Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WHDMIDE] 'Start' = '00000002'
- '%PROGRAM_FILES%\Google\Chrome\Application\Chrome.txt' MZђ
- '%PROGRAM_FILES%\Google\Chrome\Application\Chrome.txt' (загружен из сети Интернет)
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\taskkill.exe' /f /im Chrome.txt
- '<SYSTEM32>\taskkill.exe' /f /im LMS.dat
- %PROGRAM_FILES%\Hardware Driver Management\id.txt
- %PROGRAM_FILES%\Hardware Driver Management\history.txt
- %PROGRAM_FILES%\Google\Chrome\Application\Chrome.txt
- из <Полный путь к вирусу> в %PROGRAM_FILES%\Hardware Driver Management\windriver.exe
- 'ic###azip.com':80
- 'mi##.#xpanel.com':80
- mi##.#xpanel.com/86
- ic###azip.com/
- mi##.#xpanel.com/report?ha##############################################################################################################################################################################
- mi##.#xpanel.com/install/start
- mi##.#xpanel.com/install/106:0%20-%3e%20127:2%20-%3e%2065:0%20-%3e%2067:0%20-%3e%2080:0%20-%3e%2081:0%20-%3e%2082:0%20-%3e%2094:0%20-%3e%2095:0
- mi##.#xpanel.com/line.txt
- DNS ASK ic###azip.com
- DNS ASK mi##.#xpanel.com
- ClassName: '' WindowName: ''