Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Taskmngr] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- C:\MSOCache\jusched.exe
- C:\MSOCache\jusched.exe /I
- <SYSTEM32>\net1.exe start Taskmngr
- <SYSTEM32>\attrib.exe %WINDIR% +s +h
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\wscript.exe "C:\MSOCache\test.vbs"
- <SYSTEM32>\cmd.exe /c ""C:\MSOCache\start.bat" "
- C:\MSOCache\start.bat
- C:\MSOCache\FtpBackup-2012-10-11.log
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_23ef5514-3059-436f-a4a7-4cefaab20eb1
- C:\MSOCache\FtpBackup.config
- C:\MSOCache\jusched.exe
- C:\MSOCache\test.vbs
- 'de###martin.net':21
- DNS ASK de###martin.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''