Техническая информация
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020070720200708\index.dat
- %TEMP%\6e97.tmp
- %TEMP%\6fa2.tmp
- %TEMP%\703f.tmp
- %WINDIR%\bsq.ini
- %TEMP%\6e97.tmp
- %TEMP%\6fa2.tmp
- %TEMP%\703f.tmp
- <DRIVERS>\etc\hosts
- <DRIVERS>\etc\services
- http://www.bs#.cc/cj/1.php
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://yx.##dfyl.com/cjbs.html
- http://yx.####feng999.com:6002/kss_api/io.php?a=######################################################################## via yx.###nfeng999.com
- http://yx.####feng999.com:6002/kss_api/io.php?a=####################################################################### via yx.###nfeng999.com
- DNS ASK bs#.cc
- DNS ASK 36#.##naupdate.com
- DNS ASK microsoft.com
- DNS ASK yx.##dfyl.com
- DNS ASK yx.###nfeng999.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p everyone:F' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p everyone:F
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p everyone:F