Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'akltQEtnc.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '<Полный путь к вирусу>'
Вредоносные функции:
Для затруднения выявления своего присутствия в системе
блокирует:
- Средство контроля пользовательских учетных записей (UAC)
Изменяет следующие настройки браузера Windows Internet Explorer:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnZoneCrossing' = '00000000'
Изменения в файловой системе:
Создает следующие файлы:
- <SYSTEM32>\jVAmSrmt.dll
- <SYSTEM32>\uUoNMtnR.dll
- <SYSTEM32>\fegjVnd.dll
- <DRIVERS>\VVGgA.exe
- <DRIVERS>\kyDPA.dll
- <DRIVERS>\ybQSDjyK.exe
- %WINDIR%\qhoYcpM.exe
- <DRIVERS>\adnFAMCxs.dll
- <SYSTEM32>\hfCFOoBeM.dll
- %WINDIR%\DnLyWMHU.exe
- <DRIVERS>\aJMrgaWAW.dll
- %WINDIR%\jHthPNy.exe
- %WINDIR%\XDIVQ.dll
- <SYSTEM32>\LMpkwgetO.dll
- <SYSTEM32>\GjGBChG.exe
- %WINDIR%\KahkyfrI.dll
- %WINDIR%\dcdUe.dll
- <SYSTEM32>\TjcgiY.exe
- <DRIVERS>\qcPriS.exe
- %WINDIR%\DWbxJgUsT.exe
- <SYSTEM32>\plAMkSNmH.exe
- <DRIVERS>\FgbIHBkgf.exe
- <DRIVERS>\ACeRUVH.dll
- %WINDIR%\bJnQS.exe
- <SYSTEM32>\sCIaLjyt.dll
- <DRIVERS>\ugMdsbwyW.dll
- <DRIVERS>\nkCoQTmW.exe
- <SYSTEM32>\AYXJypu.exe
- <DRIVERS>\dKcnOpk.exe
- <SYSTEM32>\YqyOcgT.dll
- %WINDIR%\wrvbIjSfY.exe
- %WINDIR%\AOLvQy.exe
- %WINDIR%\MsqnBkeDC.dll
- <DRIVERS>\EoUcg.dll
- <SYSTEM32>\PpeEiy.dll
- %WINDIR%\JoUwbfIe.exe
- <SYSTEM32>\qdsvI.dll
- %WINDIR%\wGvujTBj.dll
- %WINDIR%\mQEJe.exe
- <DRIVERS>\vspytq.exe
- <SYSTEM32>\dRMdRyhEY.dll
- <SYSTEM32>\devseXLf.exe
- <DRIVERS>\CFmvAv.dll
- <SYSTEM32>\VpJdfPN.dll
- <DRIVERS>\yxqHyO.dll
- <DRIVERS>\qAasJYO.exe
- <SYSTEM32>\BDJMAOsfG.exe
- %WINDIR%\cnqgBPB.dll
- %WINDIR%\ddwurc.exe
- <DRIVERS>\FxbJn.dll
- <SYSTEM32>\iKAnmGsI.dll
- <DRIVERS>\glrOyb.exe
- <SYSTEM32>\GafRX.dll
- %WINDIR%\RHXXYlf.dll
- <DRIVERS>\RryTbaWE.dll
- %WINDIR%\TrFBgrY.exe
- <SYSTEM32>\MnPei.dll
- %WINDIR%\uSfTUxsv.exe
- %WINDIR%\wEmEo.exe
- <SYSTEM32>\vTUMRrfhn.exe
- <SYSTEM32>\ujXoClCL.exe
- %WINDIR%\wHJtYWr.exe
- <SYSTEM32>\xcoUC.dll
- <DRIVERS>\uSNDoKcNB.dll
- %WINDIR%\MLCqJp.dll
- %WINDIR%\fJSNHoQg.exe
- %WINDIR%\oFsuW.exe
- %WINDIR%\kBvevfhX.dll
- %WINDIR%\LQLchMp.exe
- <SYSTEM32>\pNgQOj.dll
- %WINDIR%\PbMYBneK.dll
- <DRIVERS>\hLdSHHG.exe
