Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}' = '"%ALLUSERSPROFILE%\Application Data\D586D742.exe"'
- %ALLUSERSPROFILE%\Application Data\D586D742.exe
- <SYSTEM32>\cmd.exe /c "%TEMP%\243C1A5B.cmd"
- %TEMP%\243C1A5B.cmd
- %ALLUSERSPROFILE%\Application Data\D586D742.exe
- %TEMP%\243C1A5B.cmd