Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\¹½Ç1] 'ImagePath' = '%WINDIR%\¹½Ç1.sys'
- [<HKLM>\System\CurrentControlSet\Services\qiongBe] 'ImagePath' = '%TEMP%\qiongBe'
- '¹½Ç1' %WINDIR%\¹½Ç1.sys
- 'qiongBe' %TEMP%\qiongBe
- %WINDIR%\ГўВ№ВЅГ§1.sys
- %TEMP%\qiongbe
- %WINDIR%\ГўВ№ВЅГ§.sys
- %WINDIR%\ГўВ№ВЅГ§1.sys
- %TEMP%\qiongbe
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\¹½Ç.sys /e /t /p everyone:N' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\¹½Ç.sys /e /t /p SYSTEM:N' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\¹½Ç.sys /e /t /p Administrator:N' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\¹½Ç.sys /e /t /p Administrators:N' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\¹½Ç.sys /e /t /p everyone:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\¹½Ç.sys /e /t /p SYSTEM:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\¹½Ç.sys /e /t /p Administrator:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe %WINDIR%\¹½Ç.sys /e /t /p Administrators:N
- '%WINDIR%\syswow64\cacls.exe' %WINDIR%\¹½Ç.sys /e /t /p everyone:N
- '%WINDIR%\syswow64\cacls.exe' %WINDIR%\¹½Ç.sys /e /t /p Administrator:N
- '%WINDIR%\syswow64\cacls.exe' %WINDIR%\¹½Ç.sys /e /t /p Administrators:N
- '%WINDIR%\syswow64\cacls.exe' %WINDIR%\¹½Ç.sys /e /t /p SYSTEM:N