Техническая информация
- [<HKLM>\DEFUSER\Software\Policies\Microsoft\Windows\Control Panel\Desktop] 'SCRNSAVE.EXE' = 'scrnsave.scr'
- Компонент восстановления системы (SR)
- <SYSTEM32>\reg.exe UNLOAD HKLM\DefUser
- <SYSTEM32>\reg.exe LOAD HKLM\DefUser "C:\Documents and Settings\Default User\NtUser.dat"
- <SYSTEM32>\powercfg.exe -H OFF
- [<HKLM>\DEFUSER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
- %TEMP%\~GLH0001.TMP
- %TEMP%\~GLH0000.TMP
- C:\Documents and Settings\Default User\NtUser.dat.LOG
- %TEMP%\~GLH0002.TMP
- %TEMP%\GLI6.tmp
- %TEMP%\GLG3.tmp
- %TEMP%\GLC1.tmp
- <Текущая директория>\visionapp.log
- %TEMP%\GLI4.tmp
- %TEMP%\GLI6.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\vWiseExt.dll
- %TEMP%\GLG3.tmp
- %TEMP%\GLI4.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''