Техническая информация
- '<SYSTEM32>\rundll32.exe' USER32.dll,LockWorkStation
- '<SYSTEM32>\logonui.exe' /status
- '<SYSTEM32>\net1.exe' user %USERNAME% "7997"
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\oobe\info\backgrounds\block.bat" "
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v OEMBackground /t reg_dword /d 1 /f
- <SYSTEM32>\oobe\info\backgrounds\block.bat
- <SYSTEM32>\oobe\info\backgrounds\backgroundDefault.jpg
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: '' WindowName: 'GINA Logon'
- ClassName: 'StatusWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''