Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'serachdlfkj901284081234____kafdslf' = '%WINDIR%\serachdlfkj901284081234____kafdslf.exe'
- %TEMP%\av343
- %WINDIR%\serachdlfkj901284081234____kafdslf.exe
- 'www.co####otas.com.br':80
- http://www.co####otas.com.br/contador.php?p=#####
- DNS ASK www.co####otas.com.br