Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%WINDIR%\ClockService.exe'
- '%WINDIR%\ProtectTool.exe'
- '%WINDIR%\ClockService.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\lsass.exe
- System
- <SYSTEM32>\winlogon.exe
- %TEMP%\0x12kds.jpg
- %TEMP%\aut5.tmp
- %TEMP%\zufoyyr
- %TEMP%\rayempq
- %TEMP%\aut6.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut2.tmp
- %TEMP%\bihrisc
- %TEMP%\aut1.tmp
- %WINDIR%\ClockService.exe
- %TEMP%\aut3.tmp
- %WINDIR%\ProtectTool.exe
- %TEMP%\aut5.tmp
- %TEMP%\zufoyyr
- %TEMP%\rayempq
- %TEMP%\aut6.tmp
- %TEMP%\aut4.tmp
- %TEMP%\bihrisc
- %TEMP%\aut1.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'