Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '3S7baD4i3' = '%ALLUSERSPROFILE%\qpyd5PObh\gXkP3cvD.exe'
- peverify.exe
- %ALLUSERSPROFILE%\qpyd5pobh\gxkp3cvd.exe
- %ALLUSERSPROFILE%\qpyd5pobh\rcxd104.tmp
- %TEMP%\sf8u4z3k2bivqog.exe
- %TEMP%\sf8u4z3k2bivqog.exe
- from %ALLUSERSPROFILE%\qpyd5pobh\rcxd104.tmp to %ALLUSERSPROFILE%\qpyd5pobh\gxkp3cvd.exe
- DNS ASK c.###og.com.br
- '%ALLUSERSPROFILE%\qpyd5pobh\gxkp3cvd.exe'
- '%ProgramFiles(x86)%\microsoft.net\sdk\v1.1\bin\peverify.exe' /i:2476