Техническая информация
- '%TEMP%\HaoZipc19_2157.exe'
- '%TEMP%\HaoZipc19_2157.exe' (загружен из сети Интернет)
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://jm#.net.cn/
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\HaoZipc19_2157[1].exe
- %TEMP%\HaoZipc19_2157.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\jmp.net[1]
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\89c5a4f4-fe40-4f0e-8679-d482d5c4186c
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- 'localhost':1039
- 'jm#.net.cn':80
- 'localhost':1036
- 'my.##da123.com':80
- my.##da123.com/down13/kwmusic16_2157.exe
- jm#.net.cn/
- my.##da123.com/down19/HaoZipc19_2157.exe
- DNS ASK jm#.net.cn
- DNS ASK my.##da123.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'