Техническая информация
- %WINDIR%\Tasks\Connectify Update.job
- [<HKLM>\SYSTEM\ControlSet001\Services\router.exe] 'ImagePath' = '<SYSTEM32>\router.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\router.exe] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\router.exe' = '<SYSTEM32>\router.exe:*:Enabled:Network Rout...
- '' (загружен из сети Интернет)
- firefox.exe
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyOverride' = '<-loopback>'
- [<HKLM>\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http=127.0.0.1:8080;https=127.0.0.1:8080;'
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\$WinMgmt.CFG
- %WINDIR%\Installer\25eb6.ipi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\INDEX.BTR
- %TEMP%\~DF1AC.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- %WINDIR%\Installer\MSIF.tmp
- %WINDIR%\Installer\MSI10.tmp
- %WINDIR%\Installer\MSI11.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- %WINDIR%\Installer\MSI1B.tmp
- %WINDIR%\Installer\MSI1C.tmp
- %WINDIR%\Installer\MSI1D.tmp
- <SYSTEM32>\makecert.exe
- C:\Config.Msi\25eb8.rbf
- %TEMP%\TBM1A.tmp
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Keys\D3061D65E9D5739C07CA49FC3DFE7B593BB81191
- <SYSTEM32>\router.xml
- %WINDIR%\Temp\update.exe
- %TEMP%\~DFC41E.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\7b90a71bfc56f2582e916a51aed6df9a_23ef5514-3059-436f-a4a7-4cefaab20eb1
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\A33E0A28A8D40D8166FC64D5B76A291DBCE99DE2
- <SYSTEM32>\FiddlerCore.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\OBJECTS.MAP
- %WINDIR%\Installer\MSI14.tmp
- %WINDIR%\Installer\MSI15.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\OBJECTS.DATA
- %WINDIR%\Installer\MSI12.tmp
- %WINDIR%\Installer\MSI13.tmp
- %WINDIR%\Installer\MSI18.tmp
- %APPDATA%\Connectify Setup\Connectify Setup 1.0.1\install\disk1.cab
- <SYSTEM32>\router.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %WINDIR%\Installer\MSI16.tmp
- C:\Config.Msi\25eb7.rbs
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- %WINDIR%\Installer\25eb2.ipi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- %TEMP%\~DF821E.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- %WINDIR%\Installer\25eb0.msi
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI2.tmp
- %APPDATA%\Connectify\Connectify 1.0.1\install\decoder.dll
- %APPDATA%\Connectify\Connectify 1.0.1\install\FDF3E91\Connectify.msi
- %TEMP%\24d7a.msi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- %WINDIR%\Installer\MSI3.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- %TEMP%\ConnectifyInstaller.exe
- %WINDIR%\Installer\MSIB.tmp
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js.back
- %APPDATA%\Connectify\Connectify 1.0.1\install\FDF3E91\settings.ini
- %APPDATA%\Connectify\Connectify 1.0.1\install\FDF3E91\TempFolder\ConnectifyInstaller.exe
- %APPDATA%\Connectify\settings.ini
- %TEMP%\3258a.msi
- %WINDIR%\Installer\25eb4.msi
- %WINDIR%\Installer\MSIE.tmp
- %WINDIR%\Installer\MSIC.tmp
- %TEMP%\~DFFAAB.tmp
- %APPDATA%\Connectify Setup\Connectify Setup 1.0.1\install\Connectify Setup.msi
- %WINDIR%\Installer\MSIA.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- %WINDIR%\Installer\MSI4.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- %WINDIR%\Installer\MSI7.tmp
- C:\Config.Msi\25eb3.rbs
- %WINDIR%\Installer\MSI9.tmp
- %WINDIR%\Installer\MSI5.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- %WINDIR%\Installer\MSI6.tmp
- C:\Config.Msi\25eb8.rbf
- %WINDIR%\Installer\MSI16.tmp
- %WINDIR%\Installer\MSI15.tmp
- %WINDIR%\Installer\MSI18.tmp
- %WINDIR%\Installer\MSI1C.tmp
- %WINDIR%\Installer\MSI1B.tmp
- %APPDATA%\Connectify\Connectify 1.0.1\install\FDF3E91\Connectify.msi
- %APPDATA%\Connectify\Connectify 1.0.1\install\decoder.dll
- %APPDATA%\Connectify\Connectify 1.0.1\install\FDF3E91\settings.ini
- %WINDIR%\Installer\MSI14.tmp
- %APPDATA%\Connectify\Connectify 1.0.1\install\FDF3E91\TempFolder\ConnectifyInstaller.exe
- %WINDIR%\Installer\25eb6.ipi
- %WINDIR%\Installer\25eb4.msi
- %TEMP%\3258a.msi
- %APPDATA%\Connectify Setup\Connectify Setup 1.0.1\install\disk1.cab
- %APPDATA%\Connectify Setup\Connectify Setup 1.0.1\install\Connectify Setup.msi
- %WINDIR%\Installer\MSI1D.tmp
- %WINDIR%\Installer\MSI12.tmp
- C:\Config.Msi\25eb8.rbf
- %WINDIR%\Installer\MSI13.tmp
- C:\Config.Msi\25eb7.rbs
- %WINDIR%\Installer\MSI9.tmp
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSIB.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSIE.tmp
- %TEMP%\24d7a.msi
- %WINDIR%\Installer\MSIF.tmp
- %WINDIR%\Installer\MSI11.tmp
- %WINDIR%\Installer\MSI10.tmp
- %WINDIR%\Installer\MSIC.tmp
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js.back
- C:\Config.Msi\25eb3.rbs
- %WINDIR%\Installer\25eb2.ipi
- %WINDIR%\Installer\25eb0.msi
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js.back
- 'www.se###hly.org':80
- 'wp#d':80
- 'localhost':8080
- http://www.se###hly.org/s/router.xml
- http://www.se###hly.org/s/update.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- http://www.se###hly.org/s/router.xml via localhost
- http://www.se###hly.org/s/update.exe via localhost
- DNS ASK www.se###hly.org
- DNS ASK wp#d
- '<SYSTEM32>\makecert.exe' -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fi###er2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 132 -b 12/04/2016
- '%WINDIR%\Temp\update.exe'
- '%TEMP%\ConnectifyInstaller.exe'
- '<SYSTEM32>\router.exe'
- '<SYSTEM32>\msiexec.exe' /i "%APPDATA%\Connectify Setup\Connectify Setup 1.0.1\install\Connectify Setup.msi" AI_SETUPEXEPATH=%TEMP%\ConnectifyInstaller.exe SETUPEXEDIR=%TEMP%\ EXE_CMD_LINE="/exenoupdates /exelang 0 /n...
- '<SYSTEM32>\msiexec.exe' -Embedding 5F2715A35447290524A4AF81C400944B
- '<SYSTEM32>\msiexec.exe' -Embedding AD20E90924B28EDBC0A5BAD971DE762D M Global\MSI0000
- '<SYSTEM32>\msiexec.exe' -Embedding A80EF451A01A0D1EB232CF9F173C87D0 M Global\MSI0000
- '<SYSTEM32>\msiexec.exe' /i "%APPDATA%\Connectify\Connectify 1.0.1\install\FDF3E91\Connectify.msi" AI_SETUPEXEPATH=<Полный путь к файлу> SETUPEXEDIR=<Текущая директория>\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprer...
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 63F55C562481D4A5DCCE9953A4897D0E