Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\jremmm.exe
- %WINDIR%\syswow64\svchost.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\jremmm.exe
- http://nd##ard.ru/themes/ndp/js/steps/task.php?bi###################################################
- DNS ASK nd##ard.ru
- '%WINDIR%\syswow64\svchost.exe'