Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\svhost.exe.vbs.lnk
- %WINDIR%\cursors\maze.exe
- %WINDIR%\cursors\penis1.ani
- %WINDIR%\cursors\svhost.exe.vbs
- %WINDIR%\cursors\vshost.exe.bat
- %WINDIR%\cursors\ggg.ico
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\cursors\maze.exe'
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\Cursors\svhost.exe.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\Cursors\vshost.exe.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c color 0E
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\Cursors\vshost.exe.bat" "
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Control Panel\Cursors" /v Wait /t REG_EXPAND_SZ /d "%WINDIR%\cursors\penis1.ani" /f
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Control Panel\Cursors" /v Arrow /t REG_EXPAND_SZ /d "%WINDIR%\cursors\penis1.ani" /f