Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = ''
- Компонент восстановления системы (SR)
- %WINDIR%\regedit.exe /s /e "<SYSTEM32>\tmp" "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal"
- <SYSTEM32>\tasklist.exe
- %WINDIR%\regedit.exe /s "<SYSTEM32>\tmp"
- <SYSTEM32>\rundll32.exe user32.dll,UpdatePerUserSystemParameters
- %WINDIR%\regedit.exe /s /e "<SYSTEM32>\tmp" "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\NetWork"
- C:\tlist
- <SYSTEM32>\tmp
- C:\tlist
- <SYSTEM32>\tmp
- 'sm##.gmail.com':465
- 'www.ms#.com':80
- DNS ASK sm##.gmail.com
- DNS ASK www.ms#.com
- '10.#.1.1':1033
- ClassName: 'RegEdit_RegEdit' WindowName: ''