Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '87jua9Zjk4ВЄ' = '%ALLUSERSPROFILE%\AMD64\xac4x6WvrY\87jua9Zjk4ª.exe'
- %ALLUSERSPROFILE%\amd64\xac4x6wvry\lovedbrasil.zip
- %ProgramFiles%\amd64\xac4x6~1\02
- %ProgramFiles%\amd64\xac4x6~1\01
- %ProgramFiles%\amd64\xac4x6~1\03
- %ALLUSERSPROFILE%\amd64\xac4x6wvry\lovedbrasil.zip
- '17#.#2.57.36':80
- http://17#.#2.57.36/soutvbcrow/hostingfr.zip
- '<SYSTEM32>\shutdown.exe' /r /t 0