Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe "<SYSTEM32>\expl0rer.exe"'
- '%TEMP%\rar3.EXE'
- '%TEMP%\tmp32.EXE'
- <SYSTEM32>\expl0rer.exe
- %TEMP%\rar3.EXE
- %TEMP%\tmp32.EXE
- %TEMP%\rar3.EXE
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Jammer'