Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WTool] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\WTool] 'ImagePath' = '%WINDIR%\Media\Desktop.ini:vmnet.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\heng_pro] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\heng_pro] 'ImagePath' = '%WINDIR%\Media\Desktop.ini:tabletoc.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\ASTTools] 'ImagePath' = '<DRIVERS>\SuperDeletor.sys'
- <SYSTEM32>\svchost.exe
- NtOpenProcess, драйвер-обработчик: tabletoc.sys
- %WINDIR%\Media\Desktop.ini:vmnet.sys
- %WINDIR%\Media\Desktop.ini:tabletoc.sys
- <DRIVERS>\SuperDeletor.sys
- <DRIVERS>\SuperDeletor.sys
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\svchost.exe' 3389