Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SDSR] 'Start' = '00000002'
- '<SYSTEM32>\129138\haozip.exe'
- '%PROGRAM_FILES%\Directs\setup.exe'
- '%TEMP%\is-JQUSQ.tmp\<Имя вируса>.tmp' /SL5="$40036,478119,52224,<Полный путь к вирусу>"
- '%PROGRAM_FILES%\Directs\HaoZipss.exe'
- '<SYSTEM32>\129138\haozip.exe' (загружен из сети Интернет)
- %PROGRAM_FILES%\Directs\is-SL8MV.tmp
- %PROGRAM_FILES%\Directs\is-FO1FQ.tmp
- %PROGRAM_FILES%\httpsfilteres\Intelliges.exe
- <SYSTEM32>\129138\haozip.exe
- %PROGRAM_FILES%\Directs\is-J8UQ7.tmp
- %TEMP%\is-9FTIF.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-JQUSQ.tmp\<Имя вируса>.tmp
- %PROGRAM_FILES%\Directs\is-RRBPI.tmp
- %TEMP%\is-9FTIF.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-JQUSQ.tmp\<Имя вируса>.tmp
- %TEMP%\is-9FTIF.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-9FTIF.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\Directs\is-FO1FQ.tmp в %PROGRAM_FILES%\Directs\UDP.dll
- %PROGRAM_FILES%\Directs\is-SL8MV.tmp в %PROGRAM_FILES%\Directs\setup.exe
- %PROGRAM_FILES%\Directs\is-RRBPI.tmp в %PROGRAM_FILES%\Directs\Icon_msi.ico
- %PROGRAM_FILES%\Directs\is-J8UQ7.tmp в %PROGRAM_FILES%\Directs\HaoZipss.exe
- 'do####ad.haozip.com':80
- do####ad.haozip.com/uniondown/haozip_silence.200228.exe
- DNS ASK do####ad.haozip.com
- ClassName: 'Shell_TrayWnd' WindowName: ''