Техническая информация
- '%WINDIR%\write32.exe'
- '<SYSTEM32>\cacls.exe' <DRIVERS>\etc\hosts /g everyone:f
- '<SYSTEM32>\cacls.exe' <DRIVERS>\etc\hosts.ics /g everyone:f
- '<SYSTEM32>\icacls.exe' /pid=0xb24 /log
- '<SYSTEM32>\cacls.exe' <DRIVERS>\etc /g everyone:f
- '<SYSTEM32>\icacls.exe' <DRIVERS>\etc /t /grant:r everyone:f
- '<SYSTEM32>\icacls.exe' <DRIVERS>\etc\hosts /t /grant:r everyone:f
- '<SYSTEM32>\icacls.exe' <DRIVERS>\etc\hosts.ics /t /grant:r everyone:f
- ClassName: '' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: ''
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FilemonClass' WindowName: ''
- ClassName: 'pediy06' WindowName: ''
- %WINDIR%\~.Bat
- <Служебный элемент>
- <SYSTEM32>\shan.bat
- %WINDIR%\write32.exe
- <DRIVERS>\etc\hosts
- ClassName: '18467-41' WindowName: ''