Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\uifzgmpnyd.url
- %WINDIR%\notepad.exe
- %PROGRAMDATA%\yctrzybavj\cfgi
- %PROGRAMDATA%\yctrzybavj\cfg
- %PROGRAMDATA%\yctrzybavj\ausdriv
- %PROGRAMDATA%\yctrzybavj\r.vbs
- %PROGRAMDATA%\yctrzybavj\r.vbs
- from %PROGRAMDATA%\yctrzybavj\ausdriv to %PROGRAMDATA%\yctrzybavj\ausdriv.exe
- DNS ASK so#####min.linkpc.net
- DNS ASK po##.#ashvault.pro
- '%WINDIR%\syswow64\wscript.exe' "%PROGRAMDATA%\YctRzYBavj\r.vbs"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%PROGRAMDATA%\YctRzYBavj\r.vbs"
- '%WINDIR%\notepad.exe' -c "%PROGRAMDATA%\YctRzYBavj\cfg"