Техническая информация
- скрытых файлов
- расширений файлов
- %TEMP%\ixp000.tmp\fileext.cmd
- %TEMP%\tmp.vbs
- %TEMP%\tmp.vbs
- %TEMP%\ixp000.tmp\fileext.cmd
- ClassName: '' WindowName: 'Program Manager'
- '<SYSTEM32>\wscript.exe' "%TEMP%\tmp.vbs"
- '<SYSTEM32>\cmd.exe' /c "FileExt.cmd"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "FileExt.cmd"
- '<SYSTEM32>\reg.exe' query "HKU\S-1-5-20"
- '<SYSTEM32>\mode.com' con cols=100 lines=55
- '<SYSTEM32>\reg.exe' query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt
- '<SYSTEM32>\find.exe' /i "0x0"
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 0x0 /f
- '<SYSTEM32>\reg.exe' add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t REG_DWORD /d "1" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\HideFile" /ve /t REG_SZ /d "╞─└╧ ╚В«└σ└┌ ╟Г‘╜├(&X)" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\HideFile" /v "Icon" /t REG_SZ /d "<SYSTEM32>\imageres.dll,227" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\HideFile" /v "Position" /t REG_SZ /d "Bottom" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\HideFile" /v "SeparatorBefore" /t REG_SZ /d "" /f
- '<SYSTEM32>\reg.exe' add "HKCR\Directory\Background\Shell\HideFile\command" /ve /t REG_SZ /d "\"%WINDIR%\Cursors\Mouse menu\FileExt.exe\"" /f
- '<SYSTEM32>\rundll32.exe' USER32.DLL,UpdatePerUserSystemParameters