Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SEAPWBHIDEPRO] 'Start' = '00000002'
- '%WINDIR%\GF\gmdeployer.exe'
- '%WINDIR%\GF\installProdrv.exe'
- '<SYSTEM32>\find.exe' /i "WinVNC4.exe"
- '<SYSTEM32>\find.exe' /i "Manager.exe"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\GF\Winxp.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\GF\GF.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\GF\GF.bat" "
- '<SYSTEM32>\tasklist.exe'
- NtQuerySystemInformation, драйвер-обработчик: sephidepro.sys
- %WINDIR%\GF\单个检测.bat
- %WINDIR%\GF\Winxp.vbs
- %WINDIR%\GF\Win71.vbs
- %WINDIR%\GF\单个检测.vbs
- %WINDIR%\GF\gfclientdeployer.log
- %WINDIR%\GF\多个检测.vbs
- %WINDIR%\GF\多个检测.bat
- %WINDIR%\GF\installProdrv.exe
- %WINDIR%\GF\gmdeployer.exe
- %WINDIR%\GF\gmdeployer.cfg
- %WINDIR%\GF\sephidepro.sys
- %WINDIR%\GF\Win7.vbs
- %WINDIR%\GF\GF.vbs
- %WINDIR%\GF\GF.bat
- '<IP-адрес в локальной сети>':8808
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''