Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinAudio] 'Start' = '00000002'
- <SYSTEM32>\rundll32.exe 808.vir main
- <SYSTEM32>\sc.exe \\127.0.0.1 config "WinAudio" binpath= "cmd.exe /c "%PROGRAM_FILES%\%PROGR~1\Cest.bat"" start= auto type= interact type= own obj= localsystem password= ""
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\%Program Files%\cest.bat""
- <SYSTEM32>\sc.exe \\127.0.0.1 create "WinAudio" binpath= "cmd.exe /c "%PROGRAM_FILES%\%PROGR~1\Cest.bat"" start= auto type= interact type= own displayname= "Audio Driver"
- %PROGRAM_FILES%\%Program Files%\~
- %PROGRAM_FILES%\%Program Files%\808.vir
- \Device\LanmanRedirector\127.0.0.1\pipe\svcctl
- %PROGRAM_FILES%\%Program Files%\Cest.bat
- %PROGRAM_FILES%\%Program Files%\ntldr.SYS
- %PROGRAM_FILES%\%Program Files%\laass.exe
- %PROGRAM_FILES%\%Program Files%\363.VBS
- C:\ntldr.SYS
- 'dg####an.3322.org':2011
- 'localhost':139
- 'localhost':445
- DNS ASK dg####an.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''