- <DRIVERS>\RRMajFJGD.exe
- <SYSTEM32>\SUFXJqjl.dll
- <DRIVERS>\kbHdwanMc.dll
- <DRIVERS>\Pkstex.dll
- <DRIVERS>\hfqpF.dll
- %WINDIR%\qORMU.exe
- <DRIVERS>\wsaWIdmK.dll
- %WINDIR%\nOkunLpvj.exe
- <DRIVERS>\BHfUtYH.exe
- <SYSTEM32>\EIxijIp.dll
- <SYSTEM32>\bdObMncDX.exe
- <SYSTEM32>\nAPkbxtr.exe
- <DRIVERS>\oMUpluIu.exe
- <SYSTEM32>\NjamSM.dll
- <DRIVERS>\KjlHqRa.exe
- %WINDIR%\eILdjv.dll
- <SYSTEM32>\BQxQtyj.exe
- <DRIVERS>\SxjEL.dll
- <SYSTEM32>\itoxLqrtS.exe
- <DRIVERS>\wbksMb.dll
- <DRIVERS>\xIVwjpdM.dll
- <SYSTEM32>\VdkkXQe.exe
- %WINDIR%\RjfokiIy.exe
- <SYSTEM32>\VBpynQSQy.exe
- %WINDIR%\jbIIVKGL.dll
- <DRIVERS>\aXFyIrq.dll
- <DRIVERS>\VtKbrn.dll
- <DRIVERS>\QCtmWjXh.exe
- %WINDIR%\xQlVgrHR.dll
- <SYSTEM32>\LhAUrwGxG.exe
- <DRIVERS>\ptchmpAxd.dll
- <DRIVERS>\blaxnF.dll
- <SYSTEM32>\LKRsfqB.exe
- <DRIVERS>\vlhhXhSPk.exe
- <SYSTEM32>\vvCSFv.dll
- <SYSTEM32>\eKyhKaoD.dll
- %WINDIR%\xDdnm.exe
- %WINDIR%\jCkbdkYn.dll
- %WINDIR%\ysYsyjVoH.dll
- <DRIVERS>\pxMXUsC.exe
- <DRIVERS>\PpejoxxRB.dll
- <SYSTEM32>\wNFJG.exe
- <SYSTEM32>\RWbNwbDuD.exe
- <SYSTEM32>\kikkNe.dll
- <DRIVERS>\qgsQExAh.exe
- <SYSTEM32>\fghpq.dll
- <DRIVERS>\laoGRa.dll
- <SYSTEM32>\Vbdaen.exe
- %WINDIR%\VcMqEPYB.dll
- %WINDIR%\JPWDFhyT.exe
- %WINDIR%\qUvPb.exe
- <DRIVERS>\hMpGeUHxW.exe
- <SYSTEM32>\rHPhy.exe
- %WINDIR%\tUkGbjof.exe
- %WINDIR%\JsSRP.exe
- %WINDIR%\smoNhxeAV.dll
- <DRIVERS>\gbheyK.exe
- <DRIVERS>\xSQfYFmS.dll
- <DRIVERS>\ebbytGAO.dll
- <SYSTEM32>\YPwGCYre.dll
- <DRIVERS>\yUHCJyw.dll
- %WINDIR%\dcBnLKvT.exe
- <DRIVERS>\EiUlKb.exe
- <DRIVERS>\IOBHj.exe
- %WINDIR%\tcCfovEm.dll
- <DRIVERS>\AugDABiu.exe
- %WINDIR%\EeUdPuE.exe
- <SYSTEM32>\ecmFPXhOg.dll
- <DRIVERS>\KebhjM.exe
- <DRIVERS>\LALJj.dll
- <SYSTEM32>\duLigTpYq.dll
- %WINDIR%\wFkMuXb.exe
- <DRIVERS>\HjOcrq.exe
- <DRIVERS>\kwGnQIfy.exe
- <SYSTEM32>\vYvVrAT.dll
- %WINDIR%\KxsIdwW.dll
- %WINDIR%\HVQvbBfx.exe
- <SYSTEM32>\RSqNCch.exe
- <DRIVERS>\eYrWjqN.dll
- <DRIVERS>\JFwvi.exe
- <SYSTEM32>\lDuAk.exe
- <DRIVERS>\ctIdu.dll
- <DRIVERS>\jmUYjp.dll
- %WINDIR%\YFvqVoCJg.dll
- %WINDIR%\YQmhLu.dll
- %WINDIR%\NlviILKb.exe
- <SYSTEM32>\CqOPanved.dll
- %WINDIR%\bSHcp.exe
- %WINDIR%\NiGghBbD.dll
- <DRIVERS>\UgbyiAT.exe
- %WINDIR%\FKblE.dll
- %WINDIR%\cufBuf.exe
