Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] 'pProtecao' = '%ProgramFiles(x86)%\pProtecao.exe'
- pprotecao.exe
- %APPDATA%\compatiblecomparer.zip
- %APPDATA%\compatiblecomparer.dll
- %ProgramFiles(x86)%\pprotecao.exe
- %APPDATA%\compatiblecomparer.dll
- %LOCALAPPDATA%\google\chrome\user data\local state
- %APPDATA%\compatiblecomparer.dll
- '37.##9.129.142':80
- 'localhost':6670
- http://37.##9.129.142/xampp/CompatibleComparer.zip
- http://37.##9.129.142/htdocs/WxByNTBiXENoZqQ.exe
- '%ProgramFiles(x86)%\pprotecao.exe'