Техническая информация
- [<HKCU>\Software\RimArts\B2\Settings]
- [<HKCU>\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- %APPDATA%\thunderbird\profiles.ini
- %HOMEPATH%\fgfddd.exe
- %HOMEPATH%\dfgfdd.vbs
- %HOMEPATH%\dfgfdd.vbs
- http://ch#####.amazonaws.com/
- DNS ASK ch#####.amazonaws.com
- '<SYSTEM32>\cscript.exe' //B //Nologo %HOMEPATH%\dfgfdd.vbs
- '<SYSTEM32>\cscript.exe' //B //Nologo %HOMEPATH%\dfgfdd.vbs' (со скрытым окном)