Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Sahara] 'ImagePath' = 'system32\drivers\Sahara.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Sahara] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\Sidney] 'ImagePath' = 'system32\drivers\Sidney.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Sidney] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\Scarlet] 'ImagePath' = 'system32\drivers\Scarlet.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Scarlet] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\Salvador] 'ImagePath' = 'system32\drivers\Salvador.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Salvador] 'Start' = '00000000'
- '%TEMP%\{3CD057E7-B91A-4EF0-8F45-6928C831162E}\HomeDecryptionUtility.exe'
- <DRIVERS>\Sahara.sfn
- <DRIVERS>\Shandy.sfn
- <DRIVERS>\Sphinx.sfn
- <DRIVERS>\Sidney.sfn
- %TEMP%\{3CD057E7-B91A-4EF0-8F45-6928C831162E}\HomeDecryptionUtility.exe
- %TEMP%\{3CD057E7-B91A-4EF0-8F45-6928C831162E}\HomeDecryptionUtilityLOC.dll
- <DRIVERS>\Salvador.sfn
- <DRIVERS>\Scarlet.sfn
- <DRIVERS>\Sahara.sfn в <DRIVERS>\Sahara.sys
- <DRIVERS>\Sidney.sfn в <DRIVERS>\Sidney.sys
- <DRIVERS>\Salvador.sfn в <DRIVERS>\Salvador.sys
- <DRIVERS>\Scarlet.sfn в <DRIVERS>\Scarlet.sys
- <DRIVERS>\Sphinx.sfn в <DRIVERS>\Sphinx.sys
- ClassName: '' WindowName: 'Symantec Endpoint Encryption Device Control - Offline Access Utility'