Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'wininet' = '<File name>.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'EXPLORER.EXE %WINDIR%\RUNDLL.BAT'
- %WINDIR%\nvcvc32.exe
- %WINDIR%\rundll.bat
- %WINDIR%\rundll.bat
- %WINDIR%\nvcvc32.exe
- ClassName: '' WindowName: 'Äèñïåò÷åð çà äà ÷ Windows'
- ClassName: '' WindowName: 'Çà ïóñê ïðîãðà ììû'
- ClassName: '' WindowName: 'Ìîé êîìïüþòåð'
- '%WINDIR%\syswow64\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "EXPLORER.EXE %WINDIR%\RUNDLL.BAT" /f' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "EXPLORER.EXE %WINDIR%\RUNDLL.BAT" /f