Техническая информация
- скрытых файлов
- %TEMP%\ixp000.tmp\superhidden.cmd
- %TEMP%\tmp.vbs
- %TEMP%\tmp.vbs
- %TEMP%\ixp000.tmp\superhidden.cmd
- ClassName: '' WindowName: 'Program Manager'
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp.vbs"
- '<SYSTEM32>\cmd.exe' /c "SuperHidden.cmd"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "SuperHidden.cmd"
- '<SYSTEM32>\reg.exe' query "HKU\S-1-5-20"
- '<SYSTEM32>\reg.exe' query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden
- '<SYSTEM32>\find.exe' /i "1"
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t REG_DWORD /d "1" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\ShowHidden" /ve /t REG_SZ /d "╝√░▄┴В° ╟╫╕В± ╟Г‘╜├(&Z)" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\ShowHidden" /v "Icon" /t REG_SZ /d "<SYSTEM32>\imageres.dll,227" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\ShowHidden" /v "Position" /t REG_SZ /d "Bottom" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\ShowHidden\command" /ve /t REG_SZ /d "\"%WINDIR%\Cursors\Mouse menu\SuperHidden.exe\"" /f
- '<SYSTEM32>\timeout.exe' -t 1