Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{937887FE-6DE6-1E2C-57EB-44BF1226E8F2}] 'StubPath' = '<SYSTEM32>\cmd.exe /c <SYSTEM32>\mag_hook.exe /i'
- <SYSTEM32>\lzexpand.exe
- <SYSTEM32>\mag_hook.exe
- <SYSTEM32>\reg.exe delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{937887FE-6DE6-1E2C-57EB-44BF1226E8F2}" /f
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\_deleteme.bat
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\_Setup.bat
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{937887FE-6DE6-1E2C-57EB-44BF1226E8F2}" /v StubPath /t REG_SZ /d "<SYSTEM32>\cmd.exe /c <SYSTEM32>\mag_hook.exe /i" /f
- <SYSTEM32>\mciavi32.nls
- <SYSTEM32>\mcastmib.cpl
- <SYSTEM32>\mapi32.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- <SYSTEM32>\lzexpand.exe
- <SYSTEM32>\_Setup.bat
- <SYSTEM32>\c_l8727.nls
- <SYSTEM32>\mag_hook.exe
- <SYSTEM32>\mcd32.nls
- <SYSTEM32>\_deleteme.bat
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- 'vd####.homeunix.net':80
- '<IP-адрес в локальной сети>':80
- vd####.homeunix.net/config.asp?id#########
- <IP-адрес в локальной сети>
- DNS ASK vd####.homeunix.net
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-bf4.bf8.3b0001'