Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\ .lnk
- '%TEMP%\Chrome.exe'
- '<SYSTEM32>\proquota.exe'
- <SYSTEM32>\proquota.exe
- ClassName: 'OLLYDBG' WindowName: '(null)'
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Windows\9mW1b.cfg
- %APPDATA%\Microsoft\Windows\9mW1b.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\watch[1]
- %TEMP%\ico.ico
- %TEMP%\Chrome.exe
- %TEMP%\new.url
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\28d609cb-2e2a-49d5-ad40-42ac6c4e1ee9
- %APPDATA%\Microsoft\Windows\9mW1b.dat
- %APPDATA%\Microsoft\Windows\9mW1b.cfg
- 'go####y.zapto.org':4430
- 'ba###p.mooo.com':4430
- 'localhost':1041
- 'localhost':1038
- 'www.yo##ube.com':80
- www.yo##ube.com/watch?v=###########
- DNS ASK ba###p.mooo.com
- DNS ASK go####y.zapto.org
- DNS ASK www.yo##ube.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'WispWindowClass' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'