Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Backup] 'Start' = '00000002'
- скрытых файлов
- %WINDIR%\cache\newver.exe
- %WINDIR%\cache\newver.exe /I
- %WINDIR%\cache\newver.exe /U
- <SYSTEM32>\net1.exe start backup
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\cache\run.bat" "
- <SYSTEM32>\wscript.exe "%WINDIR%\cache\fox.vbs"
- %WINDIR%\cache\FtpBackup-2012-10-23.log
- %WINDIR%\cache\newver.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_23ef5514-3059-436f-a4a7-4cefaab20eb1
- C:\RECYCLER\c.doc
- %WINDIR%\cache\lion.vbs
- %WINDIR%\cache\FtpBackup.config
- %WINDIR%\cache\fox.vbs
- %WINDIR%\cache\run.bat
- 'bl###reams.com':21
- DNS ASK bl###reams.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''