Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\fltsrv] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\volume_tracker] 'ImagePath' = 'System32\DRIVERS\volume_tracker.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\volume_tracker] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\snapman] 'ImagePath' = 'System32\DRIVERS\snapman.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\snapman] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\fltsrv] 'ImagePath' = 'System32\DRIVERS\fltsrv.sys'
- %TEMP%\2868calkrtk
- %TEMP%\aut1.tmp
- %TEMP%\2868calkrtk
- %TEMP%\aut1.tmp
- '<SYSTEM32>\sc.exe' start snapman
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\SC.exe create fltsrv type= kernel start= boot binpath= SYSTEM32\DRIVERS\fltsrv.sys DisplayName= fltsrv
- '<SYSTEM32>\sc.exe' create fltsrv type= kernel start= boot binpath= SYSTEM32\DRIVERS\fltsrv.sys DisplayName= fltsrv
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\SC.exe create snapman type= kernel start= boot binpath= SYSTEM32\DRIVERS\snapman.sys DisplayName= snapman
- '<SYSTEM32>\sc.exe' create snapman type= kernel start= boot binpath= SYSTEM32\DRIVERS\snapman.sys DisplayName= snapman
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\SC.exe start snapman