Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NPF] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\DbProtectSupport] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' create NPF binPath= "%PROGRAM_FILES%\DbProtectSupport\npf.sys" type= kernel start= auto
- '<SYSTEM32>\sc.exe' create DbProtectSupport binpath= "%PROGRAM_FILES%\DbProtectSupport\svchost.exe" type= own start= auto
- '<SYSTEM32>\sc.exe' start DbProtectSupport
- '<SYSTEM32>\sc.exe' start NPF
- '<SYSTEM32>\sc.exe' delete NPF
- '<SYSTEM32>\sc.exe' stop DbProtectSupport
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\anzhuang.bat" "
- '<SYSTEM32>\sc.exe' stop NPF
- '<SYSTEM32>\sc.exe' delete DbProtectSupport
- %PROGRAM_FILES%\DbProtectSupport\svchost.exe
- %PROGRAM_FILES%\DbProtectSupport\npf.sys
- %PROGRAM_FILES%\DbProtectSupport\Packet.dll
- <Текущая директория>\anzhuang.bat
- <Текущая директория>\npf.sys
- <Текущая директория>\Packet.dll
- <Текущая директория>\svchost.exe
- <Текущая директория>\Packet.dll
- <Текущая директория>\npf.sys
- <Текущая директория>\svchost.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''