Техническая информация
- %APPDATA%\Export\lsаss.exe
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\outlook.reg" "HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager"
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\wm.reg" "HKEY_CURRENT_USER\Software\WebMoney"
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\google.reg" "HKEY_CURRENT_USER\Software\Google"
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\mra.reg" "HKEY_CURRENT_USER\Software\Mail.Ru"
- magent.exe
- [<HKCU>\SOFTWARE\Mirabilis\ICQ\NewOwners]
- %APPDATA%\storage1\formhistory.sqlite
- %APPDATA%\storage1\signons.sqlite
- %APPDATA%\storage1\passes.xm
- %APPDATA%\storage1\8733_passes.xm
- <Текущая директория>\tmp
- %APPDATA%\storage1\magent-ie.txt
- %APPDATA%\Export\lsаss.exe
- %APPDATA%\storage1\key3.db
- %APPDATA%\storage1\cookies.sqlite
- %APPDATA%\storage1\cert8.db
- %APPDATA%\storage1\key3.db
- %APPDATA%\storage1\magent-ie.txt
- %APPDATA%\storage1\signons.sqlite
- %APPDATA%\storage1\formhistory.sqlite
- <Текущая директория>\tmp
- %APPDATA%\storage1\cert8.db
- %APPDATA%\storage1\cookies.sqlite
- 'xx#####axxx.hmsite.net':80
- xx#####axxx.hmsite.net/upload.php
- DNS ASK xx#####axxx.hmsite.net
- DNS ASK ya.ru
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''