Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Net Framework' = '%APPDATA%\Net Framework.exe'
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
- %TEMP%\tqykh4dl.out
- %TEMP%\tqykh4dl.cmdline
- %TEMP%\vbc1.tmp
- %TEMP%\RES3.tmp
- %TEMP%\vbc2.tmp
- %APPDATA%\Net Framework.exe
- %TEMP%\NZMONFu.txt
- %TEMP%\6925.exe
- %TEMP%\tqykh4dl.0.vb
- %APPDATA%\VgZblRvZ.exe
- %APPDATA%\Net Framework.exe
- <Полный путь к файлу>
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk в %APPDATA%\ZuiGGjjtnxDp\htYBxGgZ\Launch Internet Explorer Browser.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
- 'localhost':333
- 'ma#####tos.zapto.org':333
- DNS ASK ma#####tos.zapto.org
- ClassName: 'NirSoft_IPNetInfo' WindowName: ''
- ClassName: 'CurrPorts' WindowName: ''
- '%TEMP%\6925.exe'
- '%APPDATA%\Net Framework.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\tqykh4dl.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3.tmp" "%TEMP%\vbc2.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "Net Framework" /tr "%APPDATA%\Net Framework.exe"