Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mamka vasha v grobu' = '%HOMEPATH%\vova_inchin\mamka.exe'
- <Current directory>\mrmrmrmrm.asdf
- <Current directory>\asdf.txt
- <Current directory>\vova.7z
- <Current directory>\7z.exe
- <Current directory>\7z.dll
- <Current directory>\start.bat
- <Current directory>\marusa.exe
- <Current directory>\asdf.exe
- %HOMEPATH%\vova_inchin\axinterop.wmplib.dll
- %HOMEPATH%\vova_inchin\mamka.exe
- %HOMEPATH%\vova_inchin\interop.wmplib.dll
- http://zd##.tech/vova.7z
- http://zd##.tech/s.php?do########################
- DNS ASK zd##.tech
- '<Current directory>\7z.exe' x -y "vova.7z" -o"<Current directory>" -pvova
- '<Current directory>\marusa.exe'
- '<Current directory>\asdf.exe'
- '%HOMEPATH%\vova_inchin\mamka.exe'
- '<Current directory>\7z.exe' x -y "vova.7z" -o"<Current directory>" -pvova' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""<Current directory>\start.bat" "