Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\ByteDownload protect service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\ByteDownload protect service] 'ImagePath' = '%CommonProgramFiles(x86)%\mqyeqa.exe'
- <Текущая директория>\config.ini
- %CommonProgramFiles(x86)%\mqyeqa.exe
- %WINDIR%\syswow64\config.ini
- %LOCALAPPDATA%\google\chrome\userda~1\default\login data.bak
- %APPDATA%\mozilla\firefox\profiles\gn7ryp~1.def\cookies.sqlite-shm
- http://in#####silver.com:10000/cookie via in####lsilver.com
- DNS ASK in####lsilver.com
- '%CommonProgramFiles(x86)%\mqyeqa.exe'