Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MyyyyZApp' = '%TEMP%\MyyyyZApp\MyyyyZApp.exe'
- [<HKCU>\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions]
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- %APPDATA%\thunderbird\profiles.ini
- %TEMP%\myyyyzapp\myyyyzapp.exe
- %APPDATA%\glczzdo5.ty1\chrome\default\cookies
- %APPDATA%\glczzdo5.ty1\opera\cookies
- %APPDATA%\glczzdo5.ty1\firefox\profiles\22ie2h77.default\cookies.sqlite
- %APPDATA%\glczzdo5.ty1\thunderbird\profiles\cr5sc40q.default\cookies.sqlite
- %APPDATA%\glczzdo5.ty1.zip
- %APPDATA%\glczzdo5.ty1\chrome\default\cookies
- %APPDATA%\glczzdo5.ty1\firefox\profiles\22ie2h77.default\cookies.sqlite
- %APPDATA%\glczzdo5.ty1\opera\cookies
- %APPDATA%\glczzdo5.ty1\thunderbird\profiles\cr5sc40q.default\cookies.sqlite
- %APPDATA%\glczzdo5.ty1.zip
- 'ma##.#rncbbq.com':587
- http://ch#####.amazonaws.com/
- DNS ASK ch#####.amazonaws.com
- DNS ASK ma##.#rncbbq.com