Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegistryMonitor1' = '<SYSTEM32>\qtplugin.exe'
- [<HKCU>\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [<HKLM>\Software\Microsoft\Internet Account Manager]
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook]
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings]
- [<HKCU>\SOFTWARE\RIT\The Bat!\Users depot]
- [<HKCU>\SOFTWARE\RIT\The Bat!]
- [<HKCU>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- <SYSTEM32>\qtplugin.exe
- 'ip####atabase.com':80
- 'co####rver-ns.com':80
- '89.##9.254.182':80
- '67.##5.160.76':25
- '21#.#0.115.173':80
- '21#.#0.115.178':80
- 'ho##ail.com':25
- DNS ASK Ip####atabase.com
- DNS ASK Co####rver-Ns.com
- DNS ASK ho##ail.com
- DNS ASK f.##.#ail.yahoo.com