Trojan.KeyLogger.40050

Техническая информация

Вредоносные функции:

Устанавливает процедуры перхвата сообщений

о нажатии клавиш клавиатуры:

Библиотека-обработчик для всех процессов: %APPDATA%\MyMacro\cfgdll.dll

Завершает или пытается завершить

следующие системные процессы:

<SYSTEM32>\ping.exe

Изменения в файловой системе:

Создает следующие файлы:

%TEMP%\mac1.tmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ИЎПыЖҐЕд.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·ИП.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їОТµ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їОТµНкіЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\А§ДС.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎїОТµ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\іЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщїОТµ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ФВББ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ц№Й±.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Дї±кНтАпМэ·з.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ц№Й±2.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґр¶Ф.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщКЖБ¦.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ИООс.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙКЖБ¦.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Чш±к.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°Ч±К.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°ЧЧй¶У.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґґЅЁ¶УОй.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶УОй.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶УОйїХО».bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎЗ°.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґтїЄВЫЅЈЅ±Аш.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщїОТµ2.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\єЪЧй¶У.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НЛіц»ЄЙЅ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуіъН·.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуё«Н·.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їі·Ґ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎіъН·.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎё«Н·.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\0.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\·µ»Ш.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№ШЧў.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»хЖ·ЅфИ±.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»НјЗшУт.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЇД»їЄ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РД.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪ¶ю±іѕ°.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪБщ±іѕ°.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪИэ±іѕ°.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪЛД±іѕ°.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЪОе±іѕ°.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґтїЄ»ЄЙЅВЫЅЈ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»ЄЙЅВЫЅЈ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ВЫЅЈ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ВЫЅЈЅ±Аш.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЖҐЕд.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЦРФ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»о¶ЇФВББ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛгШФ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщНтАп.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎµШНјІЭ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\БйЦҐ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Т°ЙЅІО.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Цм№ы.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Ѕрїу.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\БўТшїу.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛйКЇ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОЩѕ§їу.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎµШНјКЇ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЧжДёВМїу.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°ЪМЇ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶ЁНтАпМэ·з.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µ±З°МеБ¦»Цёґ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ВйТВРьЙН.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛўРВ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РьЙН1.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщІи№ЭЛµКй.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\К№УГВЇЧУ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\1ПЯ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ПВјэН·.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µЗЅЈёу.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЖҐЕд·й»р.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Йъ»ојјДЬ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуµШНјІЭ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µШБй№ы.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\·ўЛН.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ФУІЭ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НЛіц¶УОй.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Т»јьє°»°.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\±дЗї.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\јтµҐ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЖХНЁ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщзОзї.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЗуІЖ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\МЅ±¦.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Хд±¦ёу2.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»ЄХжХж.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎМъЗВ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\БўјґЗ°Нщ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ІЙјЇ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЙФєуФЩЛµ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·ИПМеБ¦»Цёґ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Т»јьМбЅ»їОТµ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їОТµНкіЙ2.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЖҐЕдКэБїЙЩ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°Нщ°пЕЙИООс.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщЛгШФ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»о¶ЇНј.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И«ІїЗеіэ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙТ»ЅЗ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶ЁїОТµ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НтАпМэ·з.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РьЙН.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НЪїу.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\єЪКЦ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуМъЗВ.bmp
%APPDATA%\MyMacro\plugin\WINDOW.ini
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\С°µА.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\С°µА2.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\С°µАНкіЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\УТјэН·.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЧујэН·.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶ЁєПіЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\їЄКјЕлвї.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶ЇЧч.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґуУжѕЯ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№єВт.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»о¶Ї.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶Ё.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\МнјУ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\РЎУжѕЯ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\УжѕЯ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЧФ¶ЇС°В·.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ґ№µц.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№Ш±Х1.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Іи№ЭЛµКй.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЅєюзОзї.bmp
%APPDATA%\qmacro\shield\SD003.dat
%APPDATA%\qmacro\shield\SD001.dat
%APPDATA%\qmacro\shield\Shield.ini
%APPDATA%\qmacro\shield\SD002.dat
%APPDATA%\qmacro\shield\SD000.dat
%TEMP%\MT.zip
%APPDATA%\MyMacro\plugin\WINDOW.DLL
%APPDATA%\MyMacro\plugin\LXJ_PLUG.DLL
%APPDATA%\MyMacro\plugin\BGKMS6_10.DLL
%APPDATA%\MyMacro\plugin\BGCP2_02.DLL
%APPDATA%\MyMacro\plugin\FILE.DLL
%TEMP%\mymacro.zip
%TEMP%\RKey.zip
%APPDATA%\MyMacro\RKey.dat
%TEMP%\Runner.zip
%APPDATA%\MyMacro\Runner.exe
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОґСЎЦРЅєю.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\µ±З°ЖҐЕдЦР.bmp
%APPDATA%\MyMacro\mymacro_errinfo.exe
%TEMP%\QMLog\20180527.log
%APPDATA%\MyMacro\cfgdll.dll
%APPDATA%\MyMacro\ShieldModule.dat
%APPDATA%\MacroCommerce\qdisp.dll
%ALLUSERSPROFILE%\Application Data\boost_interprocess\FkGk5lDwrFRu
%ALLUSERSPROFILE%\Application Data\boost_interprocess\FkGk5lDwrFR
%ALLUSERSPROFILE%\Application Data\boost_interprocess\oeZENFTndt5Q
%ALLUSERSPROFILE%\Application Data\boost_interprocess\u7dD6n8Ucltc
%TEMP%\ebd2.tmp
%TEMP%\win.ini
%TEMP%\plugin.zip
%APPDATA%\MyMacro\MT.exe
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\МѕєЕ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\СЎЦРЅєю.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\јЧ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОґСЎЦР·ЧХщ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\СЎЦР·ЧХщ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»рЦЦ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»Ёјь.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\АъНт°о.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ХЅ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙИООсНкіЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙИООсТСНкіЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ФшПИЙъ.bmp
%APPDATA%\qmacro\shield\SD004.dat
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Іи№ЭЛµКйНкіЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛгШФНкіЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\С°»хЗ§.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№Т»ъ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОТ·Ѕ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЅДП.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\КАЅз.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»»ПЯ±кК¶.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\»»ПЯИ¦.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\№єВт2.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°ЧКЦ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Т»јьМбЅ».bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЅєюзОзїНкіЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\АлїЄ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Хд±¦ёу.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\СЎЦР°пЕЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОґСЎЦР°пЕЙ.bmp
%HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\h[1].js
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ТТ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\јМРшґрМв.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\НЛіцІи№Э.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЅєюзОзїВј.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°ИҐґтМЅ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°НщЅ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОТ»бРЎРД.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶аР»БЛ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\З°Нщ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ё±±ѕ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЅшИлІи№Э.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ОґСЎЦРУОАъ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\Вд±К.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЗшУт.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛгГьІ·ШФ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЛжФµ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\ЅУКЬ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶Ф»°їт.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙИООс.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\°пЕЙИООс¶Ф»°.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\¶ФєЕ.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\И·¶Ё°пЕЙИООс.bmp
%WINDIR%\MYFZ\CLX\ЅыЦ№Йѕіэ\СЎЦРУОАъ.bmp
%APPDATA%\MyMacro\plugin\FILE.ini

