Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinAudio] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\lanmanserver] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\RpcSs] 'Start' = '00000002'
- <SYSTEM32>\sc.exe \\127.0.0.1 create "WinAudio" binpath= "cmd.exe /c "%PROGRAM_FILES%\%PROGR~1\Cest.bat"" start= auto type= interact type= own displayname= "Audio Driver"
- <SYSTEM32>\sc.exe start LanmanServer
- <SYSTEM32>\sc.exe \\127.0.0.1 description "WinAudio" "Audio Driver."
- <SYSTEM32>\sc.exe \\127.0.0.1 config "WinAudio" binpath= "cmd.exe /c "%PROGRAM_FILES%\%PROGR~1\Cest.bat"" start= auto type= interact type= own obj= localsystem password= ""
- <SYSTEM32>\sc.exe config LanmanServer start= auto
- <SYSTEM32>\sc.exe config RpcSs start= auto
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\%Program Files%\cest.bat""
- <SYSTEM32>\sc.exe start RpcSs
- <SYSTEM32>\rundll32.exe 725.vir main
- %PROGRAM_FILES%\%Program Files%\~
- %PROGRAM_FILES%\%Program Files%\725.vir
- \Device\LanmanRedirector\127.0.0.1\pipe\svcctl
- %PROGRAM_FILES%\%Program Files%\Cest.bat
- %PROGRAM_FILES%\%Program Files%\ntldr.SYS
- %PROGRAM_FILES%\%Program Files%\laass.exe
- %PROGRAM_FILES%\%Program Files%\363.VBS
- C:\ntldr.SYS
- 'localhost':445
- 'li####o.3322.org':2011
- DNS ASK li####o.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''