- <SYSTEM32>\kfqAqV.exe
- %WINDIR%\JEVnIfa.dll
- <SYSTEM32>\HLVOcrJa.exe
- <DRIVERS>\xBQGxmGd.exe
- <SYSTEM32>\VJrIrgkT.exe
- <DRIVERS>\WxNDVTX.dll
- <SYSTEM32>\ytNGFpAO.dll
- <DRIVERS>\VBUYWNak.dll
- <DRIVERS>\VDUHgO.exe
- %WINDIR%\CgjqMsmdr.exe
- <SYSTEM32>\HhcLcjB.exe
- <DRIVERS>\nHtQxfKPA.exe
- <SYSTEM32>\ftjIfF.exe
- <SYSTEM32>\ujrUejk.exe
- %WINDIR%\nJlrL.dll
- %WINDIR%\QmjSri.exe
- <SYSTEM32>\hRxSjw.dll
- <SYSTEM32>\GJTfd.exe
- %WINDIR%\Vjgqo.dll
- <DRIVERS>\TPWLPwYbG.exe
- %WINDIR%\RyYTVciE.dll
- %WINDIR%\bEtwfPu.dll
- <SYSTEM32>\FrdQSxNv.exe
- <DRIVERS>\ENgxSaf.exe
- <DRIVERS>\xJfbnT.dll
- <DRIVERS>\EHnrlc.exe
- <DRIVERS>\KqmsE.dll
- <DRIVERS>\NViTxc.exe
- <DRIVERS>\lbnAK.dll
- %WINDIR%\pNFpyJKB.exe
- <DRIVERS>\laTVM.exe
- <DRIVERS>\drjbFm.exe
- %WINDIR%\HmOKBIYF.dll
- %WINDIR%\rWuKsBsbG.exe
- %WINDIR%\DTNmj.exe
- <DRIVERS>\SKlkuIaay.dll
- <SYSTEM32>\vPacyQ.exe
- <SYSTEM32>\nTAlkNhb.dll
- <DRIVERS>\uKLHK.dll
- %WINDIR%\ilUWB.exe
- %WINDIR%\leJhpIm.exe
- <SYSTEM32>\sbYKETO.exe
- %WINDIR%\DmcBi.dll
- <SYSTEM32>\xSUlVNF.exe
- <SYSTEM32>\wlluqkF.dll
- <DRIVERS>\CXXvum.exe
- <SYSTEM32>\sCEip.exe
- %WINDIR%\oLVgIxAUd.exe
- %WINDIR%\CUdfvMOX.exe
- <SYSTEM32>\SGqKB.dll
- %WINDIR%\BEPxu.dll
- %WINDIR%\hfjnbWJv.dll
- <SYSTEM32>\lPfrM.exe
- <SYSTEM32>\xQkFdK.exe
- <DRIVERS>\lLoYYdq.dll
- <SYSTEM32>\DTCXKp.exe
- <SYSTEM32>\FoOpD.exe
- <DRIVERS>\FUgyxUnq.dll
- <SYSTEM32>\DGUJps.exe
- <SYSTEM32>\GnosfXNqj.dll
- %WINDIR%\qCrcWR.exe
- <SYSTEM32>\TYiRn.exe
- <SYSTEM32>\mpCBrGmso.dll
- %WINDIR%\GNlqvfiUk.dll
- <SYSTEM32>\hptKG.dll
- %WINDIR%\qkKAB.dll
- %WINDIR%\hoKiIGdde.dll
- %WINDIR%\PXVCmxf.exe
- <SYSTEM32>\cojOVfUa.exe
- <DRIVERS>\FGtEnlP.exe
- %WINDIR%\sKBhhbIAH.dll
- <DRIVERS>\mfBnPxx.dll
- <SYSTEM32>\wOPkEET.exe
- <SYSTEM32>\JvPQcVDsp.dll
- <DRIVERS>\KTlVq.dll
- <SYSTEM32>\cvwdY.dll
- %WINDIR%\oFQDy.exe
- <DRIVERS>\BQvur.exe
- %WINDIR%\WRdnW.exe
- %WINDIR%\XNGqMRD.dll
- <DRIVERS>\GawmMSDAV.exe
- <DRIVERS>\DoNXAjM.dll
- <DRIVERS>\SMNCaIFk.dll
- %WINDIR%\yTLqjc.dll
- <DRIVERS>\lllSCcDq.exe
- <SYSTEM32>\NtnDpbIw.dll
- %WINDIR%\tTnAuphc.exe
- %WINDIR%\OkageFN.dll
- <SYSTEM32>\bKjODY.exe
- <SYSTEM32>\MGwEMdFG.dll
- <DRIVERS>\AEsjUiYQ.dll
- %WINDIR%\kykLaij.exe
- <DRIVERS>\KqxgArBv.dll
