Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '\WINDOWS\system32\userinit.exe,\WINDOWS\system32\system32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\regsvr32.exe' <SYSTEM32>\MSINET.OCX /s
- <SYSTEM32>\sys.html
- <SYSTEM32>\MSINET.OCX
- <SYSTEM32>\system32.exe
- <SYSTEM32>\system32.exe
- <SYSTEM32>\sys.html
- %WINDIR%\Media\Windows XP Balloon.wav
- 'localhost':1035