Техническая информация
- [<HKLM>\SOFTWARE\Classes\odfile\shell\open\command] '' = 'explorer /n,"%PROGRAM_FILES%\T%H"'
- [<HKLM>\SOFTWARE\Classes\omfile\shell\open\command] '' = 'explorer /n,"%PROGRAM_FILES%\%H"'
- %TEMP%\nsv4.tmp\ns5.tmp c:\1155.bat
- %HOMEPATH%\Templates\zxc1151.exe
- <SYSTEM32>\wbem\wmic.exe userAccount where "Name='%USERNAME%'" get SID /value
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\cmd.exe /c c:\1155.bat
- [<HKCU>\Software\FlashFXP]
- %WINDIR%\Temp\scs6.tmp
- %HOMEPATH%\Templates\kksetup.exe
- %TEMP%\nsv4.tmp\ns5.tmp
- %TEMP%\tmp9.tmp
- %TEMP%\tmp8.tmp
- %WINDIR%\Temp\scs7.tmp
- %TEMP%\nsv4.tmp\nsExec.dll
- %HOMEPATH%\Templates\win135111.txt
- %HOMEPATH%\Templates\mast.exe
- %TEMP%\nsy2.tmp\System.dll
- C:\1155.bat
- %TEMP%\nsv4.tmp\System.dll
- %HOMEPATH%\Templates\a.bat
- %WINDIR%\Temp\scs7.tmp
- %TEMP%\tmp8.tmp
- %TEMP%\nsy2.tmp\System.dll
- %WINDIR%\Temp\scs6.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b34.b38.380002'