Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BeRwvbMEOPK' = '%ALLUSERSPROFILE%\qeD4G7jiSUoYvB\GZ9hJgbDsO1xxH.exe'
- %ALLUSERSPROFILE%\qeD4G7jiSUoYvB\GZ9hJgbDsO1xxH.exe
- %TEMP%\pJ4YUcHIkA8h6i3.exe
- %ALLUSERSPROFILE%\qeD4G7jiSUoYvB\RCX1.tmp
- %ALLUSERSPROFILE%\qeD4G7jiSUoYvB\GZ9hJgbDsO1xxH.exe
- %TEMP%\pJ4YUcHIkA8h6i3.exe
- %ALLUSERSPROFILE%\qeD4G7jiSUoYvB\GZ9hJgbDsO1xxH.exe
- DNS ASK wh##.##ogotardo.com.br
- ClassName: 'Indicator' WindowName: ''