Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\jufrapmzdz.url
- %WINDIR%\notepad.exe
- iexplore.exe
- %PROGRAMDATA%\tzjajmmqgl\cfgi
- %PROGRAMDATA%\tzjajmmqgl\cfg
- %PROGRAMDATA%\tzjajmmqgl\pictureviewerpro
- %PROGRAMDATA%\tzjajmmqgl\r.vbs
- %PROGRAMDATA%\tzjajmmqgl\r.vbs
- %PROGRAMDATA%\tzjajmmqgl\pictureviewerpro в %PROGRAMDATA%\tzjajmmqgl\pictureviewerpro.exe
- DNS ASK pi######iewerpro.hopto.org
- DNS ASK po##.#ashvault.pro
- '%WINDIR%\syswow64\wscript.exe' "%PROGRAMDATA%\TzJAJmmqGL\r.vbs"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%PROGRAMDATA%\TzJAJmmqGL\r.vbs"
- '%WINDIR%\notepad.exe' -c "%PROGRAMDATA%\TzJAJmmqGL\cfg"