Техническая информация
- [<HKLM>\SOFTWARE\Classes\ScanFill.Document\shell\open\command] '' = '<Полный путь к вирусу> "%1"'
- <SYSTEM32>\svchost.exe -k imgsvc
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- %TEMP%\TWAIN.LOG
- %TEMP%\Twunk001.MTX
- \Device\LanmanRedirector\*\mailslot\CE4D3E6A\query
- %TEMP%\Twain001.Mtx
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Twain Twunk_16' WindowName: 'Twain Twunk_16'
- ClassName: '' WindowName: 'IDA View-EIP'