Техническая информация
- %WINDIR%\system\tmp.exe
- %PROGRAM_FILES%\Haomake\smss.exe
- %PROGRAM_FILES%\Haomake\update.exe
- %PROGRAM_FILES%\Haomake\link.exe
- <SYSTEM32>\regsvr32.exe /s "%CommonProgramFiles%\PushWare\cpush.dll"
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\Haomake\VClass.dll"
- %WINDIR%\Explorer.EXE
- %PROGRAM_FILES%\Haomake\smss.exe
- %TEMP%\nss2.tmp
- %PROGRAM_FILES%\Haomake\link.exe
- %WINDIR%\system\tmp.exe
- %PROGRAM_FILES%\WinPOP\WinPOP5.0_Log.txt
- %PROGRAM_FILES%\Haomake\Link.dat
- %PROGRAM_FILES%\WinPOP\Process.dat
- %CommonProgramFiles%\PushWare\Uninst.exe
- %CommonProgramFiles%\PushWare\cpush.dll
- %PROGRAM_FILES%\Haomake\update.ini
- <SYSTEM32>\isurl.exe
- %PROGRAM_FILES%\Haomake\update.exe
- %PROGRAM_FILES%\Haomake\install.dat
- %PROGRAM_FILES%\Haomake\res.dat
- %PROGRAM_FILES%\Haomake\VClass.dll
- %PROGRAM_FILES%\Haomake\WinPOP.dll
- %PROGRAM_FILES%\Haomake\pushsum.dll
- %PROGRAM_FILES%\Haomake\HookIE.dll
- %PROGRAM_FILES%\Haomake\IEsafe.dll
- %WINDIR%\system\tmp.exe
- 'ad.#o118.cn':80
- 'po#.#o118.cn':80
- 'www.so##8.cn':80
- po#.#o118.cn/update/Process.txt
- ad.#o118.cn/push.php?ve###
- www.so##8.cn/update/ico/
- www.so##8.cn/update/update.txt
- www.so##8.cn/update/link.txt
- DNS ASK po#.#o118.cn
- DNS ASK ad.#o118.cn
- DNS ASK www.so##8.cn