Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe, wscript.exe C:\drivers\FaceBook.wsf'
- %HOMEPATH%\Start Menu\Programs\Startup\My Documents.lnk
- %WINDIR%!\ss.doc
- C:\drivers\rar.zip
- %TEMP%\Temporary Directory 1 for rar.zip\FaceBook.wsf
- C:\drivers\FaceBook.wsf
- C:\drivers\rar.zip
- ClassName: 'WordPadClass' WindowName: ''
- '<SYSTEM32>\cscript.exe' C:\drivers\FaceBook.wsf
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "%WINDIR%!\ss.doc"