Техническая информация
- [HKLM\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off
- '%WINDIR%\syswow64\taskkill.exe' /F /IM httpd.exe
- '%WINDIR%\syswow64\taskkill.exe' /F /IM ngnix.exe
- 'cl.##p-cgi.com':80
- http://cl.##p-cgi.com/
- DNS ASK cl.##p-cgi.com
- 'localhost':49998
- 'localhost':50128
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\tasklist.exe' (со скрытым окном)
- '%WINDIR%\syswow64\tasklist.exe' /FI "IMAGENAME eq httpd.exe"
- '%WINDIR%\syswow64\tasklist.exe' /FI "IMAGENAME eq nginx.exe"
- '%WINDIR%\syswow64\tasklist.exe' /FI "IMAGENAME eq w3wp.exe"
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM ngnix.exe (со скрытым окном)