Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4LVKbVffKJ' = '%ALLUSERSPROFILE%\1wcvvR9LXFpUek2c\AbBrmmXyqdjeSn8.exe'
- '%ALLUSERSPROFILE%\1wcvvR9LXFpUek2c\AbBrmmXyqdjeSn8.exe'
- %TEMP%\or2hZtoAwf3v.exe
- %ALLUSERSPROFILE%\1wcvvR9LXFpUek2c\RCX1.tmp
- %ALLUSERSPROFILE%\1wcvvR9LXFpUek2c\AbBrmmXyqdjeSn8.exe
- %TEMP%\or2hZtoAwf3v.exe
- %ALLUSERSPROFILE%\1wcvvR9LXFpUek2c\AbBrmmXyqdjeSn8.exe
- %ALLUSERSPROFILE%\1wcvvR9LXFpUek2c\RCX1.tmp в %ALLUSERSPROFILE%\1wcvvR9LXFpUek2c\AbBrmmXyqdjeSn8.exe
- 'www.uo#.com.br':80
- www.uo#.com.br/newg/a.php?s=##########################################################################################
- DNS ASK www.uo#.com.br
- ClassName: 'Indicator' WindowName: '(null)'