Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NtLmSsp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\lanmanserver] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\LmHosts] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\RpcLocator] 'Start' = '00000002'
- '<SYSTEM32>\net1.exe' start NtlmSsp
- '<SYSTEM32>\locator.exe'
- '<SYSTEM32>\net1.exe' start RpcLocator
- '<SYSTEM32>\net1.exe' stop SharedAccess
- '<SYSTEM32>\net.exe' stop SharedAccess
- '<SYSTEM32>\net1.exe' start lanmanserver
- '<SYSTEM32>\sc.exe' config NtlmSsp start= auto
- '<SYSTEM32>\sc.exe' config RpcLocator start= auto
- '<SYSTEM32>\sc.exe' config LmHosts start= auto
- '<SYSTEM32>\net1.exe' start LmHosts
- '<SYSTEM32>\sc.exe' config SharedAccess start= disabled
- '<SYSTEM32>\sc.exe' config lanmanserver start= auto
- из <Полный путь к вирусу> в fuck360
- '12#.##ewangzhe.net':5252
- DNS ASK 12#.##ewangzhe.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'