Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinAudio] 'Start' = '00000002'
- %PROGRAM_FILES%\%Program Files%\laass.exe 1020.URL main
- <SYSTEM32>\rundll32.exe 1020.URL main
- <SYSTEM32>\sc.exe \\10.0.1.2 config "WinAudio" binpath= "cmd.exe /c %PROGRAM_FILES%\%Program Files%\Cest.bat" start= auto type= interact type= own obj= localsystem password= ""
- <SYSTEM32>\cmd.exe /c "%PROGRAM_FILES%\%Program Files%\Dest.bat"
- <SYSTEM32>\sc.exe \\10.0.1.2 create "WinAudio" binpath= "cmd.exe /c %PROGRAM_FILES%\%Program Files%\Cest.bat" start= auto type= interact type= own displayname= "WinAudio"
- %PROGRAM_FILES%\%Program Files%\Dest.BAt
- %PROGRAM_FILES%\%Program Files%\1020.URL
- \Device\LanmanRedirector\10.0.1.2\pipe\svcctl
- %PROGRAM_FILES%\%Program Files%\Cest.bat
- %PROGRAM_FILES%\%Program Files%\laass.exe
- %PROGRAM_FILES%\%Program Files%\1018.URL
- %PROGRAM_FILES%\%Program Files%\~
- 'mi####l163.3322.org':565
- '<IP-адрес в локальной сети>':445
- DNS ASK mi####l163.3322.org
- '<IP-адрес в локальной сети>':1035