Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microjilyz' = '%APPDATA%\jsvchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{09007C4D-BF89-9F46-808A-9EFD29C8572D}] 'StubPath' = '%APPDATA%\jsvchost.exe'
- %APPDATA%\jsvchost.exe
- %WINDIR%\NOTEPAD.EXE
- %WINDIR%\Explorer.EXE
- %APPDATA%\jsvchost.exe
- 'ji###.no-ip.biz':3902
- 'co####t.jilyz.org':3901
- DNS ASK ji###.no-ip.biz
- DNS ASK co####t.jilyz.org