Техническая информация
- '<SYSTEM32>\reg.exe' add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoDesktop /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRestrictRun /v 1 /t REG_DWORD /d %WINDIR%explorer.exe /f
- '<SYSTEM32>\wermgr.exe' "-outproc" "852" "4100"
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- '<SYSTEM32>\msg.exe' * "╒р-їр-їр"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1C94.tmp\Prikol).bat""
- '<SYSTEM32>\reg.exe' add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\rundll32.exe' user32, SwapMouseButton
- %WINDIR%\Temp\OutofProcReport1080109.txt
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.6.7600.256_d2caf64b7dbca2d781154d2562964c262846251_cab_0df07973\Report.wer
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80072f78_805ff6e6daf5fedbb13daf2b1d56b5cbd7ea195_cab_0d7c7187\client_manifest.txt
- %TEMP%\1C94.tmp\Prikol).bat
- %WINDIR%\SoftwareDistribution\DataStore\Logs\tmp.edb
- %WINDIR%\Temp\OutofProcReport1080109.txt
- %TEMP%\1C94.tmp\Prikol).bat
- '20#.#6.232.182':80
- 'download.windowsupdate.com':80
- 20#.#6.232.182/fwlink/?Li######################################################################################################
- DNS ASK www.up####.microsoft.com
- DNS ASK go.###rosoft.com
- DNS ASK download.windowsupdate.com
- DNS ASK do#####d.microsoft.com
- ClassName: '' WindowName: ''