Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SYSTEM\ControlSet001\Services\myTest] 'Start' = '00000002'
- <SYSTEM32>\grpconv.exe -o
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 %PROGRAM_FILES%\DAEMON Tools Lite\inetsvr.inf
- %PROGRAM_FILES%\DAEMON Tools Lite\sysinfo.ini
- %PROGRAM_FILES%\DAEMON Tools Lite\1.exe
- %PROGRAM_FILES%\DAEMON Tools Lite\f.log
- %PROGRAM_FILES%\DAEMON Tools Lite\mstdc.exe
- %PROGRAM_FILES%\DAEMON Tools Lite\inetsvr.inf
- %TEMP%\E_N4\internet.fne
- %TEMP%\E_N4\krnln.fnr
- %PROGRAM_FILES%\DAEMON Tools Lite\ctfnom.exe
- %TEMP%\E_N4\eAPI.fne
- 'mo####5.3322.org':80
- 'www.dd##n.com':80
- mo####5.3322.org/1.txt
- www.dd##n.com/???###########
- DNS ASK mo####5.3322.org
- DNS ASK www.dd##n.com
- '<IP-адрес в локальной сети>':1035