- <SYSTEM32>\vcxSsLi.exe
- %WINDIR%\IyDBsFF.dll
- <SYSTEM32>\DPpVKIQUu.dll
- <SYSTEM32>\XoNejj.exe
- <DRIVERS>\lFpQadlk.exe
- <SYSTEM32>\nGOgw.exe
- <SYSTEM32>\ieiaJoa.exe
- %WINDIR%\TKSRNL.exe
- <SYSTEM32>\ElcYJafL.exe
- %WINDIR%\CkVDfX.exe
- %WINDIR%\AlkVqpsQQ.exe
- <DRIVERS>\giYcyWo.dll
- %WINDIR%\VddJKKtyf.exe
- <SYSTEM32>\BuykRq.dll
- %WINDIR%\UdUHBePQs.exe
- <SYSTEM32>\dYfWsUj.dll
- <DRIVERS>\ncvCFqY.exe
- <DRIVERS>\YsQITgx.exe
- <SYSTEM32>\ftGvq.exe
- <DRIVERS>\ykWed.dll
- <DRIVERS>\bxgfPcWmY.dll
- %WINDIR%\SUWVS.exe
- %WINDIR%\QiAJUEL.dll
- <DRIVERS>\WHQrEMJDi.dll
- %WINDIR%\qWAdhFyXA.exe
- %WINDIR%\cuUTc.dll
- %WINDIR%\HpowwOec.exe
- <SYSTEM32>\vioYB.exe
- <SYSTEM32>\UHGKDkY.exe
- <SYSTEM32>\laqWpJISy.exe
- <DRIVERS>\qcLmJH.exe
- <SYSTEM32>\WqqDhwy.exe
- <DRIVERS>\IiECSA.dll
- %WINDIR%\ApRTBrEI.exe
- <SYSTEM32>\nuBMHJybT.dll
- %WINDIR%\nNRlwdXx.exe
- <DRIVERS>\oURRpuCq.exe
- %WINDIR%\aiSEn.exe
- <DRIVERS>\jrAbOwi.exe
- <DRIVERS>\lYlaSgw.dll
- <DRIVERS>\DHjLV.exe
- <DRIVERS>\PAAYCC.dll
- <DRIVERS>\GRAOt.exe
- <SYSTEM32>\eNprkaUhD.dll
- <SYSTEM32>\tEspud.exe
- %WINDIR%\HcnqlFI.dll
- <DRIVERS>\hDlJiQX.dll
- <DRIVERS>\VJDiAnY.dll
- %WINDIR%\dhwMYEkH.dll
- <DRIVERS>\ISnkNITVc.exe
- <SYSTEM32>\EqGPa.exe
- <SYSTEM32>\qKIMdBk.exe
- %WINDIR%\LYaXXABD.exe
- <DRIVERS>\fUdSoSTq.dll
- %WINDIR%\pVMbONNe.dll
- <DRIVERS>\dUgkbBWEF.dll
- <DRIVERS>\wfwDuy.dll
- <SYSTEM32>\qxgUEeq.exe
- %WINDIR%\pfqXvEI.dll
- <SYSTEM32>\ceWInMPH.dll
- <SYSTEM32>\mgiPTgD.dll
- %WINDIR%\LNSbhbvNe.dll
- %WINDIR%\hVglMWW.exe
- <SYSTEM32>\qRXCc.dll
- <SYSTEM32>\DXWHI.dll
- <SYSTEM32>\EfLWHb.dll
- %WINDIR%\VDLTTn.dll
- %WINDIR%\SYshYqkoe.exe
- %WINDIR%\gyqEUDxT.exe
- %WINDIR%\BjpFQeOb.dll
- <SYSTEM32>\CmqgwHTp.dll
- %WINDIR%\rLOUfg.dll
- <SYSTEM32>\KCwUogS.dll
- <DRIVERS>\uoGhDqG.exe
- <DRIVERS>\mWHHIOb.exe
- %WINDIR%\LwKLNq.dll
- <DRIVERS>\KQbjqHLl.exe
- <SYSTEM32>\AbbSwKL.exe
- <SYSTEM32>\sXsreLiph.exe
- <SYSTEM32>\GBhOoS.dll
- <DRIVERS>\qQCAtKXsB.dll
- <DRIVERS>\aLKemtWT.dll
- %WINDIR%\tilIYTm.dll
- <DRIVERS>\RMFRj.dll
- <DRIVERS>\fmIJLgHc.exe
- <SYSTEM32>\huwsmJ.dll
- <SYSTEM32>\LBvnEFRA.dll
- <SYSTEM32>\jTpUyMraY.dll
- %WINDIR%\ppyFxMdA.exe
- <DRIVERS>\TVsJX.exe
- <DRIVERS>\nSIKS.dll
- <SYSTEM32>\RTxFbJ.exe
