Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] 'vidc.H264' = 'scaticodecvfw.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] 'vidc.DIVX' = 'scaticodecvfw.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] 'vidc.XVID' = 'scaticodecvfw.dll'
- '%TEMP%\RarSFX0\InstallScatiCodec.exe'
- '<SYSTEM32>\grpconv.exe' -o
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\rundll32.exe' setupapi,InstallHinfSection DefaultInstall 132 %TEMP%\RarSFX0\scaticodec.inf
- %WINDIR%\inf\oem3.inf
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %WINDIR%\inf\oem3.PNF
- <SYSTEM32>\SET6.tmp
- %WINDIR%\inf\SET5.tmp
- %TEMP%\RarSFX0\Scati01.ico
- %TEMP%\RarSFX0\InstallScatiCodec.exe
- %TEMP%\RarSFX0\scaticodecvfw.dll
- %APPDATA%\Microsoft\Protect\CREDHIST
- %TEMP%\RarSFX0\scaticodec.inf
- %TEMP%\RarSFX0\Scati01.ico
- %TEMP%\RarSFX0\scaticodecvfw.dll
- %TEMP%\RarSFX0\scaticodec.inf
- %TEMP%\RarSFX0\InstallScatiCodec.exe
- <SYSTEM32>\SET6.tmp в <SYSTEM32>\scaticodecvfw.dll
- %WINDIR%\inf\SET5.tmp в %WINDIR%\inf\scaticodec.inf
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''