Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '37f3731a3' = 'wscript "<SYSTEM32>\37f3731a3.f55" //b //e:vbscript'
- [<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\ipconfig.exe
- <SYSTEM32>\net1.exe stop mpssvc
- <SYSTEM32>\net.exe stop mpssvc
- <SYSTEM32>\net.exe stop sharedaccess
- <Текущая директория>\redirect.non
- <SYSTEM32>\37f3731a3.f55
- <Текущая директория>\location.non
- <Текущая директория>\gate.temp.dat
- <Текущая директория>\local.temp.dat
- <Текущая директория>\location.non
- <Текущая директория>\redirect.non
- <Текущая директория>\gate.temp.dat
- <Текущая директория>\local.temp.dat
- 'ip###cation.com':80
- 'fm###rk.t35.com':80
- 'fm####k.110mb.com':80
- 'www.fo##yip.com':80
- 'www.wh###smyip.com':80
- 'www.wh###myip.org':80
- ip###cation.comhttp://ip2location.com/
- www.fo##yip.comhttp://www.formyip.com/
- DNS ASK ip###cation.com
- DNS ASK fm###rk.t35.com
- DNS ASK fm####k.110mb.com
- DNS ASK www.fo##yip.com
- DNS ASK www.wh###smyip.com
- DNS ASK www.wh###myip.org