Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UIHost' = '%WINDIR%\LOGONUI\LOGONUI.EXE'
- %WINDIR%\regedit.exe /S lgqy.REG
- <SYSTEM32>\cmd.exe /c %WINDIR%\LOGONUI\lgqy.CMD
- %WINDIR%\LOGONUI\lgqy.CMD
- %WINDIR%\LOGONUI\lgqy.reg
- %WINDIR%\LOGONUI\LOGONUI.EXE
- %TEMP%\nsh2.tmp
- %TEMP%\nsi3.tmp\Banner.dll
- %WINDIR%\LOGONUI\lgqy.CMD
- %WINDIR%\LOGONUI\lgqy.reg
- %TEMP%\nsi3.tmp\Banner.dll
- ClassName: 'RegEdit_RegEdit' WindowName: ''