Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{EB4C8BC9-653A-44AB-875B-F3F1B9DA5C39}] 'stubpath' = ''
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:"%TEMP%\RES2.tmp"" ""%TEMP%\vbc1.tmp""
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\0kgvxyi6.cmdline"
- <SYSTEM32>\svchost.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\RES2.tmp
- %TEMP%\0kgvxyi6.dll
- <SYSTEM32>\hdada\net.exe
- %TEMP%\vbc1.tmp
- %TEMP%\0kgvxyi6.0.vb
- %TEMP%\0kgvxyi6.cmdline
- %TEMP%\0kgvxyi6.out
- <SYSTEM32>\hdada\net.exe
- %TEMP%\0kgvxyi6.cmdline
- %TEMP%\0kgvxyi6.out
- %TEMP%\0kgvxyi6.dll
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- %TEMP%\0kgvxyi6.0.vb
- 'localhost':81
- 'mh###.myftp.org':81
- DNS ASK mh###.myftp.org