Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'iBryte browseforchange Desktop' = '%PROGRAM_FILES%\iBryte\browseforchange\ibrytedesktop.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\iBryte\browseforchange\ibrytedesktop.exe' = '%PROGRAM_FILES%\iBryte\browseforchange\ibrytedesktop.exe:*:Enabled:iBryteDesktop'
- %PROGRAM_FILES%\iBryte\browseforchange\iBryteDesktop.exe LaunchBrowserOnLoad
- <SYSTEM32>\ping.exe 1.1.1.1 -n 1 -w 3000
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\Thumbs.db
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\toolbar.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\toolbar.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\share_link.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\sidebar.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\sidebar.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\charity\charity.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\charity\redirector.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\images\hidden.png
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\toolbarsidebarshared.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\update_status.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\windows.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\menu.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome.manifest
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\FFAboutBlankSearch.txt
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\install.rdf
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Toolbar.xml
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Assemblies\1\BrowserObjects.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Assemblies\1\Charity.dll
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\fileio.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\json.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\login.xul
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\Toolbar.xml
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\browserwindow.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\browseforchange@browseforchange.com\chrome\content\browserwindow.xul
- %PROGRAM_FILES%\iBryte\browseforchange\AsyncClient11.dll
- %WINDIR%\assembly\tmp\3OV4BK1A\__AssemblyInfo__.ini
- %PROGRAM_FILES%\iBryte\browseforchange\uninstall.exe
- <LS_APPDATA>\iBryte\install.log
- %WINDIR%\assembly\tmp\EXEW5KJ0\BrowserMediator.dll
- %WINDIR%\assembly\tmp\EXEW5KJ0\__AssemblyInfo__.ini
- %WINDIR%\assembly\tmp\3OV4BK1A\SHDocVw.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\EventLog.txt
- <LS_APPDATA>\iBryte\Implementations\browseforchange\UserSettings.xml
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new
- <LS_APPDATA>\ApplicationHistory\<Имя вируса>.exe.bf81a5f0.ini
- <LS_APPDATA>\fusioncache.dat
- %PROGRAM_FILES%\iBryte\browseforchange\iBryteDesktop.exe.config
- %PROGRAM_FILES%\iBryte\browseforchange\ICSharpCode.SharpZipLib.dll
- %PROGRAM_FILES%\iBryte\browseforchange\Manifest.xml
- %PROGRAM_FILES%\iBryte\browseforchange\AxShockwaveFlashObjects.dll
- %PROGRAM_FILES%\iBryte\browseforchange\config.cfg
- %PROGRAM_FILES%\iBryte\browseforchange\iBryteDesktop.exe
- %PROGRAM_FILES%\iBryte\browseforchange\settings.cfg
- %WINDIR%\assembly\tmp\Q29QPW5C\AxSHDocVw.dll
- %WINDIR%\assembly\tmp\Q29QPW5C\__AssemblyInfo__.ini
- %PROGRAM_FILES%\iBryte\browseforchange\Proto11.dll
- %PROGRAM_FILES%\iBryte\browseforchange\SHDocVw.dll
- %PROGRAM_FILES%\iBryte\browseforchange\ShockwaveFlashObjects.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\login.xul
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\menu.xul
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\share_link.xul
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\fileio.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\images\hidden.png
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\json.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\toolbar.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\toolbar.xul
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\toolbarsidebarshared.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\sidebar.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\sidebar.xul
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\Thumbs.db
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\charity\redirector.xul
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Chrome\charity.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Chrome\content.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Chrome\listenerConfig.json
- %TEMP%\browseforchange_ibryte_install.zip
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Chrome\assemblyConfig.json
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Chrome\bg.html
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\browserwindow.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\browserwindow.xul
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\charity\charity.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Chrome\manifest.json
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Chrome\settingsConfig.json
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome.manifest
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\update_status.xul
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\ShockwaveFlashObjects.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Settings\ToolbarPrefs.txt
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Settings\UpdaterSettings.xml
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\Manifest.xml
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\Proto11.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\SHDocVw.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\config.json
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Desktop.xml
- <LS_APPDATA>\iBryte\Implementations\browseforchange\TabsSearch.txt
- <LS_APPDATA>\iBryte\Implementations\browseforchange\AuthorizedURLs.xml
- <LS_APPDATA>\iBryte\Implementations\browseforchange\BHO.xml
- <LS_APPDATA>\iBryte\Implementations\browseforchange\config.cfg
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\ICSharpCode.SharpZipLib.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\Toolbar.xml
- <LS_APPDATA>\iBryte\Implementations\browseforchange\GAC\AxSHDocVw.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\GAC\BrowserMediator.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\chrome\content\windows.js
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\FFAboutBlankSearch.txt
- <LS_APPDATA>\iBryte\Implementations\browseforchange\Firefox\browseforchange@browseforchange.com\install.rdf
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\config.cfg
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\iBryteDesktop.exe
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\iBryteDesktop.exe.config
- <LS_APPDATA>\iBryte\Implementations\browseforchange\GAC\SHDocVw.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\AsyncClient11.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\AxShockwaveFlashObjects.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\ShockwaveFlashObjects.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\SHDocVw.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\Proto11.dll
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2856.97640
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2856.97578
- %TEMP%\browseforchange_ibryte_install.zip
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\Manifest.xml
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\config.cfg
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\AxShockwaveFlashObjects.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\AsyncClient11.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\ICSharpCode.SharpZipLib.dll
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\iBryteDesktop.exe.config
- <LS_APPDATA>\iBryte\Implementations\browseforchange\ProgramFiles\iBryteDesktop.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch в %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2856.97640
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch в %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2856.97578
- 'im#.###wseforchange.com':80
- im#.###wseforchange.com/impression.do/?ev################################################################################################################################################
- im#.###wseforchange.com/impression.do/?ev#######################################################################################################################################
- DNS ASK lo####g.jn3jokm.com
- DNS ASK lo######ncer.jn3jokm.com
- DNS ASK im#.###wseforchange.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''