Техническая информация
- [<HKLM>\SOFTWARE\Classes\.bat] '' = 'batfile'
- [<HKLM>\SOFTWARE\Classes\batfile\shell\open\command] '' = '%1 %*'
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\run.bat
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\Mainpr.exe
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\nircmdc.exe
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\hosts
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\fixR1.0.reg
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\NoAuto.reg
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\passs.vbs
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\Protected.vbs
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\Thanks.vbs
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\passs.vbs
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\Protected.vbs
- %WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\Thanks.vbs
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\nircmdc.exe' regdelval "hkcu\software\policies\microsoft\windows\system" "disablecmd"
- '%WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\nircmdc.exe' regsetval sz "HKEY_CLASSES_ROOT\.bat" "" "batfile"
- '%WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\nircmdc.exe' regsetval sz "HKEY_CLASSES_ROOT\batfile\shell\open\command" "" "%1 %*"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Temp\{5931BE23-EAAA-48B7-8H1-B74FE596EA6E}\run.bat" "