Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WHDMIDE] 'Start' = '00000002'
- '%PROGRAM_FILES%\Microsoft.NET\Primary Interop Assemblies\LMS.dat' MZђ
- '%PROGRAM_FILES%\Microsoft.NET\Primary Interop Assemblies\LMS.dat' (загружен из сети Интернет)
- '<SYSTEM32>\taskkill.exe' /f /im LMS.dat
- %PROGRAM_FILES%\Hardware Driver Management\id.txt
- %PROGRAM_FILES%\Microsoft.NET\Primary Interop Assemblies\LMS.dat
- из <Полный путь к вирусу> в %PROGRAM_FILES%\Hardware Driver Management\windriver.exe
- 'ic###azip.com':80
- 'pa###.#inecoins18.com':80
- pa###.#inecoins18.com/x86.dat
- ic###azip.com/
- pa###.#inecoins18.com/report?ha####################################################################################################################################################################################
- pa###.#inecoins18.com/install/start
- pa###.#inecoins18.com/install/106:0%20-%3e%20127:2%20-%3e%2065:0%20-%3e%2067:0%20-%3e%2080:0%20-%3e%2081:0%20-%3e%2082:0%20-%3e%2094:0%20-%3e%2095:0
- pa###.#inecoins18.com/argline_v2.txt
- DNS ASK ic###azip.com
- DNS ASK pa###.#inecoins18.com
- ClassName: '' WindowName: ''