Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Task_Host' = '"%WINDIR%\WindowSP\TaskManager.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, "%WINDIR%\WindowSP\TaskManager.exe"'
- '%WINDIR%\WindowSP\TaskManager.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\install.vbs"
- '<SYSTEM32>\cmd.exe' /c "%WINDIR%\WindowSP\TaskManager.exe"
- TaskManager.exe
- %TEMP%\install.vbs
- %WINDIR%\WindowSP\TaskManager.exe
- %WINDIR%\WindowSP\TaskManager.exe
- %TEMP%\install.vbs