Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'userinit' = '%APPDATA%\ProcDiag.exe'
- Command Prompt (CMD)
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- User Account Control (UAC)
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoControlPanel' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- %APPDATA%\procdiag.exe
- '<SYSTEM32>\shutdown.exe' -r -t 0' (with hidden window)
- '<SYSTEM32>\shutdown.exe' -r -t 0