Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = 'file:%WINDIR%\362.VBS'
- %PROGRAM_FILES%\%Program Files%\laass.exe setupapi,InstallHinfSection DefaultInstall 128 %PROGRAM_FILES%\%Program Files%\inst.inf Wdcp.dll main
- <SYSTEM32>\grpconv.exe -o
- <SYSTEM32>\xcopy.exe /e /y "%PROGRAM_FILES%\%Program Files%\╞Ї╢п" "%ALLUSERSPROFILE%\б╕┐к╩╝б╣▓╦╡е\│╠╨Є\╞Ї"╢п
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\wscript.exe "%PROGRAM_FILES%\%Program Files%\363.VBS"
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\%Program Files%\Cest.bat" "
- %PROGRAM_FILES%\%Program Files%\inst.inf
- %PROGRAM_FILES%\%Program Files%\Cest.bat
- %PROGRAM_FILES%\%Program Files%\Wdcp.dll
- %PROGRAM_FILES%\%Program Files%\Жф¶Ї\congqi.bat
- %WINDIR%\362.vbs
- %WINDIR%\best.bat
- %PROGRAM_FILES%\%Program Files%\363.VBS
- %PROGRAM_FILES%\%Program Files%\laass.exe
- 'ki####01.3322.org':19820
- DNS ASK ki####01.3322.org
- '<IP-адрес в локальной сети>':1036