Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = '%TEMP%\rundll32 .exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{7M8A6G00-3I18-11C0-821H-444200140P0S}] 'StubPath' = '<SYSTEM32>\OLE32Init.exe'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %TEMP%\rundll32 .exe
- %TEMP%\winamp\svhost.exe
- %TEMP%\%tmp%.exe
- %WINDIR%\syswow64\ole32init.exe
- %WINDIR%\regsvr32.exe
- %TEMP%\rundll32 .exe
- %TEMP%\winamp\svhost.exe
- %WINDIR%\syswow64\ole32init.exe
- ClassName: 'ToolTip16_' WindowName: ''
- ClassName: 'ToolTip32_' WindowName: ''
- ClassName: 'Magic_PS' WindowName: ''
- ClassName: 'System32_' WindowName: ''
- ClassName: 'tooltips_class16_' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- '%TEMP%\%tmp%.exe'