Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Network service] 'Start' = '00000002'
- '<SYSTEM32>\lsserv.exe'
- '<SYSTEM32>\sc.exe' config "Network service" start= auto
- '<SYSTEM32>\sc.exe' create "Network service" binPath= "<SYSTEM32>\lsserv.exe" start= auto error= ignore
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\ab05238268f1cc375ebeab81151dd45f_23ef5514-3059-436f-a4a7-4cefaab20eb1
- <SYSTEM32>\lsserv.exe
- 'ma###atsa.net':443
- 'ma###atsa.com':443
- DNS ASK ma###atsa.net
- DNS ASK ma###atsa.com