Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Blue Consulting Updater] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Blue Consulting] 'Start' = '00000002'
- %WINDIR%\Blue Consulting\Blue.exe
- %WINDIR%\Blue Consulting\Blue_Updater.exe
- %WINDIR%\Blue Consulting\vcredist.exe /q /norestart
- %WINDIR%\Blue Consulting\Blue_Updater.exe (загружен из сети Интернет)
- %WINDIR%\Blue Consulting\vcredist.exe (загружен из сети Интернет)
- %WINDIR%\Blue Consulting\Blue.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\Blue_Consulting[1].exe
- %WINDIR%\Blue Consulting\Blue_Updater.exe
- %WINDIR%\Blue Consulting\Blue.exe
- %WINDIR%\Blue Consulting\Blue.exe.tmp
- %WINDIR%\Blue Consulting\Blue_Updater.exe.tmp
- %WINDIR%\Blue Consulting\vcredist.exe.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vcredist32[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\Blue_Consulting_Updater[1].exe
- %WINDIR%\Blue Consulting\vcredist.exe
- %WINDIR%\Blue Consulting\Blue_Updater.exe.tmp
- %WINDIR%\Blue Consulting\Blue.exe.tmp
- %WINDIR%\Blue Consulting\vcredist.exe.tmp
- %WINDIR%\Blue Consulting\vcredist.exe
- 'www.ip###mietung.de':80
- 'localhost':1035
- www.ip###mietung.de/software/Blue_Consulting.exe
- www.ip###mietung.de/software/Blue_Consulting_Updater.exe
- www.ip###mietung.de/software/vcredist32.exe
- DNS ASK www.ip###mietung.de