Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JUpdate 1.1.0' = '%ALLUSERSPROFILE%\vvjowfl.exe'
- %ALLUSERSPROFILE%\vvjowfl.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe /noconfig @"%TEMP%\dtzj55oq.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6.tmp" "%TEMP%\vbc5.tmp"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe /noconfig @"%TEMP%\quq1kiww.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3.tmp" "%TEMP%\vbc2.tmp"
- %TEMP%\dtzj55oq.out
- %TEMP%\dtzj55oq.cmdline
- %TEMP%\dtzj55oq.0.vb
- %TEMP%\vbc4.tmp
- %TEMP%\dtzj55oq.dll
- %TEMP%\RES6.tmp
- %TEMP%\vbc5.tmp
- %ALLUSERSPROFILE%\vvjowfl.exe
- %TEMP%\quq1kiww.out
- %TEMP%\quq1kiww.cmdline
- %TEMP%\quq1kiww.0.vb
- %TEMP%\vbc1.tmp
- %TEMP%\quq1kiww.dll
- %TEMP%\RES3.tmp
- %TEMP%\vbc2.tmp
- %ALLUSERSPROFILE%\vvjowfl.exe
- %TEMP%\dtzj55oq.0.vb
- %TEMP%\vbc5.tmp
- %TEMP%\RES6.tmp
- %TEMP%\dtzj55oq.dll
- %TEMP%\dtzj55oq.out
- %TEMP%\dtzj55oq.cmdline
- %TEMP%\quq1kiww.out
- %TEMP%\vbc2.tmp
- %TEMP%\RES3.tmp
- %TEMP%\quq1kiww.0.vb
- %TEMP%\quq1kiww.dll
- %TEMP%\quq1kiww.cmdline
- 'ap#.##pmania.com':80
- 'wp#d':80
- ap#.##pmania.com/
- wp#d/wpad.dat
- DNS ASK ap#.##pmania.com
- DNS ASK wp#d
- '<IP-адрес в локальной сети>':1035