Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}' = '"%ALLUSERSPROFILE%\Application Data\237F1171.exe"'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\5615E7B5.cmd
- '%ALLUSERSPROFILE%\Application Data\237F1171.exe'
- %TEMP%\5615E7B5.cmd
- %ALLUSERSPROFILE%\Application Data\237F1171.exe
- %TEMP%\5615E7B5.cmd