Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SYSTEM\ControlSet001\Services\15236775] 'ImagePath' = '<SYSTEM32>\15236775\svhost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\15236775] 'Start' = '00000002'
- '<SYSTEM32>\grpconv.exe' -o
- '<SYSTEM32>\15236775\svhost.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\win.bat
- '<SYSTEM32>\cmd.exe' /c rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 <SYSTEM32>\15236775.inf
- '<SYSTEM32>\rundll32.exe' setupapi,InstallHinfSection DefaultInstall 128 <SYSTEM32>\15236775.inf
- '<SYSTEM32>\runonce.exe' -r
- %ProgramFiles%\1.txt
- %ALLUSERSPROFILE%\Application Data\15236775.dll
- %HOMEPATH%\Cookies\154953na.t
- <SYSTEM32>\15236775.m_rmvb.bat
- <SYSTEM32>\15236775.r_rmvb.bat
- %TEMP%\win
- <SYSTEM32>\15236775\svhost.exe
- <SYSTEM32>\15236775aa.inf
- <SYSTEM32>\15236775.inf
- <SYSTEM32>\15236775id.dll.temp.tlb
- %HOMEPATH%\Cookies\128796na.t
- <SYSTEM32>\15236775id.dll.right.tlb
- <SYSTEM32>\15236775id.dll.move.tlb
- %ProgramFiles%\1.txt
- %TEMP%\win в %TEMP%\win.bat
- '24####093.3322.org':8888
- DNS ASK 24####093.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''