Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- %WINDIR%\regedit.exe /s "<LS_APPDATA>\com.rad"
- <SYSTEM32>\xcopy.exe ""<LS_APPDATA>\taskmgr"" "%WINDIR%" /R /Y
- <SYSTEM32>\taskkill.exe /f /im:taskmgr.exe
- <LS_APPDATA>\com.rad
- %WINDIR%\taskmgr
- %TEMP%\~1.bat
- <LS_APPDATA>\taskmgr
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- <LS_APPDATA>\taskmgr
- <LS_APPDATA>\com.rad
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: ''