Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}' = '"%ALLUSERSPROFILE%\Application Data\A3EFAB2C.exe"'
- %ALLUSERSPROFILE%\Application Data\A3EFAB2C.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\8DFD48B9.cmd
- %TEMP%\8DFD48B9.cmd
- %ALLUSERSPROFILE%\Application Data\A3EFAB2C.exe
- %TEMP%\8DFD48B9.cmd