Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SOFTWARE\Classes\CLSID\{77708248-f839-436b-8919-527c410f48b8}\shell\open\command] '' = '<SYSTEM32>\mycap.exe'
- %TEMP%\mycap\4.1.exe
- <SYSTEM32>\grpconv.exe -o
- <SYSTEM32>\mshta.exe vbscript:CreateObject("Wscript.Shell").popup("╔у╧ё═╖▒ъ╓╛╥╤│╔╣ж╠э╝╙╜°╝╞╦у╗·╓╨гб",0,"йОБAёлгв|",64)(window.close)
- <SYSTEM32>\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 .\05.inf
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\mycap\mycap.exe
- <SYSTEM32>\mycap.exe
- %TEMP%\~4.BAT
- %TEMP%\aut3.tmp
- %TEMP%\mycap\05.inf
- %TEMP%\aut1.tmp
- %TEMP%\mycap\4.1.exe
- %TEMP%\aut2.tmp
- %TEMP%\~4.BAT
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''