Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\UserInit.exe,'
- '<SYSTEM32>\cacls.exe' "<SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini" /t /e /c /p everyone:r
- '<SYSTEM32>\gpupdate.exe' /force
- '<SYSTEM32>\cacls.exe' "<SYSTEM32>\GroupPolicy\User\Scripts\Logon\36OStart.exe" /t /e /c /p everyone:r
- '<SYSTEM32>\cacls.exe' "<SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini" /t /e /c /p everyone:f
- <SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini
- %WINDIR%\Tasks\SA.DAT в C:\360隔离\Tasks\SA.DAT_u6f
- %WINDIR%\Tasks\desktop.ini в C:\360隔离\Tasks\desktop.ini_u6f