Техническая информация
- [<HKLM>\SOFTWARE\Classes\VBSFile\Shell\Open\Command] '' = ''
- [<HKLM>\SOFTWARE\Classes\WSFFile\Shell\Open\Command] '' = ''
- [<HKLM>\SOFTWARE\Classes\VBEFile\Shell\Open\Command] '' = ''
- [<HKLM>\SOFTWARE\Classes\JSFile\Shell\Open\Command] '' = ''
- [<HKLM>\SOFTWARE\Classes\JSEFile\Shell\Open\Command] '' = ''
- скрытых файлов
- <SYSTEM32>\findstr.exe /n .* ".\GTOOLS\GREEN.SVR"
- <SYSTEM32>\findstr.exe /I "REGEDIT4"
- <SYSTEM32>\ping.exe 127.0.0.1 -n 1
- <SYSTEM32>\cscript.exe //nologo "%TEMP%\Temp.vbs"
- <SYSTEM32>\net1.exe user "%USERNAME%"
- <SYSTEM32>\find.exe /I "%USERNAME%s"
- <SYSTEM32>\mode.com con cols=20 lines=1
- <SYSTEM32>\reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /V "CheckedValue" /T "REG_DWORD" /D "0" /F
- <SYSTEM32>\find.exe "4.1"
- <SYSTEM32>\mode.com con cols=70 lines=20
- <SYSTEM32>\chcp.com
- <SYSTEM32>\cscript.exe /h:cscript
- %TEMP%\Temp.vbs
- %TEMP%\CPATH.BAT
- %TEMP%\bt8632.bat
- %TEMP%\bt8632.bat
- %TEMP%\CPATH.BAT
- ClassName: 'Shell_TrayWnd' WindowName: ''