Удаляет следующие файлы:

%TEMP%\plugin.zip
%TEMP%\mymacro.zip
%TEMP%\RKey.zip
%TEMP%\Runner.zip
%TEMP%\MT.zip
%ALLUSERSPROFILE%\Application Data\boost_interprocess\u7dD6n8Ucltc
%APPDATA%\MyMacro\ShieldModule.dat

Сетевая активность:

Подключается к:

'12#.#25.114.144':80
'w.###ata.net':443

TCP:

Запросы HTTP GET:

http://hm.##idu.com/h.js?82############################## via 12#.#25.114.144
http://lo#.##.baidu.com/hm.gif?cc############################################################################################################################################## via 12#.#25.114.1...
http://lo#.##.baidu.com/hm.gif?cc########################################################################################################################################################## via 1...

UDP:

DNS ASK so##.xiaojl.com
DNS ASK www.ba##u.com
DNS ASK hm.##idu.com
DNS ASK lo#.##.baidu.com
DNS ASK w.###ata.net

Другое:

Ищет следующие окна:

ClassName: '#32770' WindowName: '??????????????'
ClassName: '#32770' WindowName: 'ЎѕВмТПЎїіюБфПг'

Создает и запускает на исполнение:

'%APPDATA%\MyMacro\Runner.exe' --host_id 5 --verify_key 7wkIYUJ3fNFo --product "<Полный путь к файлу>" --version 2014.05.145683

Запускает на исполнение:

'<SYSTEM32>\ping.exe' www.ba##u.com -n 2

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней