Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunServices] 'Group Settings.exe' = '%ALLUSERSPROFILE%\Application Data\Group Settings.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunServices\once] 'Group Settings.exe' = '%ALLUSERSPROFILE%\Application Data\Group Settings.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Group Settings.exe' = '%ALLUSERSPROFILE%\Application Data\Group Settings.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Group Settings.exe' = '%ALLUSERSPROFILE%\Application Data\Group Settings.exe'
- скрытых файлов
- расширений файлов
- '%ALLUSERSPROFILE%\Application Data\Group Settings.exe' /D:"<Полный путь к файлу>"
- '<SYSTEM32>\gpupdate.exe'
- '<SYSTEM32>\mobsync.exe'
- <SYSTEM32>\ctfmon.exe
- AVP32.EXE
- %ALLUSERSPROFILE%\Application Data\5fde141b342688efaa02e0bff1997b65
- %ALLUSERSPROFILE%\Application Data\Group Settings.exe
- %ALLUSERSPROFILE%\Application Data\Group Settings.exe
- DNS ASK google.com
- DNS ASK re####progress.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''