Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Config Setup' = '%WINDIR%\jodrive32.exe'
- %WINDIR%\jodrive32.exe
- GUARD.EXE
- bdagent.exe
- %WINDIR%\jodrive32.exe
- %WINDIR%\jodrive32.exe
- 'jo####.ahrampress.net':6943
- DNS ASK jo####.ahrampress.net