Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\UserInit.exe,'
- <SYSTEM32>\cacls.exe "<SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini" /t /e /c /p everyone:r
- <SYSTEM32>\gpupdate.exe /force
- <SYSTEM32>\cacls.exe "<SYSTEM32>\GroupPolicy\User\Scripts\Logon\36OStart.exe" /t /e /c /p everyone:r
- <SYSTEM32>\cacls.exe "<SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini" /t /e /c /p everyone:f
- <SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini
- %WINDIR%\Tasks\SA.DAT в C:\360隔离\Tasks\SA.DAT_83N
- %WINDIR%\Tasks\desktop.ini в C:\360隔离\Tasks\desktop.ini_83N