Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] 'Startup' = 'onStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'EasyKMS' = '%CommonProgramFiles%\EasyKMS\EasyKMS.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] 'DllName' = 'AntiWPA.Dll'
- '<SYSTEM32>\grpconv.exe' -o
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\rundll32.exe' fldrclnr.dll,Wizard_RunDLL
- '<SYSTEM32>\runonce.exe' -r
- '%CommonProgramFiles%\EasyKMS\EasyKMS.exe' /1
- '<SYSTEM32>\regsvr32.exe' /s AntiWPA.Dll
- '<SYSTEM32>\rundll32.exe' setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\AntiWPA.Dll
- %CommonProgramFiles%\EasyKMS\temp\AntiWPA.Dll
- %CommonProgramFiles%\EasyKMS\EasyKMS.exe
- %CommonProgramFiles%\EasyKMS\temp\AntiWPA.Dll
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'