Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}' = '"%ALLUSERSPROFILE%\Application Data\D8B4CB24.exe"'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\B79D65AB.cmd
- '%ALLUSERSPROFILE%\Application Data\D8B4CB24.exe'
- %TEMP%\B79D65AB.cmd
- %ALLUSERSPROFILE%\Application Data\D8B4CB24.exe
- %TEMP%\B79D65AB.cmd