Техническая информация
- [<HKLM>\SOFTWARE\Classes\scriptletfile\Shell\Open\command] '' = '"%WINDIR%\NOTEPAD.EXE" "%1"'
- '<SYSTEM32>\cscript.exe' "%TEMP%\51872572.js"
- '<SYSTEM32>\net1.exe' session
- '<SYSTEM32>\regsvr32.exe' /s /i:"%APPDATA%\SURL.wsc" "<SYSTEM32>\scrobj.dll"
- '<SYSTEM32>\net.exe' session
- '<SYSTEM32>\cmd.exe' /c tasklist
- '<SYSTEM32>\tasklist.exe'
- %APPDATA%\SURL.wsc
- %APPDATA%\update.js
- %TEMP%\51872572.js
- %HOMEPATH%\runit.js
- ClassName: 'MS_WINHELP' WindowName: ''