Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\explorer.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v "LoadAppInit_DLLs" /t reg_dword /d 1 /f
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v "AppInit_DLLs" /t reg_sz /d "<SYSTEM32>\explorer.dll" /f
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v "AppInit_DLLs" /t reg_sz /d "<SYSTEM32>\explorer.dll" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\explorer.bat" <SYSTEM32>\explorer.dll"
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v "LoadAppInit_DLLs" /t reg_dword /d 1 /f
- %TEMP%\explorer.bat
- <SYSTEM32>\explorer.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''