Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\sas] 'Name' = '"%TEMP%\sas1.tmp"'
- [<HKLM>\SYSTEM\ControlSet001\Services\sas] 'Start' = '00000001'
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Temp\sas2.tmp
- <SYSTEM32>\itsgod.sys
- %TEMP%\sas1.tmp