Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{EB4C8BC9-653A-44AB-875B-F3F1B9DA5C39}] 'stubpath' = ''
- <SYSTEM32>\hdada\FunStudio.exe
- <SYSTEM32>\hdada\ISS.EXE
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:"%TEMP%\RES2.tmp"" ""%TEMP%\vbc1.tmp""
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\w9myffhi.cmdline"
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\vbc1.tmp
- %TEMP%\w9myffhi.out
- %TEMP%\RES2.tmp
- <SYSTEM32>\hdada\net.exe
- %TEMP%\w9myffhi.dll
- <SYSTEM32>\hdada\FunStudio.exe
- %TEMP%\sfx.ini
- <SYSTEM32>\hdada\ISS.EXE
- %TEMP%\w9myffhi.cmdline
- %TEMP%\w9myffhi.0.vb
- <SYSTEM32>\hdada\net.exe
- %TEMP%\w9myffhi.dll
- %TEMP%\w9myffhi.cmdline
- %TEMP%\w9myffhi.out
- %TEMP%\w9myffhi.0.vb
- %TEMP%\sfx.ini
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- 'localhost':81
- 'mh###.myftp.org':81
- DNS ASK mh###.myftp.org
- ClassName: 'Shell_TrayWnd' WindowName: ''