Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\ihaTEOJCGTTU.lnk
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp2.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp3.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp4.tmp"
- '%APPDATA%\SaVU.exe' "%APPDATA%\GBPGE.au3"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp1.tmp"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %TEMP%\69d3fb33-2142-10ec-200d-b8275c7a0ee8
- %APPDATA%\GBPGE.au3
- %APPDATA%\SaVU.exe
- %HOMEPATH%\5OPVzwfEes9WyHKF\SaVU.exe
- %HOMEPATH%\5OPVzwfEes9WyHKF\GBPGE.au3
- %APPDATA%\SaVU.exe в %HOMEPATH%\5OPVzwfEes9WyHKF\SaVU.exe
- %APPDATA%\GBPGE.au3 в %HOMEPATH%\5OPVzwfEes9WyHKF\GBPGE.au3
- 'se###pay.info':80
- 'wp#d':80
- 'ma##.#kbendi-co.tk':26
- http://11#.#11.111.2/wpad.dat via wp#d
- http://se###pay.info/Products/iSpyKelogger/Server/
- DNS ASK se###pay.info
- DNS ASK wp#d
- DNS ASK ma##.#kbendi-co.tk
- ClassName: 'Shell_TrayWnd' WindowName: ''