Техническая информация
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows Mail]
- [<HKCU>\Software\Microsoft\Windows Mail]
- %APPDATA%\opera software\opera stable\login data
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %WINDIR%\syswow64\ghtr.vbs
- %TEMP%\1.txt
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\0002.tmp
- %ProgramFiles(x86)%\microsoft В©\online installer\uninstall.exe
- %ProgramFiles(x86)%\microsoft В©\online installer\uninstall.ini
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\0002.tmp
- %TEMP%\$inst\2.tmp
- %WINDIR%\syswow64\ghtr.vbs
- 'fr##.##oxhosting.com':465
- 'fr##.##oxhosting.com':465
- DNS ASK fr##.##oxhosting.com
- '%WINDIR%\syswow64\wscript.exe' "<SYSTEM32>\ghtr.vbs"