Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nah_Shell' = '%HOMEPATH%\nah_etcn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\explorer.exe' = '%WINDIR%\explorer.exe:*:Enabled:Windows Explorer'
- <SYSTEM32>\dwwin.exe
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\nah_etcn.exe
- '17#.#6.3.200':80
- 17#.#6.3.200/system/prinimalka.py/command?us###############################################
- 17#.#6.3.200/system/prinimalka.py/options?us################################################################################
- 17#.#6.3.200/system/prinimalka.py/forms
- ClassName: 'Indicator' WindowName: ''