Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'observer' = '<SYSTEM32>\observer.exe'
- '<SYSTEM32>\observer.exe'
- 'C:\juntuan.exe'
- <SYSTEM32>\psw.bpl
- <SYSTEM32>\observer.exe
- C:\juntuan.exe
- ClassName: '#32770' WindowName: ''
- ClassName: 'Static' WindowName: ''
- ClassName: 'ComboBox' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'JunTuanObserver' WindowName: ''