Техническая информация
- [<HKLM>\SOFTWARE\Classes\VBSFile\Shell\Open\Command] '' = '<SYSTEM32>\CScript.exe "%1" %*'
- [<HKLM>\SOFTWARE\Classes\WSFFile\Shell\Open\Command] '' = '<SYSTEM32>\CScript.exe "%1" %*'
- [<HKLM>\SOFTWARE\Classes\VBEFile\Shell\Open\Command] '' = '<SYSTEM32>\CScript.exe "%1" %*'
- [<HKLM>\SOFTWARE\Classes\JSFile\Shell\Open\Command] '' = '<SYSTEM32>\CScript.exe "%1" %*'
- [<HKLM>\SOFTWARE\Classes\JSEFile\Shell\Open\Command] '' = '<SYSTEM32>\CScript.exe "%1" %*'
- скрытых файлов
- '<SYSTEM32>\cscript.exe' /h:cscript
- '<SYSTEM32>\mode.com' con cols=20 lines=1
- '<SYSTEM32>\chcp.com'
- '<SYSTEM32>\cmd.exe' /c CHCP
- '<SYSTEM32>\cmd.exe' /S /D /c" VER"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\bt5725.bat
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /V "CheckedValue" /T "REG_DWORD" /D "0" /F
- '<SYSTEM32>\find.exe' "4.1"
- %TEMP%\bt5725.bat
- %TEMP%\bt5725.bat