Техническая информация
- [<HKLM>\SOFTWARE\Classes\odfile\shell\open\command] '' = 'explorer /n,"%PROGRAM_FILES%\T%H"'
- [<HKLM>\SOFTWARE\Classes\opfile\shell\open\command] '' = 'explorer /n,"%PROGRAM_FILES%\%H"'
- %TEMP%\nso4.tmp\ns5.tmp c:\2719.bat
- %HOMEPATH%\Templates\xyz2717.exe
- <SYSTEM32>\wbem\wmic.exe userAccount where "Name='%USERNAME%'" get SID /value
- <SYSTEM32>\reg.exe add HKCU\Software\sid\ /v Sid /d S-1-5-21-2052111302-484763869-725345543-1003 /f
- <SYSTEM32>\cmd.exe /c c:\2719.bat
- <SYSTEM32>\ntvdm.exe -f -i1
- [<HKCU>\Software\FlashFXP]
- %TEMP%\tmp8.tmp
- %TEMP%\tmp9.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs7.tmp
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %HOMEPATH%\Templates\TempWmicBatchFile.bat
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %TEMP%\tmpA.tmp
- %HOMEPATH%\Templates\kksetup.exe
- %HOMEPATH%\Templates\win101727.txt
- %HOMEPATH%\Templates\a.bat
- %TEMP%\nsr2.tmp\System.dll
- %HOMEPATH%\Templates\install.exe
- %TEMP%\nso4.tmp\nsExec.dll
- %TEMP%\nso4.tmp\ns5.tmp
- %TEMP%\nso4.tmp\System.dll
- C:\2719.bat
- %TEMP%\tmp8.tmp
- %TEMP%\tmp9.tmp
- %TEMP%\tmpA.tmp
- %TEMP%\nsr2.tmp\System.dll
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs7.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b44.b48.380002'