Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Rising' = '<SYSTEM32>\Rising.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,dvdplar.exe,'
- %HOMEPATH%\Start Menu\Programs\Startup\Tools.exe
- '<SYSTEM32>\shutdown.exe' -r -f -t 1
- <SYSTEM32>\Rising.exe
- %WINDIR%\SysCheck.exe
- <SYSTEM32>\dvdplar.exe
- %TEMP%\~DFD9A8.tmp