Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe <SYSTEM32>\EXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\Del.bat
- <SYSTEM32>\Del.bat
- <SYSTEM32>\.dll
- <SYSTEM32>\EXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- <SYSTEM32>\.dll
- <SYSTEM32>\EXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- ClassName: '20060506' WindowName: '20060506'