Техническая информация
- '%TEMP%\ConsExt.exe' /event
- '%TEMP%\bschk.exe' /nt60 sys
- '%TEMP%\ConsExt.exe' /crv 0
- '<SYSTEM32>\find.exe' ":"
- '<SYSTEM32>\find.exe' "\\"
- '<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName
- '<SYSTEM32>\chcp.com' 936
- '<SYSTEM32>\find.exe' /i "ProductName"
- '<SYSTEM32>\mode.com' con cols=80 lines=25
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\nt6v2.cmd" "
- '<SYSTEM32>\find.exe' /i "mini"
- '<SYSTEM32>\find.exe' "5."
- '<SYSTEM32>\find.exe' "6."
- %TEMP%\zchzr
- %TEMP%\attrib5.exe
- %TEMP%\sc.exe
- %TEMP%\PBR6.NT
- %TEMP%\reg5.exe
- %TEMP%\bschk.exe
- %TEMP%\nt6hdd.tmp
- %TEMP%\bs.exe
- %TEMP%\bcd
- %TEMP%\be.exe
- %TEMP%\chcp5.com
- %TEMP%\ConsExt.exe
- %TEMP%\bsf3.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\PBR6.F16
- %TEMP%\PBR6.F32
- %TEMP%\nt6v2.cmd
- %TEMP%\find5.exe
- %TEMP%\mv.exe
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'