Technical Information
- %WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe
- %TEMP%\hwpatch.exe
- %TEMP%\hwantiban.exe
- %ALLUSERSPROFILE%\wqddd.txt
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\policy.vpol
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\3ccd5499-87a8-4b10-a215-608888dd3b55.vsch
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\2f1a6504-0641-44cf-8bb5-3612d865f2e5.vsch
- %LOCALAPPDATA%\microsoft\vault\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\policy.vpol
- 'el###-hacks.ru':443
- 'ap#.#pify.org':80
- '91.##8.224.98':8080
- 'microsoft.com':80
- http://ap#.#pify.org/?fo########
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'el###-hacks.ru':443
- '91.##8.224.98':8080
- DNS ASK el###-hacks.ru
- DNS ASK ap#.#pify.org
- DNS ASK microsoft.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\hwantiban.exe'
- '%TEMP%\hwpatch.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe'