Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe %WINDIR%\system\spools.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = '%WINDIR%\system\spools.exe'
- '%WINDIR%\system\spools.exe'
- C:\abc\2013-04-17\2013-04-17 18_11_30.jpg
- C:\abc\2013-04-17\2013-04-17 18_11_56.jpg
- C:\abc\a.bmp
- %WINDIR%\system\spools.exe
- %TEMP%\~DF18A.tmp
- C:\abc\a.bmp