Техническая информация
- [<HKLM>\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command] '' = '<SYSTEM32>\System_Volume_Information.exe'
- <Имя диска съемного носителя>:\desktop.ini
- <SYSTEM32>\reg.exe ADD "HKCU\Control Panel\Desktop" /V WallpaperStyle /T REG_SZ /F /D 0
- <SYSTEM32>\reg.exe ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "<SYSTEM32>\E1info.bmp"
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /V NoDispBackgroundPage /T REG_DWORD /F /D 1
- <SYSTEM32>\reg.exe ADD "HKCU\Control Panel\Desktop" /V StretchWallpaper /T REG_SZ /F /D 2
- <SYSTEM32>\rundll32.exe user32.dll, UpdatePerUserSystemParameters
- %WINDIR%\explorer.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\System_Volume_Information.cmd" <Текущая директория>\"
- <SYSTEM32>\reg.exe add "HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Explore\command" /ve /f /d "<SYSTEM32>\System_Volume_Information.exe"
- <SYSTEM32>\reg.exe add "HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command" /ve /f /d "<SYSTEM32>\System_Volume_Information.exe"
- <SYSTEM32>\E1info.bmp
- C:\desktop.ini
- %TEMP%\1.tmp\System_Volume_Information.cmd
- %TEMP%\1.tmp\GTR1.ini
- ClassName: '' WindowName: 'GINA Logon'
- ClassName: '' WindowName: ''