- %WINDIR%\ttOGa.exe
- <DRIVERS>\lFqdCxO.dll
- %WINDIR%\lhuJf.dll
- %WINDIR%\nVQtpHDI.dll
- <SYSTEM32>\ErSaRJ.exe
- <DRIVERS>\sNmYJ.dll
- %WINDIR%\FqEvl.exe
- %WINDIR%\DeXJYeo.exe
- <DRIVERS>\EHtmXxEyv.exe
- %WINDIR%\HTWOoDDL.dll
- <DRIVERS>\peTWj.exe
- <SYSTEM32>\fAeCJSmKe.exe
- <DRIVERS>\GApRaJNHR.dll
- <SYSTEM32>\JkLBK.exe
- <SYSTEM32>\hbVGiiaQ.exe
- %WINDIR%\LrJudTIT.dll
- %WINDIR%\XOOeC.dll
- <SYSTEM32>\IqSsG.exe
- %WINDIR%\SQiEqnVlN.dll
- <DRIVERS>\RHVNpf.exe
- <SYSTEM32>\uoqmDDT.exe
- <SYSTEM32>\mVcHdC.dll
- %WINDIR%\tHkTjAIjU.exe
- %WINDIR%\NXxEfRlU.exe
- <DRIVERS>\hdTmrIy.dll
- %WINDIR%\DDpWiEeCX.dll
- <DRIVERS>\mPhlawlWM.dll
- %WINDIR%\RctOo.dll
- %WINDIR%\gLYNG.dll
- <SYSTEM32>\fNUoIc.exe
- <DRIVERS>\eEXsuFfK.exe
- <SYSTEM32>\QfkUh.exe
- %WINDIR%\Pawao.exe
- <DRIVERS>\eFWOVF.exe
- %WINDIR%\MNdjXF.dll
- %WINDIR%\lIGfOCsq.exe
- %WINDIR%\fxraD.exe
- <DRIVERS>\HenMb.exe
- <SYSTEM32>\KOlMF.dll
- <DRIVERS>\HTKsAG.dll
- <SYSTEM32>\ahwOn.exe
- <DRIVERS>\qPgsTTi.dll
- <SYSTEM32>\hScrvaII.exe
- %WINDIR%\iyFaC.dll
- %WINDIR%\LgDHd.dll
- %WINDIR%\UhTDYT.exe
- <DRIVERS>\fCqsf.dll
- %WINDIR%\lCBdNHHpw.dll
- %WINDIR%\MGkSxr.dll
- %WINDIR%\mQFHcxI.dll
- <DRIVERS>\pqMYi.dll
- <DRIVERS>\YlCVn.dll
- <DRIVERS>\bqPVFaM.exe
- <SYSTEM32>\dGjEd.dll
- <DRIVERS>\BMhLEi.dll
- %WINDIR%\SyhEoRxj.exe
- <SYSTEM32>\kcpACRViX.exe
- <SYSTEM32>\bFPXh.dll
- <DRIVERS>\aFoBUg.dll
- <SYSTEM32>\uRNIdcb.exe
- <SYSTEM32>\XGsWJ.dll
- <DRIVERS>\nStHAWYv.exe
- <SYSTEM32>\ngFeFBm.exe
- <SYSTEM32>\wqAUgPO.exe
- <DRIVERS>\vilGrms.dll
- <SYSTEM32>\Kctyq.dll
- %WINDIR%\GDVPGBsT.exe
- <SYSTEM32>\wdBEjmX.exe
- %WINDIR%\CBOtK.dll
- <DRIVERS>\gTGdXd.dll
- <DRIVERS>\rCibfk.dll
- <SYSTEM32>\DMPeqcOfP.exe
- <SYSTEM32>\gVjnNyR.dll
- %WINDIR%\DfvKCWSS.dll
- %WINDIR%\fchhEfu.exe
- <DRIVERS>\ClTUAxUB.dll
- <SYSTEM32>\REGLH.dll
- <DRIVERS>\EVXiAgX.exe
- %WINDIR%\SSEPTsJy.exe
- <DRIVERS>\Wjtll.exe
- <SYSTEM32>\VIqTVY.dll
- <SYSTEM32>\UemEOCE.dll
- <DRIVERS>\CniAqPb.dll
- <SYSTEM32>\FQjodd.dll
- <SYSTEM32>\IxbSOgt.exe
- %WINDIR%\awygudpw.exe
- <DRIVERS>\bGLWgNT.exe
- <DRIVERS>\eGWaylWog.exe
- %WINDIR%\bILejJxkQ.exe
- <SYSTEM32>\QMllmmu.dll
- <DRIVERS>\uVntOFJw.exe
- <SYSTEM32>\mmIpFY.dll
- %WINDIR%\XBNXrRUwc.dll
- %WINDIR%\rjGho.exe
