Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\beZE78TR] 'ImagePath' = '<DRIVERS>\beZE78TR.sys'
- <SYSTEM32>\notepad.exe
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- <DRIVERS>\beZE78TR.sys
- <SYSTEM32>\Base.dll
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- <DRIVERS>\beZE78TR.sys
- ClassName: 'Notepad' WindowName: ''
- ClassName: 'Edit' WindowName: ''
- ClassName: 'CrossFire' WindowName: '????????'
- ClassName: 'CrossFire' WindowName: 'ґ©ФЅ»рПЯ'
- '<SYSTEM32>\notepad.exe'