Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Runonce] 'kissy' = '%ALLUSERSPROFILE%\Application Data\settpe.exe'
- скрытых файлов
- расширений файлов
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 00000000 /f
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 00000001 /f
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t reg_dword /d 00000000 /f
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 00000000 /f
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t reg_dword /d 00000000 /f
- %WINDIR%\regedit.exe /S "%HOMEPATH%\Local Settings\Temp.\DefOpen.reg"
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 00000000 /f
- %TEMP%\DefOpen.reg
- %TEMP%\bt18775.bat
- %TEMP%\bt18775.bat
- %TEMP%\bt18775.bat
- %TEMP%\DefOpen.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''