhig527.exe
- C:\Far2\Addons\Macros\sisruengeng757.exe
- C:\Far2\Addons\SetUp\iangnpzyong691.exe
- C:\Far2\Addons\Shell\chivmjjveng827.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\ensifzd.exe
- %HOMEPATH%\Favorites\Links\hcysishi493.exe
- %HOMEPATH%\My Documents\wtmchiri.exe
- %HOMEPATH%\My Documents\Downloads\yunzhiortn277.exe
- %HOMEPATH%\xjxmuanyi281.exe
- %HOMEPATH%\Desktop\kxqzqenuan322.exe
- %HOMEPATH%\Favorites\uanmmliin.exe
- %HOMEPATH%\Start Menu\uangqci204.exe
- %HOMEPATH%\Start Menu\Programs\ionguenga102.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\zidxjuan.exe
- %HOMEPATH%\My Documents\My Music\uanuanlhfni643.exe
- %HOMEPATH%\My Documents\My Pictures\ianzhiyvkf.exe
- %HOMEPATH%\My Documents\My Received Files\aingwu253.exe
- C:\Far2\Plugins\WinSCP\packages\tb2k\smstuenin.exe
- %CommonProgramFiles%\System\ado\ianshibf502.exe
- %CommonProgramFiles%\System\msadc\yiuennfmj.exe
- %CommonProgramFiles%\System\Ole DB\zicksuzhi156.exe
- %CommonProgramFiles%\SpeechEngines\Microsoft\TTS\ingzsfeang.exe
- %CommonProgramFiles%\SpeechEngines\Microsoft\TTS\1033\umeiongan.exe
- %CommonProgramFiles%\System\yunyunex49.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\kfchiing.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\rihyeniang.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\branding\ralangin.exe
- %PROGRAM_FILES%\ComPlus Applications\chibmubzwu.exe
- %PROGRAM_FILES%\FireFox\yuniongjxcb825.exe
- %PROGRAM_FILES%\FireFox\chrome\ftuengueng.exe
- %CommonProgramFiles%\SpeechEngines\Microsoft\Lexicon\1033\uanmbrang.exe
- %CommonProgramFiles%\MSSoap\Binaries\xoaniong144.exe
- %CommonProgramFiles%\MSSoap\Binaries\Resources\ecjziang295.exe
- %CommonProgramFiles%\MSSoap\Binaries\Resources\1033\anguanwdis.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm\wuduan805.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut\uanena.exe
- %CommonProgramFiles%\MSSoap\angzlynci685.exe
- %CommonProgramFiles%\SpeechEngines\yunkpoyywu642.exe
- %CommonProgramFiles%\SpeechEngines\Microsoft\uanuanzaa.exe
- %CommonProgramFiles%\SpeechEngines\Microsoft\Lexicon\wtgriri.exe
- %CommonProgramFiles%\ODBC\kkengian678.exe
- %CommonProgramFiles%\ODBC\Data Sources\engingpd907.exe
- %CommonProgramFiles%\Services\zichip.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\zzshian853.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\preferences\polvuangan30.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\tabbrowser\drtxgongyi.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\tabview\csriuan444.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\enyuee455.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\feeds\uenyubpzas.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\browser\places\ongtnring218.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\preferences\jmcfisiwu.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\tabbrowser\angcyun.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\tabview\udfahyiin.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\jpwuchi310.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\feeds\yunhmvjeng788.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\browser\places\onguengaohw633.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\aero\sipqapzi.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\history\yivuan350.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\migration\hxmyqyuzi.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\pageinfo\mmingong.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\bookmarks\rcshiiang.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\certerror\iongsiavtk942.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\feeds\jhufcchici.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\search\inyutexbj130.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\pausiiong118.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\skin\classic\uangnzhi238.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\places\hkanci.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\preferences\qjbingwu.exe
- %PROGRAM_FILES%\FireFox\chrome\browser\content\browser\safebrowsing\eninghlvm.exe
- %CommonProgramFiles%\Microsoft Shared\DW\byityyiong.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1025\higziyi215.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1028\iangzuan328.exe
- %CommonProgramFiles%\enggukyun.exe
- %CommonProgramFiles%\Microsoft Shared\yunuenz457.exe
- %CommonProgramFiles%\Microsoft Shared\DAO\yiingfpb.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1040\anguangxxkjg849.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1041\chijpveng287.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1042\jishiyi.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1031\shiylluan.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1033\pshiyun656.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1036\uangzidyvby.exe
- %PROGRAM_FILES%\ihusiyu.exe
- C:\Far2\Plugins\WinSCP\putty\charset\engtnyen541.exe
- C:\Far2\Plugins\WinSCP\putty\windows\ciciqsxang.exe
- C:\Far2\Plugins\WinSCP\release\anvwyu.exe
- C:\Far2\Plugins\WinSCP\packages\tbx\jhkpinyun.exe
- C:\Far2\Plugins\WinSCP\packages\theme\uanguanswh.exe
- C:\Far2\Plugins\WinSCP\putty\uanssnyouan507.exe
- C:\Far2\PluginSDK\Headers.c\qjvqinguan201.exe
- C:\Far2\PluginSDK\Headers.pas\uengcwexrwu.exe
- <Служебный элемент>
- C:\Far2\Plugins\WinSCP\resource\ianzueng978.exe
- C:\Far2\Plugins\WinSCP\windows\iangcgiqeng.exe
- C:\Far2\PluginSDK\engjvbqyun.exe
- %CommonProgramFiles%\Microsoft Shared\DW\2052\iongrigc.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\bin\zhiuenghomr430.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\bin\1033\ingionghbk485.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\bots\uenrzwin519.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\admcgi\scripts\uanjbfdci70.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\admisapi\vzvwtianzi.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\admisapi\scripts\zhiannzs.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\isapi\_vti_aut\fuiowuueng.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\servsupp\zhiuyin710.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\_vti_bin\uengzhirwo666.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\bots\vinavbar\ingchiq657.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\isapi\hpyuuang376.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\isapi\_vti_adm\yunuangm863.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\admcgi\qhzrjuanging936.exe
- %CommonProgramFiles%\Microsoft Shared\Speech\1033\wuanong.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\uangingnrbgp121.exe
- %CommonProgramFiles%\Microsoft Shared\TextConv\ridvuan900.exe
- %CommonProgramFiles%\Microsoft Shared\DW\3082\engshioz804.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\yuuaneq.exe
- %CommonProgramFiles%\Microsoft Shared\Speech\yuhffchi.exe
- %CommonProgramFiles%\Microsoft Shared\Web Folders\sihikfnci.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\yirnzkyci.exe
- %CommonProgramFiles%\Microsoft Shared\web server extensions\40\ongchigoskj82.exe
- %CommonProgramFiles%\Microsoft Shared\Triedit\uanhyun.exe
- %CommonProgramFiles%\Microsoft Shared\VC\yivwu.exe
- %CommonProgramFiles%\Microsoft Shared\VGX\zhilwu.exe
Сетевая активность:
Подключается к:
- 'qq.##232.com':80
TCP:
Запросы HTTP GET:
- qq.##232.com/01ll/index.asp?rn#######
UDP:
- DNS ASK qq.##232.com
Другое:
Ищет следующие окна:
- ClassName: 'Indicator' WindowName: '(null)'
