Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%PROGRAM_FILES%\\UserDesktop\files\alternateshell.exe'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '00000000'
- '<SYSTEM32>\tasklist.exe' /fi "SessionName eq Console"
- %HOMEPATH%\processtokill.txt
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'