Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Microsoft® Windows® Operating System.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\gpsvs] 'Start' = '00000002'
- C:\MSOCache\lsass.exe -i
- <SYSTEM32>\net1.exe stop gpsvs
- <SYSTEM32>\net1.exe start gpsvs
- <SYSTEM32>\net.exe stop gpsvs
- <SYSTEM32>\wscript.exe "C:\MSOCache\test.vbs"
- <SYSTEM32>\cmd.exe /c ""C:\MSOCache\start1.bat" "
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- C:\MSOCache\lsass.lnk
- C:\MSOCache\DirX.log
- C:\MSOCache\enc_config.ini
- C:\MSOCache\lsass.exe
- C:\MSOCache\config.ini
- C:\MSOCache\start1.bat
- C:\MSOCache\test.vbs
- 'ft#.###istration.net':21
- DNS ASK ft#.###istration.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''