Техническая информация
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp3.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp4.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp5.tmp"
- '%APPDATA%\dJLh.exe' "%APPDATA%\HiSNg.au3"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext "%TEMP%\tmp2.tmp"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- [<HKCU>\Software\Beyluxe Messenger]
- %APPDATA%\HiSNg.au3
- %TEMP%\5cc55762-44ea-d3b8-0669-a6ac0e4f3302
- %APPDATA%\dJLh.exe
- %TEMP%\aut1.tmp
- %TEMP%\grddzdn
- %TEMP%\grddzdn
- %TEMP%\aut1.tmp
- 'se###pay.info':80
- 'ug#.#pmcng.com':80
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://se###pay.info/Products/iSpyKelogger/Server/
- http://ug#.#pmcng.com/Panel/api
- DNS ASK se###pay.info
- DNS ASK ug#.#pmcng.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''