Техническая информация
- [<HKLM>\SYSTEM\ControlSet003\Services\ghhmvy] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet002\Services\ghhmvy] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ghhmvy] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k ghhmvy
- <SYSTEM32>\vbcncw.dll
- <SYSTEM32>\00052add.sys
- 'www.on##dor.com':53
- DNS ASK www.on##dor.com