Техническая информация
- %WINDIR%\Explorer.EXE
- Библиотека-обработчик для всех процессов: %PROGRAM_FILES%\Internet Explorer\HMMACPI32.dll
- NtQueryDirectoryFile, драйвер-обработчик: LaxEx.sys
- <Полный путь к вирусу>
- C:\Boot.log
- <Текущая директория>\res.ini
- %TEMP%\ERROR7373.tmp
- <DRIVERS>\LaxEx.sys
- %PROGRAM_FILES%\Internet Explorer\HMMACPI32.dll
- %PROGRAM_FILES%\Internet Explorer\HMMCOM32.dll
- ClassName: 'SysListView32' WindowName: 'FolderView'
- ClassName: 'SHELLDLL_DefView' WindowName: ''
- ClassName: 'GGFrom' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: 'MainForm' WindowName: ''
- ClassName: '' WindowName: 'Program Manager'
- ClassName: 'ExploreWClass' WindowName: '????'
- ClassName: 'TForm1' WindowName: ''
- ClassName: 'WindowsForms10.Window.8.app.0.33c0d9d' WindowName: ''