- %WINDIR%\rNNju.exe
- <DRIVERS>\uJmri.dll
- %WINDIR%\xkUTuRBu.dll
- %WINDIR%\wAABrH.dll
- <SYSTEM32>\GdqVTO.dll
- %WINDIR%\keoUyCm.dll
- <DRIVERS>\PKmRkSQX.dll
- <DRIVERS>\fhiawu.dll
- %WINDIR%\IIscd.dll
- <SYSTEM32>\SLTGX.exe
- %WINDIR%\kviim.dll
- %WINDIR%\VxCLye.dll
- <SYSTEM32>\nhhCmqEW.dll
- <DRIVERS>\rpyybIOmK.exe
- <DRIVERS>\rRwfb.dll
- <SYSTEM32>\beoTOkHV.dll
- %WINDIR%\EQfWnVgc.exe
- %WINDIR%\gFvDaYdH.exe
- <DRIVERS>\EHCvHqFHy.dll
- <SYSTEM32>\ujUQqXGfE.exe
- <SYSTEM32>\aiENifgO.exe
- <SYSTEM32>\UNPxWXS.exe
- <DRIVERS>\dNrbPUgm.exe
- <SYSTEM32>\mCAMb.exe
- <SYSTEM32>\akltQEtnc.dll
- %TEMP%\HTMLayout.dll
- <SYSTEM32>\jXfxGfv.dll
- <SYSTEM32>\IgmhKxB.exe
- %WINDIR%\vKDdJG.dll
- <SYSTEM32>\wMcKnoLFV.exe
- <SYSTEM32>\VNRooNxKL.dll
- <SYSTEM32>\uFphxxhBv.exe
- <SYSTEM32>\SEKSts.dll
- %WINDIR%\tHSrhEN.dll
- <DRIVERS>\fdfuG.exe
- <SYSTEM32>\wMdBG.dll
- <DRIVERS>\TpDTd.dll
- <SYSTEM32>\Vglwe.exe
- %WINDIR%\gTtFGYTHM.dll
- <DRIVERS>\ruxjS.exe
- <SYSTEM32>\gClxkHkw.dll
- <SYSTEM32>\fmoRIa.exe
- <DRIVERS>\xEJpuXHhk.exe
- <DRIVERS>\fpHTrnEY.dll
- %WINDIR%\UvfVqfnHx.exe
- <SYSTEM32>\xeyAHGRS.dll
- <SYSTEM32>\mGitwj.dll
- <SYSTEM32>\eucvNAnj.exe
- %WINDIR%\gVVCAVUsU.exe
- <DRIVERS>\guyclXF.dll
- %WINDIR%\JjaLPLe.dll
- <DRIVERS>\CLfwGycLF.exe
- %WINDIR%\MYwVDbowG.dll
- %WINDIR%\PhvodoHNs.exe
- <SYSTEM32>\MUgJGmlsD.dll
- %WINDIR%\fxvvbs.exe
- <DRIVERS>\hkNSWRRg.exe
- <SYSTEM32>\yXgToFS.exe
- <SYSTEM32>\EAkWFe.exe
- %WINDIR%\SMhwarrPr.dll
- <SYSTEM32>\BsJbm.exe
- <SYSTEM32>\LnFdmR.dll
- %WINDIR%\GELJa.exe
- <DRIVERS>\DgIRRNqM.exe
- %WINDIR%\yywxu.exe
- <SYSTEM32>\xdLCnbIJe.dll
- %WINDIR%\bGKTnFKXJ.exe
- <DRIVERS>\fjJcWUj.exe
- %WINDIR%\TOLTFVae.exe
- <SYSTEM32>\AaaJngape.dll
- <SYSTEM32>\vqHUP.dll
- <SYSTEM32>\TfKubTvS.exe
- <SYSTEM32>\YdRBRjL.dll
- <DRIVERS>\Eigtl.exe
- %WINDIR%\HenLA.exe
- %WINDIR%\NHRCkS.dll
- %WINDIR%\NWRSxHe.exe
- <DRIVERS>\okrukWhCu.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\protection[1]
- <DRIVERS>\ThtIFktY.dll
- %WINDIR%\ePrMdrPo.dll
- %WINDIR%\ojBkj.dll
- <SYSTEM32>\knXIq.exe
- <SYSTEM32>\OLWtJfJQh.exe
- <SYSTEM32>\GbCOKpD.exe
- <DRIVERS>\OeffeL.exe
- %WINDIR%\iQWFSkYi.exe
- <SYSTEM32>\PrrTU.dll
- %WINDIR%\AxqAXlQhW.exe
- <SYSTEM32>\UrnxaGTll.dll
