Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Hackaolisse3' = '%WINDIR%\svchosts2.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Hackaolisse2' = '%WINDIR%\hosts.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Hackaolisse1' = '%WINDIR%\svchosts.exe'
- <SYSTEM32>\netsh.exe firewall add portopening protocol=TCP port=5900 Name=Emule4 mode=ENABLE scope=All
- <SYSTEM32>\netsh.exe firewall add portopening protocol=TCP port=5900 Name=Emule5 mode=ENABLE scope=All
- <SYSTEM32>\netsh.exe firewall add portopening protocol=TCP port=5800 Name=Emule3 mode=ENABLE scope=All
- <SYSTEM32>\netsh.exe firewall add portopening protocol=TCP port=80 Name=Emule1 mode=ENABLE scope=All
- <SYSTEM32>\netsh.exe firewall add portopening protocol=TCP port=81 Name=Emule2 mode=ENABLE scope=All
- 'ha####s2.no-ip.biz':81
- 'ha####s2.no-ip.biz':80
- DNS ASK ha####s2.no-ip.biz
- '<IP-адрес в локальной сети>':1038
- ClassName: 'Shell_TrayWnd' WindowName: ''