Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- '<SYSTEM32>\net1.exe' start xtfilemon
- '<SYSTEM32>\net.exe' start xtfilemon
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/t09L3W8/t5bD1TT.dll,DllLoad dHlwZTpwMnAgcGF0aDogZnVuY25hbWU6QDcxIHBhcmFtOmMyaHRjR3hoZERwME1FRlFWemd3WTJwNmFTQndkR3hrYkd3NlF6b3ZWMGxPUkU5WFV5OTBNRGxNTTFjNEwzUTFZa1F4VkZRdVpHeHNJSEIwYk...
- '<SYSTEM32>\grpconv.exe' -o
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/t09L3W8/t5bD1TT.dll,DllLoadX dHlwZTpwMnAgcGF0aDogZnVuY25hbWU6QDc1IHBhcmFtOg==
- '<SYSTEM32>\rundll32.exe' C:/WINDOWS/t09L3W8/t5bD1TT.dll,DllLoad dHlwZTpwMnAgcGF0aDogZnVuY25hbWU6QDcxIHBhcmFtOg==
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\rundll32.exe' syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:/WINDOWS/system32/drivers/xtfilemon.inf
- %WINDIR%\Explorer.EXE
- <DRIVERS>\xtfilemon.sys
- <DRIVERS>\xtfilemon.inf
- C:\xscp.txt
- <DRIVERS>\blackList.base
- %WINDIR%\t09L3W8\t5bD1TT.dll
- %WINDIR%\t09L3W8\u9ckg18.dll
- %WINDIR%\SBYQDLP\sccon0987.txt
- 'cd#.#2ptool.com':80
- 'np##.#oomeng.com':80
- 'www.qq.com':80
- 'localhost':1039
- http://np##.#oomeng.com/bmy/?us################################################
- http://cd#.#2ptool.com/p2p/black.txt
- DNS ASK cd#.#2ptool.com
- DNS ASK np##.#oomeng.com
- DNS ASK www.ba##u.com
- DNS ASK www.qq.com
- ClassName: 'Progman' WindowName: ''