Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'YJX Start' = '%ALLUSERSPROFILE%\Application Data\HXRMAJ\YJX.exe'
- '%ALLUSERSPROFILE%\Application Data\HXRMAJ\YJX.exe'
- '%TEMP%\Word.exe'
- Библиотека-обработчик для всех процессов: %ALLUSERSPROFILE%\Application Data\HXRMAJ\YJX.01
- %ALLUSERSPROFILE%\Application Data\HXRMAJ\YJX.02
- %ALLUSERSPROFILE%\Application Data\HXRMAJ\YJX.01
- %ALLUSERSPROFILE%\Application Data\WUV\YJX.004
- %ALLUSERSPROFILE%\Application Data\HXRMAJ\YJX.00
- %TEMP%\LEEME.docx
- %TEMP%\sfx.ini
- %ALLUSERSPROFILE%\Application Data\HXRMAJ\YJX.exe
- %TEMP%\Word.exe
- %TEMP%\sfx.ini
- ClassName: '' WindowName: 'AKLMW'