Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] 'DllName' = 'antiwpa.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa] 'Logon' = 'onLogon'
- %WINDIR%\regedit.exe /s xpvl.reg
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\grpconv.exe -o
- <SYSTEM32>\cmd.exe /c ""%TEMP%\RarSFX0\run.cmd" "
- <SYSTEM32>\regsvr32.exe /s antiwpa.dll
- <SYSTEM32>\rundll32.exe setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
- %TEMP%\RarSFX0\Genuine.url
- <SYSTEM32>\antiwpa.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\SuccessfulActivation[1].aspx
- %TEMP%\RarSFX0\xpvl.reg
- %TEMP%\RarSFX0\antiwpa.dll
- %TEMP%\RarSFX0\run.cmd
- %TEMP%\RarSFX0\run.cmd
- %TEMP%\RarSFX0\xpvl.reg
- %TEMP%\RarSFX0\antiwpa.dll
- %TEMP%\RarSFX0\Genuine.url
- '20#.#6.232.182':80
- 'localhost':1036
- 20#.#6.232.182/genuine/downloads/SuccessfulActivation.aspx?di###############################################################
- DNS ASK www.microsoft.com
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''