Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\System\CurrentControlSet\Services\tccp] 'ImagePath' = 'system32\DRIVERS\tccp.sys'
- %TEMP%\tccp.log
- %WINDIR%\syswow64\autorun_dvd_32.exe
- %TEMP%\tccp.sys
- %TEMP%\tccp.inf
- %TEMP%\tccp.cat
- %TEMP%\tccpx64.exe
- <DRIVERS>\sete17d.tmp
- %WINDIR%\temp\udde5f2.tmp
- %WINDIR%\temp\uddf0d0.tmp
- %WINDIR%\temp\uddf93d.tmp
- %WINDIR%\temp\udd10e.tmp
- %WINDIR%\temp\udd8df.tmp
- %WINDIR%\temp\udd10b0.tmp
- %WINDIR%\temp\udde5f2.tmp
- %WINDIR%\temp\uddf0d0.tmp
- %WINDIR%\temp\uddf93d.tmp
- %WINDIR%\temp\udd10e.tmp
- %WINDIR%\temp\udd8df.tmp
- %WINDIR%\temp\udd10b0.tmp
- <DRIVERS>\sete17d.tmp в <DRIVERS>\tccp.sys
- '%TEMP%\tccpx64.exe'
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\grpconv.exe' -o