Техническая информация
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <Полный путь к вирусу>
- <SYSTEM32>\hide.sys
- <SYSTEM32>\Past4EgaZ.sys
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\Past4EgaZ.sys
- <SYSTEM32>\hide.sys
- '12#.#25.114.144':80
- 12#.#25.114.144/lxbjcazicwagloe/item/f508f3cf429b986147d5c00b
- 12#.#25.114.144/sqresxyrqmbmsyd/item/d373243d27651cf71b96960c
- 12#.#25.114.144/sqresxyrqmbmsyd/item/ee43b39708e3d7bf5814618b
- DNS ASK hi.##idu.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'YyFangYu.exe'
- ClassName: '' WindowName: 'yybox.exe'