Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dajcvw' = '<LS_APPDATA>\dajcvw\dajcvwnak.vbs'
- dajcvwxjw.exe
- %TEMP%\dajcvwxjw.exe
- %TEMP%\dajcvw.bmp
- %TEMP%\dajcvw.ocx
- %APPDATA%\dajcvwdajcvw\dajcvweyp.exe
- <LS_APPDATA>\dajcvw\dajcvw.bmp
- <LS_APPDATA>\dajcvw\dajcvwdoh.vbs
- <LS_APPDATA>\dajcvw\dajcvwnak.vbs
- %TEMP%\dajcvw.ocx
- DNS ASK dg####ers.hopto.org
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\dajcvwxjw.exe'