Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinFaxExt] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\RpcAccessMgr] 'Start' = '00000002'
- '%WINDIR%\Temp\TMP1.nms'
- '%WINDIR%\Temp\TMP1.nms' -t 6 -r -a 16777343 -i
- '%WINDIR%\Temp\TMP1.nms' -t 6 -r -a 16777343
- \Device\LanmanRedirector\20.20.11.6*\MAILSLOT\NET\NETLOGON
- \Device\LanmanRedirector\20.20.1.14*\MAILSLOT\NET\NETLOGON
- <SYSTEM32>\LB12313.nms
- \Device\LanmanRedirector\20.20.1.24*\MAILSLOT\NET\NETLOGON
- \Device\LanmanRedirector\20.20.1.13*\MAILSLOT\NET\NETLOGON
- %WINDIR%\Temp\TMP1.nms
- <SYSTEM32>\wlandlg.nms
- \Device\LanmanRedirector\20.20.11.7*\MAILSLOT\NET\NETLOGON
- <SYSTEM32>\LB12312.nms
- %WINDIR%\Temp\i18n.nms
- <SYSTEM32>\LB12312.nms
- '20.#0.1.16':445
- '20.#0.1.11':139
- '20.#0.1.20':445
- '20.#0.1.17':445
- '20.#0.1.11':445
- '20.#0.11.9':139
- '20.#0.11.8':139
- '20.#0.1.10':445
- '20.#0.1.13':445
- '20.#0.1.25':139
- '20.#0.1.25':445
- '20.#0.1.20':139
- '20.#0.1.17':139
- '20.#0.1.24':139
- '20.#0.1.18':445
- '20.#0.1.21':445
- '20.#0.1.24':445
- '20.#0.1.18':139
- '20.#0.1.4':445
- '20.#0.1.3':445
- '11#.#17.190.218':8080
- '20.#0.1.4':139
- '20.#0.11.9':445
- '20.#0.11.6':445
- '11#.#17.190.218':443
- '20.#0.11.8':445
- '20.#0.11.7':445
- '20.#0.1.12':139
- '20.#0.1.12':445
- '20.#0.11.6':139
- '11#.#17.190.218':55664
- '20.#0.1.15':445
- '20.#0.9.21':443
- '20.#0.1.5':445
- '21#.#27.39.29':80
- '20.#0.1.14':445