Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NetApi00] 'ImagePath' = 'C:\NetApi00.sys'
- '<Полный путь к вирусу>.log'
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\com\smss.exe /e /t /g %USERNAME%:F
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\com\smss.exe /e /t /g Everyone:F
- '<SYSTEM32>\cmd.exe' /c echo ok
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\com /e /t /g %USERNAME%:F
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\com /e /t /g Everyone:F
- AVPCC.EXE
- AVPM.EXE
- GUARD.EXE
- AVP.COM
- AVP.EXE
- AVP32.EXE
- <Полный путь к вирусу>.log
- <SYSTEM32>\Com\smss.exe
- C:\NetApi00.sys
- <SYSTEM32>\Com\smss.exe
- C:\NetApi00.sys
- C:\NetApi00.sys
- C:\NetApi00.sys
- ClassName: '' WindowName: '@@Йэј¶'
- ClassName: '' WindowName: '????'
- ClassName: '' WindowName: 'ЙЁГи'
- ClassName: '' WindowName: '@@????'
- ClassName: 'XOR' WindowName: 'MSCTFIME SMSS'
- ClassName: '' WindowName: 'SREng ????'
- ClassName: '' WindowName: 'SREng ЅйЙЬ'