Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{BECE44C0-9449-4b5b-A99E-0EE7DB726E77}] 'StubPath' = '%ALLUSERSPROFILE%\Documents\sanstart.cpl'
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\rundll32.exe' Shell32.dll,Control_RunDLL "%ALLUSERSPROFILE%\Documents\sanstart.cpl"
- '<SYSTEM32>\control.exe' "%ALLUSERSPROFILE%\Documents\sanstart.cpl"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %TEMP%\final.pdf
- %WINDIR%\Explorer.EXE
- %ALLUSERSPROFILE%\Documents\sanshell.bin
- %ALLUSERSPROFILE%\Documents\sanstart.cpl
- %ALLUSERSPROFILE%\Documents\sanmain.plg
- %TEMP%\svchost.exe
- %TEMP%\FINAL.pdf
- %TEMP%\svchost.exe в %TEMP%\cxt1.tmp
- '61.##8.122.147':5001
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'