Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FCE Start' = '<SYSTEM32>\YRFREX\FCE.exe'
- <LS_APPDATA>\Xenocode\Sandbox\Ammyy Admin\3.0.0.0\2012.08.16T15.46\Native\STUBEXE\@PROFILE@\Local Settings\Temp\AA_v3.exe
- <LS_APPDATA>\Xenocode\Sandbox\Ammyy Admin\3.0.0.0\2012.08.16T15.46\Native\STUBEXE\@SYSTEM@\YRFREX\FCE.exe
- <LS_APPDATA>\Xenocode\Sandbox\Ammyy Admin\3.0.0.0\2012.08.16T15.46\Virtual\STUBEXE\@APPDIR@\AA_v3.exe
- <LS_APPDATA>\Xenocode\Sandbox\Ammyy Admin\3.0.0.0\2012.08.16T15.46\Native\STUBEXE\@PROFILE@\Local Settings\Temp\Install.exe
- Библиотека-обработчик для всех процессов: <SYSTEM32>\YRFREX\FCE.001
- <SYSTEM32>\YRFREX\AKV.exe
- <SYSTEM32>\YRFREX\FCE.002
- %ALLUSERSPROFILE%\Application Data\AMMYY\hr
- %ALLUSERSPROFILE%\Application Data\AMMYY\settings3.bin
- %ALLUSERSPROFILE%\Application Data\AMMYY\hr3
- <SYSTEM32>\YRFREX\FCE.001
- %TEMP%\Install.exe
- %TEMP%\AA_v3.exe
- <SYSTEM32>\YRFREX\FCE.004
- <SYSTEM32>\YRFREX\FCE.exe
- 'rl.##myy.com':80
- rl.##myy.com/
- DNS ASK rl.##myy.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'AmmyyAdmin3Main' WindowName: ''
- ClassName: '' WindowName: 'AKLMW'