Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cred' = 'rundll32 %TEMP%\cred.dll, Main'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'scr' = 'rundll32 %TEMP%\scr.dll, Main'
- %PROGRAMDATA%\894e662d8b290f30114fdb114fb1d52b
- %PROGRAMDATA%\5a997433d2\gbnn.exe
- %TEMP%\cred.dll
- %TEMP%\scr.dll
- %TEMP%\24fbcbe0ee.jpg
- %TEMP%\24fbcbe0ee.jpg
- '<LOCALNET>.30.21':80
- '17#.#30.55.77':80
- http://17#.#30.55.77/s1Qa9vCs/cred.dll
- http://17#.#30.55.77/s1Qa9vCs/scr.dll
- http://17#.#30.55.77/s1Qa9vCs/index.php
- '%PROGRAMDATA%\5a997433d2\gbnn.exe'
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d %PROGRAMDATA%\5a997433d2
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v cred /t REG_SZ /d "rundll32 %TEMP%\cred.dll, Main"
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\cred.dll, Main
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v scr /t REG_SZ /d "rundll32 %TEMP%\scr.dll, Main"
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\scr.dll, Main