Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%WINDIR%\system\svchost.scr'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '' = '%WINDIR%\system\svchost.scr:*:Enabled:KL'
- '%WINDIR%\system\svchost.scr' /S
- '<SYSTEM32>\reg.exe' add "hkcu\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v "load" /t reg_sz /d "%WINDIR%\system\svchost.scr" /f
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %WINDIR%\system\jpg.jpg
- %HOMEPATH%\Recent\jpg.lnk
- %HOMEPATH%\Recent\system.lnk
- %WINDIR%\system\jpg.jpg
- %WINDIR%\system\svchost.scr
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'