Техническая информация
- скрытых файлов
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' -f "%TEMP%\holdermail.txt"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- %APPDATA%\pid.txt
- %APPDATA%\pidloc.txt
- %TEMP%\holdermail.txt
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
- %TEMP%\holdermail.txt
- %TEMP%\holdermail.txt
- 'wh#####yipaddress.com':80
- 'ma##.#inksintplc.in':587
- 'wp#d':80
- '20#.#6.232.182':80
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl via 20#.#6.232.182
- http://wh#####yipaddress.com/
- http://11#.#11.111.1/wpad.dat via wp#d
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl via 20#.#6.232.182
- DNS ASK wh#####yipaddress.com
- DNS ASK ma##.#inksintplc.in
- DNS ASK wp#d
- DNS ASK crl.microsoft.com
- ClassName: 'Shell_TrayWnd' WindowName: ''