- <SYSTEM32>\YfqxWVmRn.exe
- <DRIVERS>\fFHFnEmA.dll
- <SYSTEM32>\WhhpBeJAJ.dll
- %WINDIR%\VKyKn.dll
- %WINDIR%\PPvdi.exe
- <SYSTEM32>\eaSNlEM.dll
- <SYSTEM32>\hesrEOXb.dll
- %WINDIR%\EFoLgOC.dll
- <SYSTEM32>\vPbfwcql.exe
- <DRIVERS>\pbEGCBtiq.dll
- <SYSTEM32>\Crtdbad.dll
- <SYSTEM32>\cflOtgoR.exe
- <DRIVERS>\pXebCwmIa.dll
- %WINDIR%\IvLqcMV.dll
- <DRIVERS>\ykKxSB.dll
- <SYSTEM32>\CeabA.exe
- <SYSTEM32>\gcPyb.dll
- %WINDIR%\vRNndAUC.exe
- %WINDIR%\MBYBBY.dll
- <DRIVERS>\QQIsN.dll
- <DRIVERS>\TnHLVJr.dll
- <SYSTEM32>\eMKgNS.dll
- <SYSTEM32>\DSOmDn.dll
- <SYSTEM32>\GWALDrD.dll
- %WINDIR%\BqIYGL.dll
- <DRIVERS>\OrKrOY.exe
- <SYSTEM32>\llqvb.exe
- <DRIVERS>\PJPGJ.exe
- <DRIVERS>\HUvkARDaN.exe
- <SYSTEM32>\TCofgrLB.exe
- %WINDIR%\afkWFE.dll
- %WINDIR%\CcHPV.dll
- <SYSTEM32>\xvacedTEL.exe
- <SYSTEM32>\QRvVNsaL.exe
- <DRIVERS>\HUXhJF.exe
- %WINDIR%\FQWEuDGw.dll
- <DRIVERS>\YGRmVde.dll
- <SYSTEM32>\hJhcXryac.exe
- <SYSTEM32>\ElBAGVO.dll
- <DRIVERS>\woFFQwpae.dll
- <DRIVERS>\sKuSYPyiS.exe
- <SYSTEM32>\KHqVB.exe
- <SYSTEM32>\UgwEs.dll
- %WINDIR%\LpHxD.exe
- <SYSTEM32>\jrQuQyuT.dll
- <SYSTEM32>\LfOeQGl.exe
- <SYSTEM32>\SOupReR.exe
- <SYSTEM32>\puyKdd.dll
- <SYSTEM32>\VSgAs.exe
- %WINDIR%\qmikcddL.dll
- %WINDIR%\sgWEq.exe
- %WINDIR%\UfhgXSNtF.dll
- %WINDIR%\ITTJbNo.exe
- <DRIVERS>\bgkYqpQ.exe
- <DRIVERS>\aDKJbXjvn.dll
- <SYSTEM32>\vTXmcdsF.exe
- %WINDIR%\kshLagdQV.exe
- %WINDIR%\ptypqrO.exe
- %WINDIR%\PxnlIiC.exe
- %WINDIR%\LqkMbK.dll
- %WINDIR%\HtoAL.dll
- <DRIVERS>\pVbOPm.dll
- %WINDIR%\kgeNyXpx.dll
- <SYSTEM32>\xemWNp.dll
- <SYSTEM32>\GpKEm.dll
- <DRIVERS>\aCwuUw.dll
- <SYSTEM32>\bCwlyiNyj.dll
- <DRIVERS>\RjCBHcBaV.exe
- <SYSTEM32>\XWSSMbTu.dll
- <DRIVERS>\Rriqi.dll
- <DRIVERS>\tyHUEv.exe
- %WINDIR%\XpPuovxff.exe
- <SYSTEM32>\iaOombss.dll
- <DRIVERS>\wAdtC.dll
- <SYSTEM32>\fTlJOiU.dll
- <SYSTEM32>\qyTqhV.exe
- <SYSTEM32>\CTqebBSV.dll
- %WINDIR%\YePqLr.dll
- <SYSTEM32>\rOTFvyA.exe
- <DRIVERS>\EtNKSK.dll
- <SYSTEM32>\HuVbNMN.dll
- <DRIVERS>\hfhFyol.dll
- <SYSTEM32>\VGcES.dll
- <DRIVERS>\euCrWUDBJ.exe
- <DRIVERS>\IEfKBK.dll
- <DRIVERS>\hCnFacns.exe
- <SYSTEM32>\oSngcT.dll
- <SYSTEM32>\yHtAju.exe
- %WINDIR%\bLiFpA.exe
- <DRIVERS>\IIeBGw.dll
- <SYSTEM32>\TlJmc.dll
- %WINDIR%\THfyl.exe
- %WINDIR%\NKYgyTY.dll
