Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'kasper' = '%WINDIR%\kasper.exe'
- %TEMP%\2.tmp\nircmdc.exe win show class shell_traywnd win hide class CabinetWClass win show class CabinetWClass win child class Progman hide class SysListView32 win child class Progman show class SysListView32 win hide class shell_traywnd
- %TEMP%\1.tmp\kasper.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\2.tmp\kasper.bat" "
- <SYSTEM32>\taskkill.exe /im taskmgr.exe /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\kasperskey.bat" "
- <SYSTEM32>\reg.exe add hklm\software\microsoft\windows\currentversion\run /v kasper /d %WINDIR%\kasper.exe /f
- %TEMP%\2.tmp\kasper.bat
- %WINDIR%\kasper.exe
- %TEMP%\2.tmp\nircmdc.exe
- %TEMP%\2.tmp\user32_100.ico
- %TEMP%\2.tmp\sttray_150.ico
- %TEMP%\1.tmp\kasper.exe
- %TEMP%\1.tmp\kasperskey.bat
- %TEMP%\1.tmp\4a5456a760a5b96eea922cf7506de982.jpg
- %TEMP%\1.tmp\15july.jpg
- %TEMP%\1.tmp\9d50c2273117dbefd9d9767bd4109e4b.jpg
- ClassName: '' WindowName: ''