Техническая информация
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <Полный путь к вирусу>
- %TEMP%\lmj2.tmp
- %TEMP%\kim1.tmp
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'zg##st.net':80
- zg##st.net/2x8Ras9qEWrYOh8i2OyMIgmLOvCvTCOPr5dMjjtKTCOPSkyOO5dMI4-vtUyOO0JMI4-vTI47JkwjjyZMjjuvr0yOO6-vTCOPr5dMjjuvr0wjj6-vTI47r45MI4-vr0yOO69MI4-vr6eKHwkfiopqA_ARCexCbwrPih9q2_KKiyIiHx4FCrUKtbVvCrULr69KCwkJSv0fC_21I6cJiwMf2CJq2x_wZoweIgOMas8yHxG08qcJimrbHx6MilXYi8_wI5en7GqKiosfitjs28_YtIqL8CJq2x9Mjkojj0yOSo4ITI5KjghmjB4iA4xqzzIfEbTyp8_wHosiz9unHoyKVdjbjM8f8I6n7GqKiosfitiLz_Ajb5enH34f2IvP8K9Kl6fbjM8f8Jen/installer/
- DNS ASK zg##st.net
- ClassName: 'Shell_TrayWnd' WindowName: ''