- <SYSTEM32>\SjIAnGW.dll
- <DRIVERS>\dMhpF.dll
- <DRIVERS>\Xrughb.exe
- <DRIVERS>\KvCDcGVKY.dll
- <SYSTEM32>\FSscSlWf.dll
- %WINDIR%\MhlCDNwQ.exe
- <SYSTEM32>\wdcAOTli.dll
- <DRIVERS>\shwuT.exe
- %WINDIR%\LjDmuc.exe
- <SYSTEM32>\RbcUpCd.dll
- %WINDIR%\cEqgM.dll
- <DRIVERS>\CCXsCWJ.dll
- <DRIVERS>\VTaJNX.dll
- <DRIVERS>\iOfAQL.exe
- <SYSTEM32>\RPFYxvjqN.dll
- %WINDIR%\uUsxbAG.dll
- %WINDIR%\lGAvQSGfq.dll
- %WINDIR%\lVGDc.dll
- <SYSTEM32>\dwNbFUb.exe
- <SYSTEM32>\XClpKgA.exe
- %WINDIR%\jPYEFfuf.exe
- %WINDIR%\sqOAHwQ.exe
- <DRIVERS>\oRqVOkL.exe
- <DRIVERS>\YJULg.exe
- %WINDIR%\rBtAPY.dll
- <DRIVERS>\KBEScQA.exe
- <SYSTEM32>\pHgCrisnj.exe
- <SYSTEM32>\WCPFTCfGE.exe
- <DRIVERS>\aWuIa.exe
- <SYSTEM32>\rCeVK.dll
- %WINDIR%\YHfLG.dll
- <SYSTEM32>\tKMvosQwy.exe
- <DRIVERS>\rkDFI.exe
- <SYSTEM32>\ELWJSgxwC.exe
- <DRIVERS>\RalNONa.dll
- <DRIVERS>\ybTfR.dll
- %WINDIR%\cqDNuRg.exe
- %WINDIR%\BFLoCR.dll
- %WINDIR%\UdBfuRRKg.exe
- <SYSTEM32>\yuKfAKCF.exe
- %WINDIR%\oiDvCiE.exe
- <DRIVERS>\oPXtJjU.dll
- %WINDIR%\VyDPIKqp.exe
- <DRIVERS>\WCexkrStI.dll
- %WINDIR%\mcegIBhL.dll
- %WINDIR%\HkvucnHc.dll
- %WINDIR%\dAkhV.dll
- <DRIVERS>\wtXSIDnGr.dll
- %WINDIR%\HeqtO.dll
- %WINDIR%\osdNCegN.exe
- %WINDIR%\BFMcPFI.exe
- <DRIVERS>\DPPTIX.exe
- <DRIVERS>\fKNBNHvg.dll
- <SYSTEM32>\EWjiOA.exe
- <SYSTEM32>\JaOiVlmxG.dll
- <DRIVERS>\LRoqSJvi.dll
- %WINDIR%\BWrOl.dll
- <DRIVERS>\idSCU.dll
- %WINDIR%\rjxUvVO.dll
- <DRIVERS>\oHjpIs.exe
- %WINDIR%\shmfKFKX.exe
- <SYSTEM32>\EhlMUs.dll
- %WINDIR%\eNTnCBJi.dll
- %WINDIR%\rSkXRQlu.dll
- <DRIVERS>\ubFQMvSul.dll
- <SYSTEM32>\ppRodxjfq.exe
- <SYSTEM32>\hyiAbyw.dll
- <SYSTEM32>\lwpTL.dll
- %WINDIR%\hTBCC.dll
- <DRIVERS>\xUXuoBI.dll
- <DRIVERS>\TgTVtNMUG.exe
- <SYSTEM32>\hXcSvN.exe
- <SYSTEM32>\DIbIrdjt.exe
- %WINDIR%\kSibBDs.dll
- <SYSTEM32>\HPbrWdm.dll
- <DRIVERS>\QDvNPUUkA.dll
- %WINDIR%\ukYwNWH.dll
Сетевая активность:
Подключается к:
- 'localhost':1037
- 'www.av##a.com':80
TCP:
Запросы HTTP GET:
- www.av##a.com/protection/?i=##################################################################################################################################
UDP:
- DNS ASK www.av##a.com
Другое:
Ищет следующие окна:
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
