Техническая информация
- %WINDIR%\Temp\svсhost.exe
- %APPDATA%\Export\svсhost.exe
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\outlook.reg" "HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager"
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\pstorage.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy"
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\wm.reg" "HKEY_CURRENT_USER\Software\WebMoney"
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\google.reg" "HKEY_CURRENT_USER\Software\Google"
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\ex.reg" "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms"
- %WINDIR%\regedit.exe /e "%APPDATA%\storage1\mra.reg" "HKEY_CURRENT_USER\Software\Mail.Ru"
- WebMoney.exe
- %APPDATA%\storage1\cookies.sqlite
- %APPDATA%\storage1\cert8.db
- %APPDATA%\storage1\formhistory.sqlite
- %APPDATA%\storage1\signons.sqlite
- %APPDATA%\storage1\key3.db
- %WINDIR%\Temp\svсhost.exe
- %APPDATA%\Export\svсhost.exe
- %APPDATA%\storage1\pstorage.reg
- <Текущая директория>\tmp
- %APPDATA%\Export\svсhost.exe
- <Текущая директория>\tmp
- DNS ASK we##oney.ru
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''