Техническая информация
- %WINDIR%\Tasks\wincorusb.job
- %WINDIR%\Tasks\NCRusb.job
- %WINDIR%\Tasks\diebold1usb.job
- [<HKLM>\SYSTEM\ControlSet001\Services\EpsAgent] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\EpsAgent] 'ImagePath' = '<SYSTEM32>\srvany.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\net.exe' stop SharedAccess
- <Текущая директория>\disableFw.cmd
- <Текущая директория>\createSchtasks.cmd
- '<SYSTEM32>\cmd.exe' /c unzip -o "<Текущая директория>\EPS_deploy.zip" -d C:\EPS\
- '<SYSTEM32>\cmd.exe' /c disableFw.cmd
- '<SYSTEM32>\cmd.exe' /c createSchtasks.cmd
- '<SYSTEM32>\schtasks.exe' /create /ru BRIATM08 /rp BRI16DES /tn "wincorusb" /tr "C:\EPS\usbsecure.exe" /sc ONLOGON
- '<SYSTEM32>\schtasks.exe' /create /ru abcdwxyz /rp admin1234ADMIN /tn "NCRusb" /tr "C:\EPS\usbsecure.exe" /sc ONLOGON
- '<SYSTEM32>\net1.exe' stop SharedAccess
- '<SYSTEM32>\schtasks.exe' /create /ru manage_atm /rp diebold /tn "diebold1usb" /tr "C:\EPS\usbsecure.exe" /sc ONLOGON