Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"%TEMP%\explorer.exe",'
- %TEMP%\explorer.exe
- <SYSTEM32>\extrac32.exe "%TEMP%\~dftemp.tmp" "%TEMP%\explorer.exe"
- %TEMP%\explorer.exe
- %TEMP%\~dftemp.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''