Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\test] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\test] 'ImagePath' = '%WINDIR%\MyLover\MyLoverMain.exe'
- <DRIVERS>\beep.sys
- '<SYSTEM32>\net.exe' STOP Beep
- AVP.EXE
- 360tray.exe
- NtCreateProcessEx, драйвер-обработчик: Beep.SYS
- %WINDIR%\MyLover\MyLoverDll.dat
- %WINDIR%\MyLover\MyLoverSYS.dat
- <DRIVERS>\beep.sys.new
- <SYSTEM32>\dllcache\beep.sys.new
- %WINDIR%\MyLover\kaka.bat
- <SYSTEM32>\me.bat
- %WINDIR%\MyLover\kaka.bat в %WINDIR%\MyLover\MyLoverMain.exe
- ClassName: '' WindowName: 'Windows ????????'
- ClassName: '' WindowName: 'Windows ОДјю±Ј»¤'
- '%WINDIR%\MyLover\MyLoverMain.exe'
- '<SYSTEM32>\net1.exe' STOP Beep
- '<SYSTEM32>\net.exe' START Beep
- '<SYSTEM32>\net1.exe' START Beep
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\me.bat