Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrss.exe' = '<DRIVERS>\csrss.exe'
- <SYSTEM32>\ntsd.exe -c q -pn iexplore.exe
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot /f
- %WINDIR%\regedit.exe -e <DRIVERS>\safe.reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
- iexplore.exe
- <DRIVERS>\safe.reg
- <DRIVERS>\csrss.exe
- ClassName: 'RegEdit_RegEdit' WindowName: ''