Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Explorer-inf' = 'C:\batch\runh.exe C:\batch\info.bat'
- C:\batch\runh.EXE info.bat
- <SYSTEM32>\reg.exe ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Explorer-inf /t REG_SZ /d "C:\batch\runh.exe C:\batch\info.bat"
- <SYSTEM32>\rundll32.exe shimgvw.dll,ImageView_Fullscreen C:\batch\microsoft_random_as_picture.png
- <SYSTEM32>\ftp.exe -i -s:ftp.txt
- <SYSTEM32>\ping.exe -n 40 127.0.0.1
- <SYSTEM32>\attrib.exe +h +r +s batch
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\copy.bat" "<Текущая директория>\""
- <SYSTEM32>\attrib.exe +h +r +s C:\batch\*.*
- <SYSTEM32>\xcopy.exe /q /y /e /c /i "%TEMP%\1.tmp" C:\batch\
- %HOMEPATH%\Recent\microsoft_random_as_picture.lnk
- C:\batch\runh.EXE
- C:\batch\microsoft_random_as_picture.png
- C:\batch\ftp.txt
- C:\batch\vic-pc\10044.txt
- %HOMEPATH%\Recent\batch.lnk
- %TEMP%\1.tmp\microsoft_random_as_picture.png
- %TEMP%\1.tmp\info.bat
- %TEMP%\1.tmp\copy.bat
- C:\batch\info.bat
- C:\batch\copy.bat
- %TEMP%\1.tmp\runh.EXE
- C:\batch\microsoft_random_as_picture.png
- C:\batch\runh.EXE
- C:\batch\copy.bat
- C:\batch\info.bat
- %TEMP%\1.tmp\runh.EXE
- %TEMP%\1.tmp\copy.bat
- %TEMP%\1.tmp\info.bat
- %TEMP%\1.tmp\microsoft_random_as_picture.png
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''