Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Explorer' = '<SYSTEM32>\Explorer.vbs'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Explorer' = '"<SYSTEM32>\Explorer.vbs"'
- <SYSTEM32>\2.jpg
- <SYSTEM32>\12.ico
- <SYSTEM32>\comman.bat
- <SYSTEM32>\Explorer.vbs
- <SYSTEM32>\url.reg
- <SYSTEM32>\1.vbs
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\1.vbs"
- '<SYSTEM32>\reg.exe' add "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /v "" /d "\"%ProgramFiles%\Internet Explorer\IEXPLORE.EXE\" http://12#.#x00.com/" /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "Explorer" /d "<SYSTEM32>\Explorer.vbs" /f
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen <SYSTEM32>\2.jpg
- '%WINDIR%\regedit.exe' /s url.reg
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\comman.bat" "